27 lines
741 B
ApacheConf
27 lines
741 B
ApacheConf
# Deny all requests from Apache 2.4+.
|
|
<IfModule mod_authz_core.c>
|
|
Require all denied
|
|
</IfModule>
|
|
|
|
# Deny all requests from Apache 2.0-2.2.
|
|
<IfModule !mod_authz_core.c>
|
|
Deny from all
|
|
</IfModule>
|
|
|
|
# Turn off all options we don't need.
|
|
Options -Indexes -ExecCGI -Includes -MultiViews
|
|
|
|
# Set the catch-all handler to prevent scripts from being executed.
|
|
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
|
|
<Files *>
|
|
# Override the handler again if we're run later in the evaluation list.
|
|
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
|
|
</Files>
|
|
|
|
# If we know how to do it safely, disable the PHP engine entirely.
|
|
<IfModule mod_php7.c>
|
|
php_flag engine off
|
|
</IfModule>
|
|
<IfModule mod_php.c>
|
|
php_flag engine off
|
|
</IfModule> |