tonyair/silverstripe-installer
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-installer synced 2024-10-22 17:05:33 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #73 from chillu/pulls/htaccess-doc

Browse Source 
Improve .htaccess commenting
This commit is contained in:
Damian Mooyman 2014-11-19 08:51:18 +13:00
commit c77022e260
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.htaccess
View File

@ -1,37 +1,44 @@
### SILVERSTRIPE START ### ### SILVERSTRIPE START ###
# Deny access to templates (but allow from localhost)
<Files *.ss> <Files *.ss>
Order deny,allow Order deny,allow
Deny from all Deny from all
Allow from 127.0.0.1 Allow from 127.0.0.1
</Files> </Files>
# Deny access to IIS configuration
<Files web.config> <Files web.config>
Order deny,allow Order deny,allow
Deny from all Deny from all
</Files> </Files>
# This denies access to all yml files, since developers might include sensitive # Deny access to YAML configuration files which might include sensitive information
# information in them. See the docs for work-arounds to serve some yaml files
<Files ~ "\.ya?ml$"> <Files ~ "\.ya?ml$">
Order allow,deny Order allow,deny
Deny from all Deny from all
</Files> </Files>
# Route errors to static pages automatically generated by SilverStripe
ErrorDocument 404 /assets/error-404.html ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html ErrorDocument 500 /assets/error-500.html
<IfModule mod_rewrite.c> <IfModule mod_rewrite.c>
SetEnv HTTP_MOD_REWRITE On SetEnv HTTP_MOD_REWRITE On
RewriteEngine On RewriteEngine On
# Deny access to potentially sensitive files and folders
RewriteRule ^vendor(/|$) - [F,L,NC] RewriteRule ^vendor(/|$) - [F,L,NC]
RewriteRule silverstripe-cache(/|$) - [F,L,NC] RewriteRule silverstripe-cache(/|$) - [F,L,NC]
RewriteRule composer\.(json|lock) - [F,L,NC] RewriteRule composer\.(json|lock) - [F,L,NC]
# Process through SilverStripe if no file with the requested name exists.
# Pass through the original path as a query parameter, and retain the existing parameters.
RewriteCond %{REQUEST_URI} ^(.*)$ RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* framework/main.php?url=%1 [QSA] RewriteRule .* framework/main.php?url=%1 [QSA]
# If framework isn't in a subdirectory, rewrite to installer
RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$ RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . %1/install.php? [R,L] RewriteRule . %1/install.php? [R,L]