On Thu, Apr 14, 2011 at 1:29 AM, Gordon Joly <gordon.j...@pobox.com> wrote:
> On 12/04/2011 04:23, Tim Starling wrote: > > > > To fix this issue, configure your web server to deny requests with > > URLs that have a path part ending in a dot followed by a dangerous > > file extension. For example, in Apache with mod_rewrite: > > > > RewriteEngine On > > RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase] > > RewriteRule . - [forbidden] > I see that this snippet is to be found in ".htaccess" file inside > ./images/ (this appears to be new file 1.16.3) > > Could the ".htaccess" be placed at top level (that is one above ./images/)? > > Since the file is there, is there any need to change the web server > configuration? > > Gordo > > For starters, apache must be configured to parse .htaccess files. -- Brian Mingus Graduate student Computational Cognitive Neuroscience Lab University of Colorado at Boulder _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l