Last active
December 9, 2023 23:22
-
-
Save BenceSzalai/44456f9deb903f60c1295b08d6dcedb3 to your computer and use it in GitHub Desktop.
Deny public access to typical WordPress log files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Deny access to sensiticve files | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteCond %{REQUEST_URI} (.*(debug|error).*\.log|error_log)$ [NC] | |
| RewriteRule .* - [F,L,NC] | |
| </IfModule> | |
| <IfModule !mod_rewrite.c> | |
| <FilesMatch "(?i)(.*(debug|error).*\.log|error_log)$"> | |
| <IfModule mod_authz_core.c> | |
| Require all denied | |
| </IfModule> | |
| <IfModule !mod_authz_core.c> | |
| Order deny,allow | |
| Deny from all | |
| </IfModule> | |
| </FilesMatch> | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
<IfModule mod_rewrite.c>part is not strictly necessary to protect the files contents, but since<FilesMatchonly acts if the file really exist, it can allow someone to detect which files are present. So whenever mod_rewrite is available, it is better to use that, even though it is a bit slower than FilesMatch.