Added an alternative rule to deny access to hidden files

2018-11-08 13:39:40 +01:00 · 2015-02-09 15:30:34 +08:00 · 2015-02-09 15:30:34 +08:00 · 5b44d452a9
commit 5b44d452a9
parent a79f9201cd
1 changed files with 5 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -120,6 +120,11 @@ RewriteCond %{SCRIPT_FILENAME} -f
 RewriteRule "(^|/)\." - [F]
 ```

+Alternatively, you can just raise a `Not Found` error, giving the attacker dude no clue:
+``` apacheconf
+RedirectMatch 404 /\..*$
+```
+
 ### Deny Access to Backup and Source Files
 These files may be left by some text/html editors (like Vi/Vim) and pose a great security danger, when anyone can access them.
 ``` apacheconf