.htaccess: Deny access to CHANGELOG.md, composer.json, composer.lock

See discussion in #343
2016-04-27 21:02:20 +02:00 · 2016-04-27 21:02:20 +02:00 · ee5b4f0d56
parent 749114df61
commit ee5b4f0d56
2 changed files with 4 additions and 2 deletions
--- a/.htaccess
+++ b/.htaccess
@ -5,7 +5,8 @@
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?$1 [L,QSA]
-    RewriteRule ^(.git|config|content|content-sample|lib|vendor)/.*$ index.php?$0 [L,QSA]
+    RewriteRule ^(\.git|config|content|content-sample|lib|vendor)(/.*)?$ index.php?$0 [L,QSA]
+    RewriteRule ^(CHANGELOG.md|composer.(json|lock)) index.php?404 [L]

    <IfModule mod_env.c>
        SetEnv PICO_URL_REWRITING 1
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,7 +8,8 @@ Released: -
 * [Changed] Improve documentation
 * [Changed] Add CSS rules for definition lists to default theme
 * [Changed] Always use `on404Content...` execution path when serving a `404.md`
-* [Changed] Deny access to `.git` directory (`.htaccess` file)
+* [Changed] Deny access to `.git` directory, `CHANGELOG.md`, `composer.json`
+            and `composer.lock` (`.htaccess` file)
 * [Changed] Use Pico's `404.md` to deny access to `.git`, `config`, `content`,
 *           `content-sample`, `lib` and `vendor` dirs (`.htaccess` file)
 * [Fixed] #342: Fix responsiveness in default theme