From cd7b9177ea63aa74ad4112850f3b7a6dccd37d23 Mon Sep 17 00:00:00 2001
From: Tobias Diekershoff <tobias.diekershoff@gmx.net>
Date: Wed, 16 Mar 2022 19:35:59 +0100
Subject: [PATCH 1/2] .htaccess-dist deny access to some backup files

this PR adds a filematch block to the distributed .htaccess file to deny access to backup files from emacs (~), vim (.swp) and other backup files (.bak).

addressing #11350
---
 .htaccess-dist | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.htaccess-dist b/.htaccess-dist
index 3c9098251..c86b81b88 100644
--- a/.htaccess-dist
+++ b/.htaccess-dist
@@ -6,6 +6,7 @@ AddType application/x-java-archive .jar
 AddType audio/ogg .oga
 #AddHandler php53-cgi .php
 
+# deny access to log files (friendica.log or php.out)
 <FilesMatch "\.(out|log)$">
   <IfModule authz_host_module>
     #Apache 2.4
@@ -17,6 +18,18 @@ AddType audio/ogg .oga
   </IfModule>
 </FilesMatch>
 
+# deny access to backup files
+<FilesMatch "(~|\.bak|\.swp)$">
+  <IfModule authz_host_module>
+    #Apache 2.4
+    Require all denied
+  </IfModule>
+  <IfModule !authz_host_module>
+    #Apache 2.2
+    Deny from all
+  </IfModule>
+</FilesMatch>
+
 <IfModule mod_rewrite.c>
   RewriteEngine on
   # Protect repository directory from browsing

From 77cb9405be551b6679d11407d6212c80d1e985b5 Mon Sep 17 00:00:00 2001
From: Tobias Diekershoff <tobias.diekershoff@gmx.net>
Date: Wed, 16 Mar 2022 19:54:43 +0100
Subject: [PATCH 2/2] only deny files ending in ~

---
 .htaccess-dist | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.htaccess-dist b/.htaccess-dist
index c86b81b88..404137168 100644
--- a/.htaccess-dist
+++ b/.htaccess-dist
@@ -19,7 +19,7 @@ AddType audio/ogg .oga
 </FilesMatch>
 
 # deny access to backup files
-<FilesMatch "(~|\.bak|\.swp)$">
+<FilesMatch "(\~|\.bak|\.swp)$">
   <IfModule authz_host_module>
     #Apache 2.4
     Require all denied