diff options
| author | Alex Pott <alex.a.pott@googlemail.com> | 2013-10-03 12:23:10 +0100 |
|---|---|---|
| committer | Alex Pott <alex.a.pott@googlemail.com> | 2013-10-03 12:23:10 +0100 |
| commit | bc44cbda919c744f96443a154817bc0168c8598e (patch) | |
| tree | bb249e35a70a53dc7f6dc50521e0bd01b7165b23 /.htaccess | |
| parent | cd9ec6ded2b107a4092f1d31f405349fe00f92b7 (diff) | |
| download | drupal-bc44cbda919c744f96443a154817bc0168c8598e.tar.gz drupal-bc44cbda919c744f96443a154817bc0168c8598e.zip | |
Issue #1587270 by klausi: Added comment in .htaccess describing how to forbid execution of PHP files in subfolders.
Diffstat (limited to '.htaccess')
| -rw-r--r-- | .htaccess | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/.htaccess b/.htaccess index 45abcc7997f..ce89e172cec 100644 --- a/.htaccess +++ b/.htaccess @@ -122,6 +122,18 @@ DirectoryIndex index.php index.html index.htm RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^ index.php [L] + # If this is a production site you may want to forbid access to PHP files in + # subfolders for security reasons. If you need to directly execute PHP files + # in a module or want to run another PHP application somewhere in your + # docroot tree you might want to modify this. Uncomment the following two + # lines to only allow PHP files in the webroot and in "/core": + # RewriteCond %{REQUEST_URI} !^/core/[^/]*\.php$ + # RewriteRule "^.+/.*\.php$" - [F] + # Example for allowing just one PHP file of statistics module: + # RewriteCond %{REQUEST_URI} !^/core/[^/]*\.php$ + # RewriteCond %{REQUEST_URI} !^/core/modules/statistics/statistics.php$ + # RewriteRule "^.+/.*\.php$" - [F] + # Rules to correctly serve gzip compressed CSS and JS files. # Requires both mod_rewrite and mod_headers to be enabled. <IfModule mod_headers.c> |