Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
After February 6, this site will no longer have Facebook, Twitter, or OpenID sign-in options. Read our announcement about social media SSO support in 2.8 for more info.

Make sure you have a current, valid email address set in your profile and set a password so you can login without it. If you get locked out after that time, you can choose "Forgot Password" to fix it as long as a valid email is on your account.

Improve Vanilla Security by Default - Deny Viewing the Cache

mtschirsmtschirs ✭✭✭
edited August 2015 in Development

I would suggest to make vulnerability discovery in Vanilla harder by removing web access to the cache directory (or relevant parts of it). E.g.

I suggest adding some rules to the .htaccess file that comes 'preinstalled' with Vanilla.




Sign In or Register to comment.