Drupal 10, the latest version of the open-source digital experience platform with even more features, is here.We cover the htaccess files from core. The one in the document root is included, a variant of the others is integrated into our vhost templates.
We have turned off scanning for htaccess files in Apache, of if a user creates one in a non-standard place it's just ignored.
A nice feature might be to warn when such a file is found.
We'd have to create whitelist of patterns for known locations.
Comments