Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-16556

Remove purposeless <Files "*"> from .htaccess

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: 3.3.1, 3.2.10
    • Fix Version/s: 3.3.2-RC1
    • Component/s: None
    • Labels:
      None
    • Environment:
      Apache 2.2, Apache 2.4

      Description

      As started to discuss here, wrapping access permissions into <Files "">* at best has zero effect and implies unnecessary code and parsing for the web server. At least it does not block access to files only, but still denies auto indexing and access to sub directories effectively as well. But removing this directive is still the cleaner and safer way to deny access to any kind of resource that is provided within the directory in question.

      To deny access to migration data, a single .htaccess file can be used. This reduces the effort for future changes and it is not required anymore to create new .htaccess files for every new migration directory.

      Additionally it may be corrected in the files comments that "Require" is part of "mod_authz_core", not "mod_authz_host".

        Attachments

          Activity

            People

            • Assignee:
              Marc Marc
              Reporter:
              MichaIng MichaIng
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: