Updates .htaccess files

Adds more security related directives
2016-07-11 18:46:49 -04:00
parent ea4b2e9ce9
commit d9626e72e7
2 changed files with 29 additions and 3 deletions
--- a/.htaccess
+++ b/.htaccess
@@ -1,6 +1,20 @@
+# Very simple security for apache webserver - do not remove.
+#
 # Restrict access to DotFiles (like .htaccess, .env, .gitignore....)
-# Do not remove if you are running Apache web server.
 <FilesMatch "^\.">
    Order allow,deny
    Deny from all
 </FilesMatch>
+
+# Restrict access to system files
+<FilesMatch "^(composer.json|composer.lock|artisan|code_of_conduct.md|gulpfile.js|package.json|error_log|phpspec.yml|example.env)">
+    Order allow,deny
+    Deny from all
+</FilesMatch>
+
+# Uncomment to restrict access to release text files
+#<FilesMatch "^(LICENSE|README.md|readme.txt|release-notes.txt)">
+#    Order allow,deny
+#    Deny from all
+#</FilesMatch>
+
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -15,8 +15,20 @@
 </IfModule>

 # Restrict access to DotFiles (like .htaccess, .env, .gitignore....)
-# Do not remove if you are running Apache web server.
 <FilesMatch "^\.">
    Order allow,deny
    Deny from all
 </FilesMatch>
+
+# Restrict access to system files
+<FilesMatch "^(composer.json|composer.lock|artisan|code_of_conduct.md|gulpfile.js|package.json|error_log|phpspec.yml|example.env)">
+    Order allow,deny
+    Deny from all
+</FilesMatch>
+
+# Uncomment to restrict access to release text files
+#<FilesMatch "^(LICENSE|README.md|readme.txt|release-notes.txt)">
+#    Order allow,deny
+#    Deny from all
+#</FilesMatch>
+