We cover the htaccess files from core. The one in the document root is included, a variant of the others is integrated into our vhost templates.

We have turned off scanning for htaccess files in Apache, of if a user creates one in a non-standard place it's just ignored.

A nice feature might be to warn when such a file is found.

We'd have to create whitelist of patterns for known locations.

Comments

helmo created an issue.