From 8c3bf139ffe9f35e4d631827fe659b13cebca388 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20J=C3=A4ckel?= <rjaeckel@users.noreply.github.com>
Date: Thu, 27 Nov 2014 17:14:27 +0100
Subject: [PATCH] restrict access to public files only

use mod_rewrite to pretend theese files are not existend for security purposes
---
 .htaccess | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.htaccess b/.htaccess
index e45810d0a0..3d06753e9e 100644
--- a/.htaccess
+++ b/.htaccess
@@ -25,6 +25,8 @@ RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R]
 RewriteRule ^apps/calendar/caldav\.php remote.php/caldav/ [QSA,L]
 RewriteRule ^apps/contacts/carddav\.php remote.php/carddav/ [QSA,L]
 RewriteRule ^remote/(.*) remote.php [QSA,L]
+RewriteRule ^(build|tests|config|lib|l10n|templates)/.* - [R=404,L]
+RewriteRule ^(\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
 </IfModule>
 <IfModule mod_mime.c>
 AddType image/svg+xml svg svgz