Blocked various file types in .htaccess (#2359)

OpenMage · Aug 10, 2022 · 1791fcc · 1791fcc
1 parent de186cc
commit 1791fcc
Showing 1 changed file with 14 additions and 5 deletions.
diff --git a/.htaccess b/.htaccess
@@ -207,12 +207,21 @@
     Allow from all
 
 ###########################################
-## Deny access to release notes to prevent disclosure of the installed Magento version
+## Deny access to other project files to prevent disclosure of the installed Magento version or other information
+## Only robots.txt and manifest.json should be allowed by default
 
-    <Files RELEASE_NOTES.txt>
-        order allow,deny
-        deny from all
-    </Files>
+    <FilesMatch (?<!robots)\.txt$>
+        Order allow,deny
+        Deny from all
+    </FilesMatch>
+    <FilesMatch (?<!manifest)\.json$>
+        Order allow,deny
+        Deny from all
+    </FilesMatch>
+    <FilesMatch \.(lock|md|sample|sh|yml|yaml)$>
+        Order allow,deny
+        Deny from all
+    </FilesMatch>
 
 ############################################
 ## If running in cluster environment, uncomment this