secure access to vcs files

diff --git a/apache-common.conf b/apache-common.conf
index 8b1b75185129ff759f12abd913c1715bf290d859..6ffd6349663fc2d16ef26f96e6ec9c5eee3a5b05 100644 (file)
--- a/apache-common.conf
+++ b/apache-common.conf
@@ -24,8 +24,10 @@ DocumentRoot "/home/services/httpd/html"
        </IfModule>
 </Directory>
 
-# Prevent .htaccess and .htpasswd files from being viewed by Web clients.
-<Files ".ht*">
+# Prevent access to:
+# - .htaccess and .htpasswd files
+# - backup files from being viewed
+<FilesMatch  "^(\.ht.*|.*~|.*,v)$">
        <IfModule mod_authz_host.c>
                Require all denied
        </IfModule>
@@ -33,10 +35,11 @@ DocumentRoot "/home/services/httpd/html"
                Order deny,allow
                Deny from all
        </IfModule>
-</Files>
+</FilesMatch>
 
-# Prevent backup files from being viewed, too.
-<Files "*~">
+# Prevent access to:
+# - version control directories
+<DirectoryMatch "/\.(svn|git|hg|bzr)|CVS)/?">
        <IfModule mod_authz_host.c>
                Require all denied
        </IfModule>
@@ -44,7 +47,7 @@ DocumentRoot "/home/services/httpd/html"
                Order deny,allow
                Deny from all
        </IfModule>
-</Files>
+</DirectoryMatch>
 
 #
 # This should be changed to whatever you set DocumentRoot to.

diff --git a/apache.spec b/apache.spec
index ae195455725d92e2ded12b6c29a97c1d578ffaff..eee8c96c62e0080707c8bbce41f8ed03ef6c883c 100644 (file)
--- a/apache.spec
+++ b/apache.spec
@@ -35,7 +35,7 @@ Summary(ru.UTF-8):    Самый популярный веб-сервер
 Summary(tr.UTF-8):     Lider WWW tarayıcı
 Name:          apache
 Version:       2.4.17
-Release:       1
+Release:       2
 License:       Apache v2.0
 Group:         Networking/Daemons/HTTP
 Source0:       http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2