Preventing access to the config folder

It isn't uncommon that admins create a backup file of the config (i.e. `config.php.bak`) before performing any changes. This would allow everybody to read the backup of the configuration file which contain several secret and critical values. I don't believe this is worth a backport or getting added to the installer. It's just a nice to have. People that create public readable backups of their configuration are the one to blame, not us :-)
author: Lukas Reschke <lukas@statuscode.ch> 2014-04-24 08:33:58 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2014-04-24 08:33:58 +0200
commit: c92a13848931a9872aad3edd281950f0dfebafeb (patch)
tree: aff0b9fd5042481618267f7a9ccca133ef32bc00 /config/.htaccess
parent: 435672feaa22c0fc3c8caf7f6dbaefa0edb6f5d3 (diff)
download: nextcloud-server-c92a13848931a9872aad3edd281950f0dfebafeb.tar.gz
nextcloud-server-c92a13848931a9872aad3edd281950f0dfebafeb.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/config/.htaccess b/config/.htaccess
new file mode 100644
index 00000000000..2421e9a1631
--- /dev/null
+++ b/config/.htaccess
@@ -0,0 +1,12 @@
+# line below if for Apache 2.4
+<ifModule mod_authz_core>
+Require all denied
+</ifModule>
+
+# line below if for Apache 2.2
+<ifModule !mod_authz_core>
+deny from all
+</ifModule>
+
+# section for Apache 2.2 and 2.4
+IndexIgnore *
author	Lukas Reschke <lukas@statuscode.ch>	2014-04-24 08:33:58 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2014-04-24 08:33:58 +0200
commit	c92a13848931a9872aad3edd281950f0dfebafeb (patch)
tree	aff0b9fd5042481618267f7a9ccca133ef32bc00 /config/.htaccess
parent	435672feaa22c0fc3c8caf7f6dbaefa0edb6f5d3 (diff)
download	nextcloud-server-c92a13848931a9872aad3edd281950f0dfebafeb.tar.gz nextcloud-server-c92a13848931a9872aad3edd281950f0dfebafeb.zip