2010-11-18 06:08:12 +01:00
|
|
|
#
|
|
|
|
# Whitelist appropriate assets files.
|
2016-02-26 02:05:55 +01:00
|
|
|
# This file is automatically generated via File.allowed_extensions configuration
|
|
|
|
# See AssetAdapter::renderTemplate() for reference.
|
2010-11-18 06:08:12 +01:00
|
|
|
#
|
|
|
|
|
2018-04-24 01:32:05 +02:00
|
|
|
# We disable PHP via several methods
|
|
|
|
# Replace the handler with the default plaintext handler
|
|
|
|
AddHandler default-handler php phtml php3 php4 php5 inc
|
|
|
|
|
|
|
|
<IfModule mod_php5.c>
|
|
|
|
# Turn the PHP engine off
|
|
|
|
php_flag engine off
|
|
|
|
</IfModule>
|
|
|
|
|
2016-02-26 02:05:55 +01:00
|
|
|
<IfModule mod_rewrite.c>
|
2017-10-03 04:09:02 +02:00
|
|
|
<IfModule mod_env.c>
|
|
|
|
SetEnv HTTP_MOD_REWRITE On
|
|
|
|
</IfModule>
|
|
|
|
|
2016-02-26 02:05:55 +01:00
|
|
|
RewriteEngine On
|
|
|
|
|
|
|
|
# Allow error pages
|
|
|
|
RewriteCond %{REQUEST_FILENAME} -f
|
2016-09-22 08:01:44 +02:00
|
|
|
RewriteRule error[^\\/]*\.html$ - [L]
|
2016-02-26 02:05:55 +01:00
|
|
|
|
|
|
|
# Block invalid file extensions
|
2018-04-25 23:00:49 +02:00
|
|
|
RewriteCond %{REQUEST_URI} !^[^.]*\.(?i:css|js|ace|arc|arj|asf|au|avi|bmp|bz2|cab|cda|csv|dmg|doc|docx|dotx|flv|gif|gpx|gz|hqx|ico|jpeg|jpg|kml|m4a|m4v|mid|midi|mkv|mov|mp3|mp4|mpa|mpeg|mpg|ogg|ogv|pages|pcx|pdf|png|pps|ppt|pptx|potx|ra|ram|rm|rtf|sit|sitx|tar|tgz|tif|tiff|txt|wav|webm|wma|wmv|xls|xlsx|xltx|zip|zipx)$
|
2016-02-26 02:05:55 +01:00
|
|
|
RewriteRule .* - [F]
|
2010-11-18 06:08:12 +01:00
|
|
|
|
2016-02-26 02:05:55 +01:00
|
|
|
# Non existant files passed to requesthandler
|
|
|
|
RewriteCond %{REQUEST_URI} ^(.*)$
|
|
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
2017-10-03 16:43:14 +02:00
|
|
|
RewriteRule .* ../index.php [QSA]
|
2010-11-18 06:08:12 +01:00
|
|
|
</IfModule>
|