From c92a13848931a9872aad3edd281950f0dfebafeb Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Thu, 24 Apr 2014 08:33:58 +0200
Subject: [PATCH] Preventing access to the config folder

It isn't uncommon that admins create a backup file of the config (i.e. `config.php.bak`) before performing any changes. This would allow everybody to read the backup of the configuration file which contain several secret and critical values.

I don't believe this is worth a backport or getting added to the installer. It's just a nice to have. People that create public readable backups of their configuration are the one to blame, not us :-)
---
 config/.htaccess | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 config/.htaccess

diff --git a/config/.htaccess b/config/.htaccess
new file mode 100644
index 0000000000..2421e9a163
--- /dev/null
+++ b/config/.htaccess
@@ -0,0 +1,12 @@
+# line below if for Apache 2.4
+<ifModule mod_authz_core>
+Require all denied
+</ifModule>
+
+# line below if for Apache 2.2
+<ifModule !mod_authz_core>
+deny from all
+</ifModule>
+
+# section for Apache 2.2 and 2.4
+IndexIgnore *
-- 
GitLab