@rob006 opened this Issue on February 19th 2016

Right now .htaccess files with some security rules are generated only for Apache. But not only Apache can handle .htaccess files - I use shared hosting with nginx, but with module which allow to use most of apache directives in .htaccess files, so basically it works similar to Apache. But piwik does not generate .htaccess files, even if my server can handle it.
Is there any reason for not generating .htaccess files regardless of used webserver?

@tsteur commented on February 22nd 2016 Member

Good point. I'm not sure either and sounds valid to simply always create the file in case it can be read. If someone is using another webserver, and they get delivered to the UI, there should not be much sensitive data.

FYI: The check for this is done here: https://github.com/piwik/piwik/blob/2.16.1-b1/plugins/Installation/ServerFilesGenerator.php#L85

This Issue was closed on March 15th 2016
Powered by GitHub Issue Mirror