.htaccess warning |
[eluser]Unknown[/eluser]
Hey guys, I've just found huge security bug in my server config. In /var/www/mysite I have folder named (lets say) "zzz" and folder named "zzzcache". "zzz" is a parent of "zzz/images" "zzz/css" "zzz/js" etc. - it should be public. "zzzcache" is for cache (user by my own CI cache library) where I keep things like user data - it should be private. So, .htaccess configuration (based on this from CI user guide) was: Code: RewriteEngine on Looks good, right? Well.. it is wrong. There is a web access to zzzcache :/ Correct .htaccess file looks like this: Code: RewriteEngine on Code: RewriteEngine on To: Code: RewriteEngine on Or even: Code: RewriteEngine on ps. I know it was stupid thing to have o+r on cache files.. but, I still think that default .htaccess from user_guide is confusing. |
Welcome Guest, Not a member yet? Register Sign In |