On 12/04/2011 04:23, Tim Starling wrote:
To fix this issue, configure your web server to deny requests with URLs that have a path part ending in a dot followed by a dangerous file extension. For example, in Apache with mod_rewrite:
RewriteEngine On RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase] RewriteRule . - [forbidden]
I see that this snippet is to be found in ".htaccess" file inside ./images/ (this appears to be new file 1.16.3)
Could the ".htaccess" be placed at top level (that is one above ./images/)?
Since the file is there, is there any need to change the web server configuration?
Gordo