From f54a812ad5c68cf0b64d436bfc650f1a0262edfa Mon Sep 17 00:00:00 2001
From: Celly <celly@ted.com>
Date: Fri, 22 Sep 2017 09:27:43 -0400
Subject: [PATCH] Update access rules to block all root '.' files

---
 advanced/lighttpd.conf.debian | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian
index 10085dd8..07f0e964 100644
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -66,8 +66,8 @@ $HTTP["url"] =~ "^/admin/" {
     }
 }
 
-# Block the github files from being accessible.
-$HTTP["url"] =~ "^/admin/(.git|.gitignore|.github)" {
+# Block . files from being served, such as .git, .github, .gitignore
+$HTTP["url"] =~ "^/admin/\.(.*)" {
      url.access-deny = ("")
 }