Improve security

Blocking access to system files on URL level regardless of file permissions
2025-04-13 18:01:58 +02:00 · 2025-03-30 22:40:28 +02:00 · 2025-03-30 22:40:28 +02:00 · f20b3d4a43
commit f20b3d4a43
parent 96521b8027
1 changed files with 18 additions and 1 deletions
--- a/.htaccess
+++ b/.htaccess
@ -32,4 +32,21 @@ Deny from all
 <Files ~ "\.zip$">
    Order allow,deny
    Deny from all
-</Files>
+</Files>
+
+<IfModule mod_rewrite.c>
+    <IfModule mod_negotiation.c>
+        Options -MultiViews -Indexes
+    </IfModule>
+
+RewriteEngine On
+
+# Block access to .env files
+RewriteRule ^.*\.env$ - [F,L]
+
+# Block access to SQLite database files
+RewriteRule ^.*\.sqlite$ - [F,L]
+
+# Block access to ZIP files
+RewriteRule ^.*\.zip$ - [F,L]
+</IfModule>