[TYPO3-dev] Info disclosure from extension folders
Ernesto Baschny [cron IT]
ernst at cron-it.de
Thu Oct 26 12:01:49 CEST 2006
christian reiter schrieb am 26.10.2006 09:35:
> I have tried something like this
>
> <DirectoryMatch ".*\/typo3.*ext\/.*">
> <FilesMatch "(?i)(changelog|\.txt|\.sql|\.dat|\.tm?pl|\.inc|\.sh)$">
> Order allow,deny
> Deny from all
> Satisfy All
> </FilesMatch>
> </DirectoryMatch>
>
> It will apply to typo3conf/ext, typo3/ext/ and typo3/sysext but not anywhere
> else.
That sounds pretty cool. Unfortunately DirectoryMatch cannot be put into
a .htaccess file, else we could put that in the sample _.htaccess that
we ship with TYPO3. So to achieve that using .htaccess we would have to
put the a .htaccess like that:
<FilesMatch "(?i)(changelog|\.txt|\.sql|\.dat|\.tm?pl|\.inc|\.sh)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
into:
- typo3/
- typo3conf/
Another nice thing to add here would be:
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
Cheers,
Ernesto
More information about the TYPO3-dev
mailing list