diff options
Diffstat (limited to 'main/app/.htaccess')
| -rwxr-xr-x | main/app/.htaccess | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/main/app/.htaccess b/main/app/.htaccess new file mode 100755 index 0000000..912b0e9 --- /dev/null +++ b/main/app/.htaccess @@ -0,0 +1,15 @@ +# The `resources` directory should not be made publicly accessible (i.e., in the public document directory) at all. +# But just in case you're an idiot, this should at least give you protection from exposing passwords and other sensitive info in your .env files. + +<IfModule mod_rewrite.c> + +RewriteEngine On + +## Begin - Security +# Block all direct access to files and folders beginning with a dot +RewriteRule (^\.|/\.) - [F] +# Block access to specific files in the root folder +RewriteRule ^(LICENSE.txt|composer.lock|composer.json|\.htaccess|\.env)$ error [F] +## End - Security + +</IfModule> |