Mercurial > hg > isophonics-drupal-site
annotate vendor/.htaccess @ 13:5fb285c0d0e3
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've
been lucky to get away with this so far, as we don't support self-registration
which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5
was vulnerable to.
| author | Chris Cannam |
|---|---|
| date | Mon, 23 Apr 2018 09:33:26 +0100 |
| parents | 4c8ae668cc8c |
| children |
| rev | line source |
|---|---|
| Chris@0 | 1 # Deny all requests from Apache 2.4+. |
| Chris@0 | 2 <IfModule mod_authz_core.c> |
| Chris@0 | 3 Require all denied |
| Chris@0 | 4 </IfModule> |
| Chris@0 | 5 |
| Chris@0 | 6 # Deny all requests from Apache 2.0-2.2. |
| Chris@0 | 7 <IfModule !mod_authz_core.c> |
| Chris@0 | 8 Deny from all |
| Chris@0 | 9 </IfModule> |
| Chris@0 | 10 # Turn off all options we don't need. |
| Chris@0 | 11 Options -Indexes -ExecCGI -Includes -MultiViews |
| Chris@0 | 12 |
| Chris@0 | 13 # Set the catch-all handler to prevent scripts from being executed. |
| Chris@0 | 14 SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 |
| Chris@0 | 15 <Files *> |
| Chris@0 | 16 # Override the handler again if we're run later in the evaluation list. |
| Chris@0 | 17 SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003 |
| Chris@0 | 18 </Files> |
| Chris@0 | 19 |
| Chris@0 | 20 # If we know how to do it safely, disable the PHP engine entirely. |
| Chris@0 | 21 <IfModule mod_php5.c> |
| Chris@0 | 22 php_flag engine off |
| Chris@0 | 23 </IfModule> |