Secure the server: prevent the users from browsing/getting files from the data and log directories. With Apache, it is still a must to enable htaccess with the spec "AllowOverride All". The index.php files are here to prevent from browsing whatever the HTTP server config.

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@3675 a333f486-631f-4898-b8df-5754b55c2be0

data/.htaccess

@@ -0,0 +1 @@
+Deny from all

data/index.php

@@ -0,0 +1,2 @@
+<?php
+echo 'Access denied';

data/web.config

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <system.web>
+          <authorization>
+                  <deny users="*" /> <!-- Denies all users -->
+          </authorization>
+  </system.web>
+</configuration>

log/.htaccess

@@ -0,0 +1 @@
+Deny from all

log/index.php

@@ -0,0 +1,2 @@
+<?php
+echo 'Access denied';

log/web.config

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <system.web>
+          <authorization>
+                  <deny users="*" /> <!-- Denies all users -->
+          </authorization>
+  </system.web>
+</configuration>