[Mediawiki-l] MediaWiki security release 1.16.3
Gordon Joly
gordon.joly at pobox.com
Thu Apr 14 07:29:18 UTC 2011
On 12/04/2011 04:23, Tim Starling wrote:
>
> To fix this issue, configure your web server to deny requests with
> URLs that have a path part ending in a dot followed by a dangerous
> file extension. For example, in Apache with mod_rewrite:
>
> RewriteEngine On
> RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase]
> RewriteRule . - [forbidden]
I see that this snippet is to be found in ".htaccess" file inside
./images/ (this appears to be new file 1.16.3)
Could the ".htaccess" be placed at top level (that is one above ./images/)?
Since the file is there, is there any need to change the web server
configuration?
Gordo
--
Gordon Joly
gordon.joly at pobox.com
http://www.joly.org.uk/
Don't Leave Space To The Professionals!
More information about the MediaWiki-l
mailing list