The source project of this merge request has been removed.
Prevent Apache from serving uploads directly
As pointed out in #43 (comment 4337464), access control checks could be in place when requesting some uploaded files.
Any request concerning uploads now get explicitly forwarded to workhorse/rails, leaving other static files unaffected. The latter is needed for the maintenance page to work properly, as mentioned in #43 (closed).
Other static files should not be subject to access restrictions, as far as I checked my own installation.