From 3bd8b8115414ca3167068fec8d3f080c8ee67404 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Mon, 7 Sep 2020 05:43:20 -0400
Subject: [PATCH] Prevents Apache from serving CLI scripts

---
 .gitignore     |  4 ++--
 .htaccess-dist |  3 +++
 bin/.htaccess  | 10 ++++++++++
 3 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 bin/.htaccess

diff --git a/.gitignore b/.gitignore
index 2d8acf0160..3250fb0761 100644
--- a/.gitignore
+++ b/.gitignore
@@ -71,8 +71,8 @@ venv/
 /addons
 /addon
 
-#ignore .htaccess
-.htaccess
+#ignore base .htaccess
+/.htaccess
 
 #ignore filesystem storage default path
 /storage
diff --git a/.htaccess-dist b/.htaccess-dist
index a671cc680a..3c90982515 100644
--- a/.htaccess-dist
+++ b/.htaccess-dist
@@ -1,3 +1,6 @@
+# This file is meant to be copied to ".htaccess" on Apache-powered web servers.
+# The created .htaccess file can be edited manually and will not be overwritten by Friendica updates.
+
 Options -Indexes
 AddType application/x-java-archive .jar
 AddType audio/ogg .oga
diff --git a/bin/.htaccess b/bin/.htaccess
new file mode 100644
index 0000000000..716a932e1c
--- /dev/null
+++ b/bin/.htaccess
@@ -0,0 +1,10 @@
+# This file prevents browser access to Friendica command-line scripts on Apache-powered web servers.
+# It isn't meant to be edited manually, please check the base Friendica folder for the .htaccess-dist file instead.
+
+<IfModule authz_host_module>
+    Require all denied
+</IfModule>
+<IfModule !authz_host_module>
+    Order Allow,Deny
+    Deny from all
+</IfModule>