Added "Deny Access to Backup and Source Files"

2015-02-01 12:31:23 +08:00 · 2015-02-01 12:31:23 +08:00 · a79f9201cd
parent 937cb0daec
commit a79f9201cd
1 changed files with 12 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -17,6 +17,7 @@ A collection of useful .htaccess, all in one place. I decided to create this rep
    - [Deny All Access Except Yours](#deny-all-access-except-yours)
    - [Allow All Access Except Spammers'](#allow-all-access-except-spammers)
    - [Deny Access to Hidden Files and Directories](#deny-access-to-hidden-files-and-directores)
+    - [Deny Access to Backup and Source Files](#deny-access-to-backup-and-source-files)
    - [Disable Directory Browsing](#disable-directory-browsing)
    - [Disable Image Hotlinking](#disable-image-hotlinking)
    - [Password Protect a Directory](#password-protect-a-directory)
@ -119,6 +120,17 @@ RewriteCond %{SCRIPT_FILENAME} -f
 RewriteRule "(^|/)\." - [F]
 ```

+### Deny Access to Backup and Source Files
+These files may be left by some text/html editors (like Vi/Vim) and pose a great security danger, when anyone can access them.
+``` apacheconf
+<FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$">
+    Order allow,deny
+    Deny from all
+    Satisfy All
+</FilesMatch>
+```
+[Source](http://h5bp.com)
+
 ### Disable Directory Browsing
 ``` apacheconf
 Options All -Indexes