server/config/.htaccess
Lukas Reschke c92a138489 Preventing access to the config folder
It isn't uncommon that admins create a backup file of the config (i.e. `config.php.bak`) before performing any changes. This would allow everybody to read the backup of the configuration file which contain several secret and critical values.

I don't believe this is worth a backport or getting added to the installer. It's just a nice to have. People that create public readable backups of their configuration are the one to blame, not us :-)
2014-04-24 08:33:58 +02:00

12 lines
221 B
ApacheConf

# line below if for Apache 2.4
<ifModule mod_authz_core>
Require all denied
</ifModule>
# line below if for Apache 2.2
<ifModule !mod_authz_core>
deny from all
</ifModule>
# section for Apache 2.2 and 2.4
IndexIgnore *