ef60cd4d
 Administrator
first commit
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
# following directives prevent the execution of script files
# the context of the website.
# also force the content-type application/octet-stream and
# browsers to display a download dialog for non-image files.
SetHandler default-handler
ForceType application/octet-stream
Header set Content-Disposition attachment
# following unsets the forced type and Content-Disposition headers
# known image files:
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
ForceType none
Header unset Content-Disposition
</FilesMatch>
# following directive prevents browsers from MIME-sniffing the content-type.
# is an important complement to the ForceType directive above:
Header set X-Content-Type-Options nosniff
# the following lines to prevent unauthorized download of files:
#AuthName "Authorization required"
#AuthType Basic
#require valid-user
|
