N°3231 - Allow browser access to static resources files in the /lib folder

2026-04-24 11:08:45 +02:00 · 2020-08-04 09:07:39 +02:00
parent a15235d522
commit 19b5290e80
2 changed files with 38 additions and 10 deletions
--- a/lib/.htaccess
+++ b/lib/.htaccess
@@ -1,12 +1,23 @@
+# Allow only static resources files
+# - HTML not allowed as there could be some test pages calling server scripts or executing JS scripts
+# - PHP not allowed as they should not be publicly accessible
+
 # Apache 2.4
 <ifModule mod_authz_core.c>
 Require all denied
+	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot1)$">
+	    Require all granted
+	</FilesMatch>
 </ifModule>

 # Apache 2.2
 <ifModule !mod_authz_core.c>
 deny from all
 Satisfy All
+	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
+	    Order Allow,Deny
+	    Allow from all
+	</FilesMatch>
 </ifModule>

 # Apache 2.2 and 2.4