[CRM-21571] Create .htaccess supporting both Apache 2.4 and 2.0-2.2 versions - CiviCRM Issue Tracker

Details

Type: Improvement
Status: Open
Priority: Trivial
Resolution: Unresolved
Affects Version/s: 4.7.28
Fix Version/s: None
Component/s: Core CiviCRM
Labels:
- PatchSubmitted
- apache

Versioning Impact:
Patch (backwards-compatible bug fixes)
Documentation Required?:
Developer Doc
Funding Source:
Contributed Code
Verified?:
Yes
How it works currently:
Files on newer Apache versions in secured folders (e.g. upload) can be accessed without proper authorization.
How it should work:
Secured folders (e.g. upload) should be accessed with proper authorization, independent from the version of apache.

Description

The current .htaccess file is set up for Apache versions 2.2 and earlier. This causes security issues when the server/hosting company only supports newer versions, i.e. 2.4 and higher. In this case the old commands will not affect access.

Attachments

Issue Links

links to

PR: civicrm-core#11420: 4.7.29 rc

Activity

People

Assignee:

Unassigned

Reporter:

Ed van Leeuwen

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2017-12-16 15:21

Updated:

2017-12-16 15:48

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified