diff options
| author | emkael <emkael@tlen.pl> | 2015-02-10 16:14:23 +0100 |
|---|---|---|
| committer | emkael <emkael@tlen.pl> | 2015-02-10 16:14:23 +0100 |
| commit | a756a9525d25622ef5ef8cc909a5605a08b7a205 (patch) | |
| tree | c1d969524dd0b2fad8d411bc0e8bfdf2925d57e7 | |
| parent | 0373303d7f3fd4a2be7aa89c6bb87da1004cec58 (diff) | |
* security hardening
| -rw-r--r-- | http/foto/.htaccess | 7 | ||||
| -rw-r--r-- | http/pic/.htaccess | 14 |
2 files changed, 20 insertions, 1 deletions
diff --git a/http/foto/.htaccess b/http/foto/.htaccess new file mode 100644 index 0000000..d2b2bb4 --- /dev/null +++ b/http/foto/.htaccess @@ -0,0 +1,7 @@ +<Files ~ "\.(?i:gif|jpe?g|png)$"> + Order allow,deny + Allow from all +</Files> + +Order deny,allow +Deny from all diff --git a/http/pic/.htaccess b/http/pic/.htaccess index 65ceb47..a92c220 100644 --- a/http/pic/.htaccess +++ b/http/pic/.htaccess @@ -6,4 +6,16 @@ RewriteEngine On RewriteCond %{SCRIPT_FILENAME} !-f RewriteCond %{SCRIPT_FILENAME} !-d -RewriteRule .* fetch.py [QSA,L] +RewriteRule \.(gif|jpe?g|png)$ fetch.py [QSA,L] + +<Files fetch.py> + Order allow,deny + Allow from all +</Files> +<Files ~ "\.(?i:gif|jpe?g|png)$"> + Order allow,deny + Allow from all +</Files> + +Order deny,allow +Deny from all |