Thread:Project:Support desk/Required HTTP server permissions on MediaWiki folders and files

MediaWiki includes “.htaccess” files in several folders, mostly to restrict access. I’d rather not rely on those files and control access within the server's main configuration. I would like to deny access by default, set “AllowOverride” to “None” and selectively allow access to just what’s needed. So I am wondering if there is a list of essential resources that must remain accessible (i.e., are directly served by the HTTP server).

For example, I see the need to serve:
 * “/api.php”
 * “/index.php”
 * “/load.php”
 * “/opensearch_desc.php”
 * “/skins/”, excluding the PHP files.
 * “/images/</tt>” (though perhaps not its “deleted/</tt>” and “temp/</tt>” sub-folders (?)).

Has something like this been documented or discussed before, by any chance?

Thank you.