[ticket/security-181] Port .htaccess changes to other webserver types

SECURITY-181

phpBB/docs/lighttpd.sample.conf

@@ -37,7 +37,7 @@ $HTTP["host"] == "www.myforums.com" {
 	accesslog.filename		= "/var/log/lighttpd/access-www.myforums.com.log"
 	
 	# Deny access to internal phpbb files.	
-	$HTTP["url"] =~ "^/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload)" {
+	$HTTP["url"] =~ "^/(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" {
 		url.access-deny = ( "" )
 	}
 

phpBB/docs/nginx.sample.conf

@@ -72,7 +72,7 @@ http {
         }
 
         # Deny access to internal phpbb files.
-        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
+        location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor) {
             deny all;
             # deny was ignored before 0.8.40 for connections over IPv6.
             # Use internal directive to prohibit access on older versions.

phpBB/web.config

@@ -18,7 +18,10 @@
 				<hiddenSegments>
 					<add segment="cache" />
 					<add segment="files" />
+					<add segment="includes" />
+					<add segment="phpbb" />
 					<add segment="store" />
+					<add segment="vendor" />
 					<add segment="config.php" />
 					<add segment="common.php" />
 				</hiddenSegments>