To improve the security of Drupal sites on our VMs/servers, and stop fw.noc from complaining, make these additions to your .htaccess file:
- hide web.config by making this change:
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$"> <FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
- OPTIONAL: disable track/trace: below the "
Rewrite engine on" line, add this code:RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) [NC] RewriteRule ^.* - [F]
Specific categories