Up to 2.4.54; fixes CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404...

[packages/apache.git] / apache-common.conf

diff --git a/apache-common.conf b/apache-common.conf
index 8b1b75185129ff759f12abd913c1715bf290d859..714c05bead7dda1d3d5beffd6c259b46861a54c5 100644 (file)
--- a/apache-common.conf
+++ b/apache-common.conf
@@ -24,8 +24,11 @@ DocumentRoot "/home/services/httpd/html"
        </IfModule>
 </Directory>
 
-# Prevent .htaccess and .htpasswd files from being viewed by Web clients.
-<Files ".ht*">
+# Prevent access to:
+# - .htaccess and .htpasswd files
+# - backup files from being viewed
+# - PHP's .user.ini
+<FilesMatch  "^(\.ht.*|\.user\.ini|.*~|.*,v)$">
        <IfModule mod_authz_host.c>
                Require all denied
        </IfModule>
@@ -33,10 +36,11 @@ DocumentRoot "/home/services/httpd/html"
                Order deny,allow
                Deny from all
        </IfModule>
-</Files>
+</FilesMatch>
 
-# Prevent backup files from being viewed, too.
-<Files "*~">
+# Prevent access to:
+# - version control directories
+<DirectoryMatch "/(\.(svn|git|hg|bzr)|CVS)/?">
        <IfModule mod_authz_host.c>
                Require all denied
        </IfModule>
@@ -44,7 +48,7 @@ DocumentRoot "/home/services/httpd/html"
                Order deny,allow
                Deny from all
        </IfModule>
-</Files>
+</DirectoryMatch>
 
 #
 # This should be changed to whatever you set DocumentRoot to.
@@ -59,7 +63,7 @@ DocumentRoot "/home/services/httpd/html"
        # doesn't give it to you.
        #
        # The Options directive is both complicated and important.  Please see
-       # http://httpd.apache.org/docs/2.2/mod/core.html#options
+       # https://httpd.apache.org/docs/2.4/mod/core.html#options
        # for more information.
        #
        Options Indexes FollowSymLinks