Created
March 11, 2014 20:05
-
-
Save scor/9493895 to your computer and use it in GitHub Desktop.
Drupal .htaccess for Drupal 7's files directory - SA-CORE-2013-003
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Turn off all options we don't need. | |
| Options None | |
| Options +FollowSymLinks | |
| # Set the catch-all handler to prevent scripts from being executed. | |
| SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 | |
| <Files *> | |
| # Override the handler again if we're run later in the evaluation list. | |
| SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003 | |
| </Files> | |
| # If we know how to do it safely, disable the PHP engine entirely. | |
| <IfModule mod_php5.c> | |
| php_flag engine off | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment