Mercurial > hg > isophonics-drupal-site
annotate files/.htaccess @ 13:5fb285c0d0e3
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've
been lucky to get away with this so far, as we don't support self-registration
which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5
was vulnerable to.
| author | Chris Cannam |
|---|---|
| date | Mon, 23 Apr 2018 09:33:26 +0100 |
| parents | 50b0d041100e |
| children |
| rev | line source |
|---|---|
| Chris@8 | 1 # Turn off all options we don't need. |
| Chris@8 | 2 Options None |
| Chris@8 | 3 Options +FollowSymLinks |
| Chris@8 | 4 |
| Chris@8 | 5 # Set the catch-all handler to prevent scripts from being executed. |
| Chris@8 | 6 SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 |
| Chris@8 | 7 <Files *> |
| Chris@8 | 8 # Override the handler again if we're run later in the evaluation list. |
| Chris@8 | 9 SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003 |
| Chris@8 | 10 </Files> |
| Chris@8 | 11 |
| Chris@8 | 12 # If we know how to do it safely, disable the PHP engine entirely. |
| Chris@8 | 13 <IfModule mod_php5.c> |
| Chris@8 | 14 php_flag engine off |
| Chris@8 | 15 </IfModule> |
| Chris@8 | 16 # PHP 4, Apache 1. |
| Chris@8 | 17 <IfModule mod_php4.c> |
| Chris@8 | 18 php_flag engine off |
| Chris@8 | 19 </IfModule> |
| Chris@8 | 20 # PHP 4, Apache 2. |
| Chris@8 | 21 <IfModule sapi_apache2.c> |
| Chris@8 | 22 php_flag engine off |
| Chris@8 | 23 </IfModule> |
| Chris@8 | 24 |