- adjusted for rpm.org, partial PLD merge

[packages/apache.git] / apache-common.conf

diff --git a/apache-common.conf b/apache-common.conf
index 05686e9666a584d6725887cd3a9bf8424e295489..085c5e7ef242e475e2b4aa970cbc154e200d5737 100644 (file)
--- a/apache-common.conf
+++ b/apache-common.conf
@@ -16,11 +16,40 @@ DocumentRoot "/home/services/httpd/html"
        Options FollowSymLinks
        AllowOverride None
        <IfModule mod_authz_host.c>
+               Require all denied
+       </IfModule>
+       <IfModule mod_access_compat.c>
                Order deny,allow
                Deny from all
        </IfModule>
 </Directory>
 
+# Prevent access to:
+# - .htaccess and .htpasswd files
+# - backup files from being viewed
+# - PHP's .user.ini
+<FilesMatch  "^(\.ht.*|\.user\.ini|.*~|.*,v)$">
+       <IfModule mod_authz_host.c>
+               Require all denied
+       </IfModule>
+       <IfModule mod_access_compat.c>
+               Order deny,allow
+               Deny from all
+       </IfModule>
+</FilesMatch>
+
+# Prevent access to:
+# - version control directories
+<DirectoryMatch "/(\.(svn|git|hg|bzr)|CVS)/?">
+       <IfModule mod_authz_host.c>
+               Require all denied
+       </IfModule>
+       <IfModule mod_access_compat.c>
+               Order deny,allow
+               Deny from all
+       </IfModule>
+</DirectoryMatch>
+
 #
 # This should be changed to whatever you set DocumentRoot to.
 #
@@ -50,6 +79,9 @@ DocumentRoot "/home/services/httpd/html"
        # Controls who can get stuff from this server.
        #
        <IfModule mod_authz_host.c>
+               Require all granted
+       </IfModule>
+       <IfModule mod_access_compat.c>
                Order allow,deny
                Allow from all
        </IfModule>