Preventing access to the config folder

It isn't uncommon that admins create a backup file of the config (i.e. `config.php.bak`) before performing any changes. This would allow everybody to read the backup of the configuration file which contain several secret and critical values. I don't believe this is worth a backport or getting added to the installer. It's just a nice to have. People that create public readable backups of their configuration are the one to blame, not us :-)

Preventing access to the config folder
c92a1384 · Lukas Reschke · 435672fe · c92a1384
Commit c92a1384 authored 11 years ago by Lukas Reschke
--- a/config/.htaccess
+++ b/config/.htaccess
+# line below if for Apache 2.4
+<ifModule mod_authz_core>
+Require all denied
+</ifModule>
+
+# line below if for Apache 2.2
+<ifModule !mod_authz_core>
+deny from all
+</ifModule>
+
+# section for Apache 2.2 and 2.4
+IndexIgnore *