silverstripe-installer/.htaccess

### SILVERSTRIPE START ###
<Files *.ss>
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1
</Files>

<Files web.config>
	Order deny,allow
	Deny from all
</Files>

# This denies access to all yml files, since developers might include sensitive
# information in them. See the docs for work-arounds to serve some yaml files
<Files *.yml>
	Order allow,deny
	Deny from all
</Files>

ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html

<IfModule mod_alias.c>
	RedirectMatch 403 /silverstripe-cache(/|$)
	RedirectMatch 403 /vendor(/|$)
	RedirectMatch 403 /composer\.(json|lock)
</IfModule>

<IfModule mod_rewrite.c>
	SetEnv HTTP_MOD_REWRITE On
	RewriteEngine On

	RewriteCond %{REQUEST_URI} ^(.*)$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_URI} !\.php$
	RewriteRule .* framework/main.php?url=%1 [QSA]

	RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule . %1/install.php? [R,L]

</IfModule>
### SILVERSTRIPE END ###
ENHANCEMENT Easier installation for IIS based configurations by providing the web.config file out of the box, an inaccessible file on Apache based web servers (from r93255) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112086 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-10-13 04:22:49 +02:00			`### SILVERSTRIPE START ###`
			`<Files *.ss>`
			`Order deny,allow`
			`Deny from all`
			`Allow from 127.0.0.1`
			`</Files>`

			`<Files web.config>`
			`Order deny,allow`
			`Deny from all`
			`</Files>`

API Block all yaml files by default, to reduce the change of information leakage 2012-12-12 21:02:56 +01:00			`# This denies access to all yml files, since developers might include sensitive`
			`# information in them. See the docs for work-arounds to serve some yaml files`
			`<Files *.yml>`
			`Order allow,deny`
			`Deny from all`
			`</Files>`

ENHANCEMENT ErrorDocument in default .htaccess so Apache serves default 404 and 500 server error pages (from r108663) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112415 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-10-15 03:18:46 +02:00			`ErrorDocument 404 /assets/error-404.html`
			`ErrorDocument 500 /assets/error-500.html`

#5870 Block web requests to silverstripe-cache directory via htaccess RedirectMatch rule or web.config hiddenSegments functionality if using IIS 7.x (from r110241) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112417 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-10-15 03:19:01 +02:00			`<IfModule mod_alias.c>`
			`RedirectMatch 403 /silverstripe-cache(/\|$)`
API Filter composer files in IIS and Apache rules (fixes #8011) They can expose version information, so shouldn't be accessible through the web. The better solution of course is to move to a public/ subfolder application structure. 2013-02-15 19:13:41 +01:00			`RedirectMatch 403 /vendor(/\|$)`
			`RedirectMatch 403 /composer\.(json\|lock)`
#5870 Block web requests to silverstripe-cache directory via htaccess RedirectMatch rule or web.config hiddenSegments functionality if using IIS 7.x (from r110241) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112417 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-10-15 03:19:01 +02:00			`</IfModule>`

BUGFIX If mod_rewrite isn't enabled on Apache, a 500 server error won't be generated which prevents the installer from opening and telling you there's no rewrite support (from r98887) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112108 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-10-13 04:53:34 +02:00			`<IfModule mod_rewrite.c>`
MINOR Merged r112269 through r113912 from phpinstaller/branches/2.4 git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@113914 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-11-18 06:08:12 +01:00			`SetEnv HTTP_MOD_REWRITE On`
BUGFIX If mod_rewrite isn't enabled on Apache, a 500 server error won't be generated which prevents the installer from opening and telling you there's no rewrite support (from r98887) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112108 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-10-13 04:53:34 +02:00			`RewriteEngine On`
MINOR Merged r112269 through r113912 from phpinstaller/branches/2.4 git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@113914 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-11-18 06:08:12 +01:00
BUGFIX If mod_rewrite isn't enabled on Apache, a 500 server error won't be generated which prevents the installer from opening and telling you there's no rewrite support (from r98887) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112108 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-10-13 04:53:34 +02:00			`RewriteCond %{REQUEST_URI} ^(.*)$`
			`RewriteCond %{REQUEST_FILENAME} !-f`
Fixing .htaccess to ignore rewriting PHP files directly 2012-12-04 02:34:54 +01:00			`RewriteCond %{REQUEST_URI} !\.php$`
Reverted junk-commits from "Removed .mergesources.yml, not used since the dark SVN days" This partially reverts commit 744605d21a8e58966611a4c774b489657f8097ac. 2012-11-08 21:59:14 +01:00			`RewriteRule .* framework/main.php?url=%1 [QSA]`

			`RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$`
			`RewriteCond %{REQUEST_FILENAME} !-f`
			`RewriteRule . %1/install.php? [R,L]`

BUGFIX If mod_rewrite isn't enabled on Apache, a 500 server error won't be generated which prevents the installer from opening and telling you there's no rewrite support (from r98887) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112108 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-10-13 04:53:34 +02:00			`</IfModule>`
			`### SILVERSTRIPE END ###`