Improve .htaccess rules to make it less easy to fingerprint roundcube version

by denying access to files and stoping directory indexes (#1484066) git-svn-id: https://svn.roundcube.net/trunk@4899 208e9e7b-5314-0410-a742-e7e81cd9613c
author: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-07-02 08:20:15 +0000
committer: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-07-02 08:20:15 +0000
commit: 7053bcec163a8ceaf89681760700425e5c4f7dbb (patch)
tree: 99c6c52267369060e40303793922605fdafb1b6e
parent: 1df7e640b463942121c53105b987516ad805f399 (diff)
2 files changed, 8 insertions, 2 deletions
diff --git a/roundcubemail/.htaccess b/roundcubemail/.htaccess
index 704779e2e..2bc9f95ea 100644
--- a/roundcubemail/.htaccess
+++ b/roundcubemail/.htaccess
@@ -29,6 +29,9 @@ php_value	mbstring.func_overload	0
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteRule ^favicon.ico$ skins/default/images/favicon.ico
+# security rules
+RewriteRule .svn/ - [F]
+RewriteRule ^README|INSTALL|LICENSE|SQL|bin|CHANGELOG$ - [F]
 </IfModule>
 
 <IfModule mod_deflate.c>
@@ -46,5 +49,4 @@ ExpiresDefault "access plus 1 month"
 </IfModule>
 
 FileETag MTime Size
-
-
+Options -Indexes
diff --git a/roundcubemail/program/.htaccess b/roundcubemail/program/.htaccess
new file mode 100644
index 000000000..4ad1b9d12
--- /dev/null
+++ b/roundcubemail/program/.htaccess
@@ -0,0 +1,4 @@
+<IfModule mod_rewrite.c>
+RewriteEngine On
+RewriteRule !^js|.*\.gif$ - [F]
+</IfModule>
author	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-07-02 08:20:15 +0000
committer	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-07-02 08:20:15 +0000
commit	7053bcec163a8ceaf89681760700425e5c4f7dbb (patch)
tree	99c6c52267369060e40303793922605fdafb1b6e
parent	1df7e640b463942121c53105b987516ad805f399 (diff)