Diff -- /var/www/vhosts/webstls.com/httpdocs/uploads/.htaccess

O Operator
Diff

/var/www/vhosts/webstls.com/httpdocs/uploads/.htaccess

added on WebSTLs (webstls.com) at 2026-07-01 22:27:09

Added
+0
lines
Removed
-0
lines
Context
20
unchanged
Blobs
from a47be3136568
to a47be3136568
Restore this content →
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.
11# Block all direct HTTP access to uploaded image files. They are served
22# only through /img.cgi, which validates the requested id against the
33# page_images table and streams the bytes. The CGI reads files from
44# this directory via the filesystem, so it is unaffected by these rules.
55#
66# Defense-in-depth: even if a stranger guesses the on-disk path,
77# Apache refuses to serve it.
88
99Options -Indexes
1010
1111<IfModule mod_authz_core.c>
1212 # Apache 2.4+
1313 Require all denied
1414</IfModule>
1515
1616<IfModule !mod_authz_core.c>
1717 # Apache 2.2
1818 Order deny,allow
1919 Deny from all
2020</IfModule>