X-Git-Url: https://git.p6c8.net/jirafeau_mojo42.git/blobdiff_plain/d76baeb068461f6f27c40a2fed1eae56586f08a7..42fe16a545b2d7ef3a476dc347594384ac41a403:/README.md

diff --git a/README.md b/README.md
index c62e252..752494c 100644
--- a/README.md
+++ b/README.md
@@ -143,6 +143,14 @@ location ~ /var-.* {
 }
 ```
 
+If you are using lighttpd, you can deny access to ```var``` folder in your configuration:
+
+```
+$HTTP["url"] =~ "^/var-*" {
+         url.access-deny = ("")
+}
+```
+
 You should also remove un-necessessary write access once the installation is done (ex: configuration file).
 An other obvious basic security is to let access users to the site by HTTPS (make sure `web_root` in you `config.local.php` is set with https).