Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Default .htaccess blocks access to browserconfig.xml
#1
Info about browserconfig.xml: http://msdn.microsoft.com/en-us/library/...s.85).aspx

This blocks access to the browserconfig.xml file in the root directory:

Code:
# blocks direct access to the XML files - they hold all the data!
<Files ~ "\.xml$">
    <IfModule !mod_authz_core.c>
        Deny from all
    </IfModule>
    <IfModule mod_access_compat.c>
        Deny from all
    </IfModule>
    <IfModule mod_authz_core.c>
        <IfModule !mod_access_compat.c>
            Require all denied
        </IfModule>
    </IfModule>    
</Files>

Like sitemap.xml, browserconfig.xml should be allowed, for example:

Code:
<Files ~ (sitemap|browserconfig)\.xml>
    <IfModule !mod_authz_core.c>
        Allow from all
    </IfModule>
    <IfModule mod_access_compat.c>
        Allow from all
    </IfModule>
    <IfModule mod_authz_core.c>
        <IfModule !mod_access_compat.c>
            Require all granted
        </IfModule>
    </IfModule>    
</Files>
Reply
#2
Thanks, can you modify this to also allow themes/*.xml ?
see
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/879

There is also crossdomain xml s for flash

We really only need to be blocking data/xml I suppose, either way this is a backup htaccess deny should be present in data anyway.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#3
I thought I had deleted this thread after finding the issue on GitHub...

Why is not only xml under data blocked and everything else left alone?
Reply
#4
I dont know, I think in the past plugins used to store stuff in plugins, i cannot think of anything else that needs blocking.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#5
So, this should suffice?

Code:
<Files ~ "/data/.*\.xml$">
    <IfModule !mod_authz_core.c>
        Deny from all
    </IfModule>
    <IfModule mod_access_compat.c>
        Deny from all
    </IfModule>
    <IfModule mod_authz_core.c>
        <IfModule !mod_access_compat.c>
            Require all denied
        </IfModule>
    </IfModule>    
</Files>
Reply
#6
I would so think so, anyone?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply




Users browsing this thread: 1 Guest(s)