31 lines
989 B
ApacheConf
31 lines
989 B
ApacheConf
# The following directives prevent the execution of script files
|
|
# in the context of the website.
|
|
# They also force the content-type application/octet-stream and
|
|
# force browsers to display a download dialog for non-image files.
|
|
SetHandler default-handler
|
|
ForceType application/octet-stream
|
|
Header set Content-Disposition attachment
|
|
|
|
# The following unsets the forced type and Content-Disposition headers
|
|
# for known image files:
|
|
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
|
|
ForceType none
|
|
Header unset Content-Disposition
|
|
</FilesMatch>
|
|
|
|
# The following directive prevents browsers from MIME-sniffing the content-type.
|
|
# This is an important complement to the ForceType directive above:
|
|
Header set X-Content-Type-Options nosniff
|
|
|
|
<Files ~ "\.php$">
|
|
# Deny all requests from Apache 2.4+.
|
|
<IfModule mod_authz_core.c>
|
|
Require all denied
|
|
</IfModule>
|
|
|
|
# Deny all requests from Apache 2.0-2.2.
|
|
<IfModule !mod_authz_core.c>
|
|
Deny from all
|
|
</IfModule>
|
|
</Files>
|