Howdy, I've sent this to the roundcube list few days ago, no-one replied so , since its also apache related, I'll ask here. <paste of message> Trying to understand the new "security" rules in .htaccess - deny access to files not containing a dot or starting with a dot # in all locations except installer directory RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F] This doesn't quite make sense, we have a help/ directory, which is not accessible because of this rule yet all files in that directory are foo.img or index.php, bar.php change to RewriteRule ^(?!(installer|help))(\.?[^\.]+)$ - [F] permits our help/ directory to be read, this is sub optimum because it will be overwrite at next update again, does someone with good knowledge of rewrite rules able to shed some light on this? <end paste> So are roundcube folk doing it wrong? The entire rewrite rule section is (although my problem is fixed by only the above line, but in case there is a relation I'll include the full bit here: RewriteEngine On RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico # security rules: # - deny access to files not containing a dot or starting with a dot # in all locations except installer directory #RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F] <--- this does NOT work RewriteRule ^(?!(installer|help))(\.?[^\.]+)$ - [F] <--- this works # - deny access to some locations RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] # - deny access to some documentation files RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml)$ - [F] Thanks. Nik --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|