From 62ee427b7e31a5d147006fa0970f6919baa5fa69 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <bruederli@kolabsys.com>
Date: Mon, 16 Nov 2015 15:26:53 -0500
Subject: [PATCH] Improve directory protection for Apache 2.4

---
 INSTALL          |    6 ++++++
 config/.htaccess |    7 ++++++-
 temp/.htaccess   |    7 ++++++-
 logs/.htaccess   |    7 ++++++-
 4 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/INSTALL b/INSTALL
index 71c971e..5fe304d 100644
--- a/INSTALL
+++ b/INSTALL
@@ -168,6 +168,12 @@
 mod_rewrite for Apache webserver and double check access to the above listed
 directories and their contents is denied.
 
+NOTE: In Apache 2.4, support for .htaccess files has been disabled by
+default. Therefore you first need to enable this in your Apache main or
+virtual host config by with:
+
+ AllowOverride all
+
 
 UPGRADING
 =========
diff --git a/config/.htaccess b/config/.htaccess
index 896e680..43e24ed 100644
--- a/config/.htaccess
+++ b/config/.htaccess
@@ -1,2 +1,7 @@
 # deny webserver access to this directory
-Deny from all
+<ifModule mod_authz_core.c>
+    Require all denied
+</ifModule>
+<ifModule !mod_authz_core.c>
+    Deny from all
+</ifModule>
diff --git a/logs/.htaccess b/logs/.htaccess
index 896e680..43e24ed 100644
--- a/logs/.htaccess
+++ b/logs/.htaccess
@@ -1,2 +1,7 @@
 # deny webserver access to this directory
-Deny from all
+<ifModule mod_authz_core.c>
+    Require all denied
+</ifModule>
+<ifModule !mod_authz_core.c>
+    Deny from all
+</ifModule>
diff --git a/temp/.htaccess b/temp/.htaccess
index 896e680..43e24ed 100644
--- a/temp/.htaccess
+++ b/temp/.htaccess
@@ -1,2 +1,7 @@
 # deny webserver access to this directory
-Deny from all
+<ifModule mod_authz_core.c>
+    Require all denied
+</ifModule>
+<ifModule !mod_authz_core.c>
+    Deny from all
+</ifModule>

--
Gitblit v1.9.1