forked from github/Quit.mwForum
46 lines
1.2 KiB
Plaintext
46 lines
1.2 KiB
Plaintext
# Force downloading of attachments instead of opening them in website context,
|
|
# which can be very dangerous, allowing account hijacking etc. Does not have any
|
|
# effect on embedded images. Very important.
|
|
|
|
Header set Content-Disposition "attachment"
|
|
Header set X-Download-Options "noopen"
|
|
|
|
# Disable execution via CGI, PHP etc. Very important.
|
|
|
|
Options -ExecCGI
|
|
SetHandler default-handler
|
|
|
|
# Disable browsing this directory. Always recommended, since there are so many
|
|
# useless bots out there that download everything in their way.
|
|
# Very important if you have private boards with attachments that are supposed
|
|
# to be secret.
|
|
|
|
Options -Indexes
|
|
|
|
# Treat files with unregistered extensions as binary files.
|
|
# Helps against "alphabet soup" downloads. Not very important.
|
|
|
|
DefaultType application/octet-stream
|
|
|
|
# Set more specific MIME types for feeds. Not important.
|
|
|
|
<FilesMatch "\.atom[0-9]*\.xml$">
|
|
ForceType application/atom+xml
|
|
</FilesMatch>
|
|
<FilesMatch "\.rss[0-9]*\.xml$">
|
|
ForceType application/rss+xml
|
|
</FilesMatch>
|
|
|
|
# Block access to OpenID cache.
|
|
|
|
<Files "cache.db">
|
|
Deny from all
|
|
</Files>
|
|
|
|
# Block access to PGP user keyrings. They only contain public keys, though,
|
|
# so this is usually unnecessary.
|
|
|
|
<FilesMatch "\.gpg~?$">
|
|
Deny from all
|
|
</FilesMatch>
|