[Mediawiki-l] MediaWiki security release 1.16.3

Gordon Joly gordon.joly at pobox.com
Thu Apr 14 07:29:18 UTC 2011

On 12/04/2011 04:23, Tim Starling wrote:
> To fix this issue, configure your web server to deny requests with
> URLs that have a path part ending in a dot followed by a dangerous
> file extension. For example, in Apache with mod_rewrite:
>      RewriteEngine On
>      RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase]
>      RewriteRule . - [forbidden]
I see that this snippet is to be found in ".htaccess" file inside 
./images/ (this appears to be new file 1.16.3)

Could the ".htaccess" be placed at top level (that is one above ./images/)?

Since the file is there, is there any need to change the web server 



Gordon Joly
gordon.joly at pobox.com
Don't Leave Space To The Professionals!

More information about the MediaWiki-l mailing list