Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.

Improve Vanilla Security by Default - Deny Viewing the Cache

mtschirsmtschirs ✭✭✭
edited August 2015 in Development

I would suggest to make vulnerability discovery in Vanilla harder by removing web access to the cache directory (or relevant parts of it). E.g.

I suggest adding some rules to the .htaccess file that comes 'preinstalled' with Vanilla.




Sign In or Register to comment.