Disallow access to potential unsafe files in data media via htaccess.

jbtronics · jbtronics · commit 10e960bb2266 · 2022-03-02T00:54:15.000+01:00
diff --git a/data/media/.htaccess b/data/media/.htaccess
@@ -5,14 +5,14 @@
     Allow from all
 </IfModule>
 
-<Files *.php>
+<FilesMatch "(?i)\.(php|php3?|phtml|ph3|php4|ph4|php5|ph5|phtm|sh|asp|cgi|py|pl|exe|aspx)$">
     <IfModule mod_authz_core.c> # Apache 2.4
         Require all denied
     </IfModule>
     <IfModule ! mod_authz_core.c> # Apache 2.2
         Deny from all
         Order Deny,Allow
     </IfModule>
-</Files>
+</FilesMatch>
 
 Options -Indexes
