mirror of
https://github.com/silverstripe/silverstripe-installer
synced 2024-10-22 17:05:33 +02:00
Merge pull request #113 from tractorcow/pulls/4.0/update-assets
API Replace old assets/.htaccess with better default
This commit is contained in:
Daniel Hensby
commit
71971adc8f
51
assets/.htaccess
Normal file → Executable file
51
assets/.htaccess
Normal file → Executable file
@ -1,36 +1,27 @@
|
||||
#
|
||||
# Whitelist appropriate assets files.
|
||||
# Note that you will need to maintain this whitelist yourself if you modify File::$allowed_extensions
|
||||
# This file is automatically generated via File.allowed_extensions configuration
|
||||
# See AssetAdapter::renderTemplate() for reference.
|
||||
#
|
||||
# If you are not using Apache then you can ignore this file.
|
||||
# If you are using IIS then you should look at assets/web.config instead.
|
||||
#
|
||||
# To add an extension to the list, you need to put another string of the form "ext|" on the
|
||||
# FilesMatch line, inside the parentheses.
|
||||
#
|
||||
# For example, to add *.exe files to list of downloadable assets, change this line:
|
||||
#
|
||||
# <FilesMatch "\.(?i:html|htm|xhtml...
|
||||
#
|
||||
# To this:
|
||||
#
|
||||
# <FilesMatch "\.(?i:exe|html|htm|xhtml...
|
||||
#
|
||||
# Once you do this, visitors will be able to download *.exe files that are uploaded to the assets
|
||||
# directory.
|
||||
#
|
||||
# Please note Apache 1.3 does not support regular expression case insensitive matches using PCRE style.
|
||||
#
|
||||
Deny from all
|
||||
<FilesMatch "\.(?i:html|htm|xhtml|js|css|bmp|png|gif|jpg|jpeg|ico|pcx|tif|tiff|au|mid|midi|mpa|mp3|ogg|m4a|ra|wma|wav|cda|avi|mpg|mpeg|asf|wmv|m4v|mov|mkv|mp4|ogv|webm|swf|flv|ram|rm|doc|docx|dotx|dotm|txt|rtf|xls|xlsx|xltx|xltm|pages|ppt|pptx|potx|potm|pps|csv|cab|arj|tar|zip|zipx|sit|sitx|svg|gz|tgz|bz2|ace|arc|pkg|dmg|hqx|jar|xml|pdf|gpx|kml)$">
|
||||
Allow from all
|
||||
</FilesMatch>
|
||||
|
||||
# We disable PHP via several methods
|
||||
# Replace the handler with the default plaintext handler
|
||||
AddHandler default-handler php phtml php3 php4 php5 inc
|
||||
<IfModule mod_rewrite.c>
|
||||
SetEnv HTTP_MOD_REWRITE On
|
||||
RewriteEngine On
|
||||
|
||||
<IfModule mod_php5.c>
|
||||
# Turn the PHP engine off
|
||||
php_flag engine off
|
||||
# Disable PHP handler
|
||||
RewriteCond %{REQUEST_URI} .(?i:php|phtml|php3|php4|php5|inc)$
|
||||
RewriteRule .* - [F]
|
||||
|
||||
# Allow error pages
|
||||
RewriteCond %{REQUEST_FILENAME} -f
|
||||
RewriteRule error[^\/]*.html$ - [L]
|
||||
|
||||
# Block invalid file extensions
|
||||
RewriteCond %{REQUEST_URI} !.(?i:ace|arc|arj|asf|au|avi|bmp|bz2|cab|cda|css|csv|dmg|doc|docx|dotx|dotm|flv|gif|gpx|gz|hqx|ico|jar|jpeg|jpg|js|kml|m4a|m4v|mid|midi|mkv|mov|mp3|mp4|mpa|mpeg|mpg|ogg|ogv|pages|pcx|pdf|png|pps|ppt|pptx|potx|potm|ra|ram|rm|rtf|sit|sitx|tar|tgz|tif|tiff|txt|wav|webm|wma|wmv|xls|xlsx|xltx|xltm|zip|zipx)$
|
||||
RewriteRule .* - [F]
|
||||
|
||||
# Non existant files passed to requesthandler
|
||||
RewriteCond %{REQUEST_URI} ^(.*)$
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteRule .* ../framework/main.php?url=%1 [QSA]
|
||||
</IfModule>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user