Damian Mooyman
d467b16bf2
Ensure BlockUntrustedProxyHeaders is enabled by default
2015-06-02 12:29:23 +12:00
Damian Mooyman
e759ffbcdc
Enforce trusted proxy servers
2015-05-28 10:03:42 +12:00
Daniel Hensby
066fd84452
FIX Requests to root dir circumvent index.php
...
fixes #58
2015-02-16 16:36:23 +00:00
Corey Sewell
9b2b0b5c31
Fix #80
2015-01-20 13:28:05 +13:00
Damian Mooyman
4d8ab05f90
Revert #78
...
Fixes #79
2015-01-12 17:38:50 +13:00
Corey Sewell
b2ee11a7be
Add rewrite rule to enable Basic auithentication workaround for PHP running in CGI mode
...
See https://github.com/silverstripe/silverstripe-framework/pull/3689
2014-12-09 07:36:46 +13:00
Ingo Schommer
e1649cf74f
Improve .htaccess commenting
...
Done alongside improvements of the execution-pipeline.md docs.
Installer comment taken from d5723f7b0e
2014-11-19 08:31:04 +13:00
Simon Welsh
91d79860bd
Don't block rewriting .php URLs
2014-08-16 22:01:27 +10:00
colymba
aa07a0edd8
BUGFIX #34 Only block root vendor folder
...
Use RewriteRule instead to take in account any subfolder via RewriteBase. Deny ss-cache and composer via RewriteRule too.
Move to RewriteRules
2014-02-18 22:37:49 +13:00
Simon Welsh
4fd75527dc
Block access to .yaml files as well as .yml
2013-07-01 12:59:31 +12:00
Hamish Friedlander
becc5baa34
API Block all yaml files by default, to reduce the change of information leakage
2013-02-17 22:16:11 +01:00
Ingo Schommer
494bfc7863
Merge remote-tracking branch 'origin/2.4' into 3.0
...
Conflicts:
build.xml
composer.json
install.php
phpunit.xml.dist
2013-02-15 19:19:23 +01:00
Ingo Schommer
23523175f3
API Filter composer files in IIS and Apache rules ( fixes #8011 )
...
They can expose version information, so shouldn't be accessible
through the web. The better solution of course is to move
to a public/ subfolder application structure.
2013-02-15 19:13:41 +01:00
Sean Harvey
d74da7ba29
Fixing .htaccess to ignore rewriting PHP files directly
2012-12-04 14:34:54 +13:00
Sam Minnee
7898f89fb3
Reverted junk-commits from "Removed .mergesources.yml, not used since the dark SVN days"
...
This partially reverts commit 744605d21a
.
2012-11-09 10:00:11 +13:00
Ingo Schommer
744605d21a
Removed .mergesources.yml, not used since the dark SVN days
2012-11-08 14:03:39 +01:00
Simon Welsh
1a532faa60
API-CHANGE sapphire folder can now be renamed.
2012-04-14 12:53:12 +12:00
Hamish Friedlander
d5723f7b0e
BUGFIX: If sapphire hasn't been installed as subdirectory, give error message rather than erroring out with a 500 or a php error
2011-10-29 15:53:41 +13:00
Ingo Schommer
e4031aa344
MINOR Using QSA RewriteRule flag in .htaccess instead of manually appending ( fixes #6593 , thanks smares)
2011-04-14 21:07:17 +12:00
sharvey
fba76de203
ENHANCEMENT Installer now has a fallback for mod_rewrite detection by setting an environment variable in .htaccess when "<IfModule mod_rewrite.c>" directive is satisfied
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@112973 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:56 +13:00
sharvey
a870ea1aa3
#5870 Block web requests to silverstripe-cache directory via htaccess RedirectMatch rule or web.config hiddenSegments functionality if using IIS 7.x
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@110241 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:54 +13:00
sharvey
f5245c7b0f
ENHANCEMENT ErrorDocument in default .htaccess so Apache serves default 404 and 500 server error pages
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@108663 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:54 +13:00
phalkunz
e8db5c30c1
MINOR: revert -r102275
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@102276 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:52 +13:00
phalkunz
a04df99154
MINOR: remove unnecessary expression
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@102275 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:52 +13:00
sharvey
958d75869f
MINOR Reverted r101354 and r101356 (see #3826 )
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@101404 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:52 +13:00
sharvey
934fbf9a88
MINOR Added comment to empty .htaccess file
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@101356 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:51 +13:00
sharvey
008267b299
BUGFIX #3826 Removed initial .htaccess contents to make installation of SS easier - the installer doesn't need any rewriting available initially
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@101354 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:51 +13:00
sharvey
ba357293b8
MINOR Reverted r98980
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@98997 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:48 +13:00
trix
a4cf4672b4
MINOR fix typo
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@98980 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:48 +13:00
sharvey
b27645b7ac
MINOR Partially reverted r98887 re-adding the web.config permissions in .htaccess
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@98889 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:47 +13:00
sharvey
2a47151ef5
MINOR Tabbing out of <Files> directive contents in .htaccess
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@98888 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:47 +13:00
sharvey
fefd00cf1e
BUGFIX If mod_rewrite isn't enabled on Apache, a 500 server error won't be generated which prevents the installer from opening and telling you there's no rewrite support
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@98887 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:47 +13:00
ischommer
17764cf273
ENHANCEMENT Removed extension specific RewriteCond from .htaccess, install.php and rewritetest.php to allow for broader range of dynamically handled extensions (e.g. generating GIF files through SilverStripe controllers). See #2958
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@97791 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:46 +13:00
sharvey
52891a4ecf
ENHANCEMENT Easier installation for IIS based configurations by providing the web.config file out of the box, an inaccessible file on Apache based web servers
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@93255 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:45 +13:00
ischommer
0074be8942
Removed DirectorySlash update from installer's default htaccess as it breaks some installation targets (from r67085) (from r92231)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@92272 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:44 +13:00
ischommer
9288a062e8
MINOR Reverted accidental commit from r92260
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@92261 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:43 +13:00
ischommer
1d6f9318b7
MINOR Mergeinfo
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/branches/2.4@92260 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 18:56:43 +13:00
sharvey
945a28f33a
MINOR Merged r112269 through r113912 from phpinstaller/branches/2.4
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@113914 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-11-18 05:08:12 +00:00
sminnee
5a20fbed64
#5870 Block web requests to silverstripe-cache directory via htaccess RedirectMatch rule or web.config hiddenSegments functionality if using IIS 7.x (from r110241)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112417 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 01:19:01 +00:00
sminnee
991ec354b1
ENHANCEMENT ErrorDocument in default .htaccess so Apache serves default 404 and 500 server error pages (from r108663)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112415 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 01:18:46 +00:00
sminnee
044b0f0f80
BUGFIX If mod_rewrite isn't enabled on Apache, a 500 server error won't be generated which prevents the installer from opening and telling you there's no rewrite support (from r98887)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112108 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 02:53:34 +00:00
sminnee
dd015ff76a
ENHANCEMENT Removed extension specific RewriteCond from .htaccess, install.php and rewritetest.php to allow for broader range of dynamically handled extensions (e.g. generating GIF files through SilverStripe controllers). See #2958 (from r97791)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112091 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 02:32:36 +00:00
sminnee
eebff68f46
ENHANCEMENT Easier installation for IIS based configurations by providing the web.config file out of the box, an inaccessible file on Apache based web servers (from r93255)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112086 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 02:22:49 +00:00
ischommer
a0cedd3fb5
MINOR Partially reverted r92439, accidental commit to .htaccess
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@92877 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 10:36:20 +00:00
ischommer
844acb217d
MINOR: Updating mergeinfo to ignore mergebacks
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@92439 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 00:42:47 +00:00
ischommer
5bb0d9b138
Removed DirectorySlash update from installer's default htaccess as it breaks some installation targets (from r67085)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@92231 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-19 19:34:02 +00:00
ischommer
823613bf92
BUGFIX Removed stop-condition for *.php in default .htaccess file to allow non-existent .php files to be handled by SilverStripe. For example, this is handy when dynamically redirecting "legacy URLs" like "index.php?id=42" to new pages through database lookups rather than static rewrites
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@81847 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-07-14 23:57:21 +00:00
ischommer
e5dd525948
BUGFIX Excluding .json extension from RewriteCond in .htaccess to allow RestfulServer to work with JSON formats (more precise regex)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@78429 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-04 21:53:08 +00:00
ischommer
3b6104ff56
BUGFIX Excluding .json extension from RewriteCond in .htaccess to allow RestfulServer to work with JSON formats
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@78428 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-04 21:44:12 +00:00
sminnee
abad46e6cb
Merged branches/2.3 into trunk
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@66396 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-22 03:36:31 +00:00