Improve .htaccess with some security rules (#120)

2026-01-27 02:38:01 -05:00 · 2015-12-30 22:02:50 +00:00
parent b27d3c04c9
commit 6ccfc8ba7d
1 changed files with 22 additions and 1 deletions
--- a/.htaccess
+++ b/.htaccess
@@ -8,4 +8,25 @@ RewriteEngine On

 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
-RewriteRule ^(.*)$ index.php?/$1 [L]
+RewriteRule ^(.*)$ index.php?/$1 [L]
+
+# disable directory browsing
+# For security reasons, Option all cannot be overridden.
+#Options All -Indexes
+Options ExecCGI Includes IncludesNOEXEC SymLinksIfOwnerMatch -Indexes
+
+# prevent folder listing
+IndexIgnore *
+
+# secure htaccess file
+<Files .htaccess>
+ order allow,deny
+ deny from all
+</Files>
+
+# prevent access to PHP error log
+<Files error_log>
+ order allow,deny
+ deny from all
+ satisfy All
+</Files>