The are a bunch of sitecake folders and files which I don’t think should be exposed to the outside world.
Does anyone have a complete .htaccess file they can share before I go away and write one?
Thanks!
So, I’ve used this in the root of my site … anyone got a better setup?
Can I suggest this should be included with the distribution?
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
<FilesMatch "sitecake-.*">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "sitecake/.*">
Order allow,deny
Deny from all
</FilesMatch>Oops … that second .htaccess Files block should be for error_log
You can use .scignore list for folders and files.
Check this docs page
https://sitecake.com/docs/website-integration.html
Actually, there is no need for .htaccess. sitecake-temp and sitecake-backup dirs both have subdir with name that is generated as 15 char long random string. It is pretty hard to guess it and access files inside. As for sitecake dir it self, it contains only one executable file which is sitecake bootstrap file which will bootstrap sitecake and login would appear. Other files are classes and nothing will happen when accessed directly. But thanks for sharing. Hope it will be useful to someone.