Deny all configuration files except one in Apache
I have the following block in .htaccess
to prevent loading config files
# Disables download of configuration
<Files ~ "\.(tpl|yml|ini)$">
# Deny all requests from Apache 2.4+.
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
# Deny all requests from Apache 2.0-2.2.
<IfModule !mod_authz_core.c>
Deny from all
</IfModule>
</Files>
But how can I resolve all files named swagger.yml
?
+3
source to share
1 answer
You have to do it
<Files ~ "\.(tpl|yml|ini)$">
# Deny all requests from Apache 2.4+.
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
# Deny all requests from Apache 2.0-2.2.
<IfModule !mod_authz_core.c>
Deny from all
</IfModule>
</Files>
<FilesMatch "swagger\.yml$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
Also you have to remove directives for the version you are not using. If you're using 2.4, you don't need the 2.2 directives. However, I have left it as long as you have it.
+4
source to share