Topic on Talk:Release notes/1.26

MediaWiki 1.26.4 includes old bug fixes .htaccess files. Are they still required?

1
Noloader (talkcontribs)

We are having a heck of a time getting MediaWiki to run as expected with (1) mod_security enabled, and (2) mod_rewrite changing HTTP requests to HTTPS requests.

When grepping .htaccess files supplied with MediaWiki 1.26.4, we noticed a couple old workarounds present:

# find /var/www -name '.htaccess' -printf '%p\n' -exec cat {} \;
/var/www/html/w/cache/.htaccess
Deny from all
/var/www/html/w/languages/.htaccess
Deny from all
/var/www/html/w/extensions/MobileFrontend/dev-scripts/.htaccess
Deny from all
/var/www/html/w/maintenance/archives/.htaccess
Deny from all
/var/www/html/w/maintenance/.htaccess
Deny from all
/var/www/html/w/serialized/.htaccess
Deny from all
/var/www/html/w/images/temp/.htaccess
# Protect against bug 28235
<IfModule rewrite_module>
    RewriteEngine On
    RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase]
    RewriteRule . - [forbidden]
</IfModule>
/var/www/html/w/images/.htaccess
# Protect against bug 28235
<IfModule rewrite_module>
    RewriteEngine On
    RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase]
    RewriteRule . - [forbidden]
    # Fix for bug T64289
    Options +FollowSymLinks
</IfModule>
/var/www/html/w/images/deleted/.htaccess
Deny from all
/var/www/html/w/includes/.htaccess
Deny from all

Are the .htaccess work around still required for Bug 28235 and Bug T64289 under MediaWiki 1.26.4?

Reply to "MediaWiki 1.26.4 includes old bug fixes .htaccess files. Are they still required?"