Prevent Apache from displaying text files within a web browser
When you download Drupal, there are several
text files that are placed in the root of your installation. You don't want or
need these to be visible to anyone attempting to view them in a browser -
especially CHANGELOG.txt as that includes the exact version of Drupal you are
running and could therefore have security implications.
Rather than delete these files or change the file permissions manually for each
file, I can add the following lines into my VirtualHost configuration.
<Files ~ "\.txt$">
Order deny,allow
Deny from all
</Files>
This prevents any files with a .txt extension from being accessed and rendered
in a web browser.
Was this useful?
About me
I'm an Acquia-certified Drupal Triple Expert with 17 years of experience, an open-source software maintainer and Drupal core contributor, public speaker, live streamer, and host of the Beyond Blocks podcast.