On 12/04/2011 04:23, Tim Starling wrote:
>
> To fix this issue, configure your web server to deny requests with
> URLs that have a path part ending in a dot followed by a dangerous
> file extension. For example, in Apache with mod_rewrite:
>
> RewriteEngine On
> RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase]
> RewriteRule . - [forbidden]
I see that this snippet is to be found in ".htaccess" file inside
./images/ (this appears to be new file 1.16.3)
Could the ".htaccess" be placed at top level (that is one above ./images/)?
Since the file is there, is there any need to change the web server
configuration?
Gordo
--
Gordon Joly
[email protected]
http://www.joly.org.uk/
Don't Leave Space To The Professionals!
_______________________________________________
MediaWiki-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
