GetSimple Support Forum

Info about browserconfig.xml: http://msdn.microsoft.com/en-us/library/...s.85).aspx

This blocks access to the browserconfig.xml file in the root directory:

Code:
# blocks direct access to the XML files - they hold all the data!

<Files ~ "\.xml$">

    <IfModule !mod_authz_core.c>

        Deny from all

    </IfModule>

    <IfModule mod_access_compat.c>

        Deny from all

    </IfModule>

    <IfModule mod_authz_core.c>

        <IfModule !mod_access_compat.c>

            Require all denied

        </IfModule>

    </IfModule>    

</Files>

Like sitemap.xml, browserconfig.xml should be allowed, for example:

Code:
<Files ~ (sitemap|browserconfig)\.xml>

    <IfModule !mod_authz_core.c>

        Allow from all

    </IfModule>

    <IfModule mod_access_compat.c>

        Allow from all

    </IfModule>

    <IfModule mod_authz_core.c>

        <IfModule !mod_access_compat.c>

            Require all granted

        </IfModule>

    </IfModule>    

</Files>

Thanks, can you modify this to also allow themes/*.xml ?
see
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/879

There is also crossdomain xml s for flash

We really only need to be blocking data/xml I suppose, either way this is a backup htaccess deny should be present in data anyway.

I thought I had deleted this thread after finding the issue on GitHub...

Why is not only xml under data blocked and everything else left alone?

I dont know, I think in the past plugins used to store stuff in plugins, i cannot think of anything else that needs blocking.

So, this should suffice?

Code:
<Files ~ "/data/.*\.xml$">

    <IfModule !mod_authz_core.c>

        Deny from all

    </IfModule>

    <IfModule mod_access_compat.c>

        Deny from all

    </IfModule>

    <IfModule mod_authz_core.c>

        <IfModule !mod_access_compat.c>

            Require all denied

        </IfModule>

    </IfModule>    

</Files>

I would so think so, anyone?

Markus00000

shawn_a

Markus00000

shawn_a

Markus00000

shawn_a