Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

while we're here discussing what files should be pre-emptively added to your web server's deny entry; what else should be in there.. besides, say, .git?

I guess you could block .* except .well-known 'just in case'



Shouldn't you rather deny all, and carefully carve out paths you need to allow?


As a Windows wizard, desktop.ini and thumbs.db both come to mind.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: