From 56d17d567a15f2e881e0ddb34d5387230d0c1c54 Mon Sep 17 00:00:00 2001
From: "Fedor A. Fetisov" <faf@ossg.ru>
Date: Thu, 14 Nov 2013 18:38:04 +0400
Subject: [PATCH] Set default and safe web server settings

---
 src/mibew/.htaccess | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/mibew/.htaccess b/src/mibew/.htaccess
index 4a3ca54e..f821987f 100644
--- a/src/mibew/.htaccess
+++ b/src/mibew/.htaccess
@@ -1,4 +1,25 @@
+# Set default handler for incoming requests
+DirectoryIndex index.php
+
+# Disable directory listing
+Options -Indexes
+
+# Follow symbolic links in the directory
+Options +FollowSymLinks
+
+# Disable mod_security for Apache 1.x
 <IfModule mod_security.c>
-SecFilterEngine Off
-SecFilterScanPOST Off
+    SecFilterEngine Off
+    SecFilterScanPOST Off
+</IfModule>
+
+# Explicitly set right settings for mod_php 5 for Apache 1.x and 2.x
+<IfModule mod_php5.c>
+    php_flag magic_quotes_gpc			off
+    php_flag magic_quotes_sybase		off
+    php_flag register_globals			off
+    php_flag mbstring.encoding_translation	off
+    php_value mbstring.http_input		pass
+    php_value mbstring.http_output		pass
+    php_flag session.auto_start			off
 </IfModule>