Closed piem closed 6 years ago
An .htaccess file protect this file on a Apache server. With another server (like Nginx), you need protect this folder yourself.
After check the documentation, I can see that this point is missing, sorry.
I'll write a code to check that web server does not reach any files in this folder. Thank you.
i had AllowOverride None
in my apache config, so .htaccess
was ignored.
changing that AllowOverride Limit
helps.
an example apache configuration would be welcome. something like this maybe:
Alias /mycheckyurl/ /path/to/cheky/
<Directory "/path/to/cheky">
AllowOverride Limit
AddType application/x-httpd-php .php
Require all granted
</Directory>
and yes, displaying a big warning if these files are accessible would be nice too :-)
this is a security concern. all files in
var/
can be accessed remotely without authentication: