[TYPO3-dev] Info disclosure from extension folders

Ernesto Baschny [cron IT] ernst at cron-it.de
Thu Oct 26 12:01:49 CEST 2006


christian reiter schrieb am 26.10.2006 09:35:

> I have tried something like this
> 
>  <DirectoryMatch ".*\/typo3.*ext\/.*">
>   <FilesMatch "(?i)(changelog|\.txt|\.sql|\.dat|\.tm?pl|\.inc|\.sh)$">
>       Order allow,deny
>       Deny from all
>       Satisfy All
>   </FilesMatch>
>  </DirectoryMatch>
> 
> It will apply to typo3conf/ext, typo3/ext/ and typo3/sysext but not anywhere
> else.

That sounds pretty cool. Unfortunately DirectoryMatch cannot be put into
a .htaccess file, else we could put that in the sample _.htaccess that
we ship with TYPO3. So to achieve that using .htaccess we would have to
put the a .htaccess like that:

<FilesMatch "(?i)(changelog|\.txt|\.sql|\.dat|\.tm?pl|\.inc|\.sh)$">
	Order allow,deny
	Deny from all
	Satisfy All
</FilesMatch>

into:

- typo3/
- typo3conf/

Another nice thing to add here would be:

<IfModule mod_autoindex.c>
	Options -Indexes
</IfModule>


Cheers,
Ernesto




More information about the TYPO3-dev mailing list