summaryrefslogtreecommitdiffstats
path: root/config/.htaccess
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2014-04-24 08:33:58 +0200
committerLukas Reschke <lukas@statuscode.ch>2014-04-24 08:33:58 +0200
commitc92a13848931a9872aad3edd281950f0dfebafeb (patch)
treeaff0b9fd5042481618267f7a9ccca133ef32bc00 /config/.htaccess
parent435672feaa22c0fc3c8caf7f6dbaefa0edb6f5d3 (diff)
downloadnextcloud-server-c92a13848931a9872aad3edd281950f0dfebafeb.tar.gz
nextcloud-server-c92a13848931a9872aad3edd281950f0dfebafeb.zip
Preventing access to the config folder
It isn't uncommon that admins create a backup file of the config (i.e. `config.php.bak`) before performing any changes. This would allow everybody to read the backup of the configuration file which contain several secret and critical values. I don't believe this is worth a backport or getting added to the installer. It's just a nice to have. People that create public readable backups of their configuration are the one to blame, not us :-)
Diffstat (limited to 'config/.htaccess')
-rw-r--r--config/.htaccess12
1 files changed, 12 insertions, 0 deletions
diff --git a/config/.htaccess b/config/.htaccess
new file mode 100644
index 00000000000..2421e9a1631
--- /dev/null
+++ b/config/.htaccess
@@ -0,0 +1,12 @@
+# line below if for Apache 2.4
+<ifModule mod_authz_core>
+Require all denied
+</ifModule>
+
+# line below if for Apache 2.2
+<ifModule !mod_authz_core>
+deny from all
+</ifModule>
+
+# section for Apache 2.2 and 2.4
+IndexIgnore *