diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/.htaccess | 56 |
1 files changed, 47 insertions, 9 deletions
diff --git a/phpBB/.htaccess b/phpBB/.htaccess index 474f9774c2..ad5e24d642 100644 --- a/phpBB/.htaccess +++ b/phpBB/.htaccess @@ -8,12 +8,50 @@ #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] #</IfModule> -<Files "config.php"> -Order Allow,Deny -Deny from All -</Files> - -<Files "common.php"> -Order Allow,Deny -Deny from All -</Files> +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. +<IfModule mod_version.c> + <IfVersion < 2.4> + <Files "config.php"> + Order Allow,Deny + Deny from All + </Files> + <Files "common.php"> + Order Allow,Deny + Deny from All + </Files> + </IfVersion> + <IfVersion >= 2.4> + <Files "config.php"> + Require all denied + </Files> + <Files "common.php"> + Require all denied + </Files> + </IfVersion> +</IfModule> +<IfModule !mod_version.c> + <IfModule !mod_authz_core.c> + <Files "config.php"> + Order Allow,Deny + Deny from All + </Files> + <Files "common.php"> + Order Allow,Deny + Deny from All + </Files> + </IfModule> + <IfModule mod_authz_core.c> + <Files "config.php"> + Require all denied + </Files> + <Files "common.php"> + Require all denied + </Files> + </IfModule> +</IfModule> |