### SILVERSTRIPE START ### # Deny access to templates (but allow from localhost) Order deny,allow Deny from all Allow from 127.0.0.1 # Deny access to IIS configuration Order deny,allow Deny from all # Deny access to YAML configuration files which might include sensitive information Order allow,deny Deny from all # Route errors to static pages automatically generated by SilverStripe ErrorDocument 404 /assets/error-404.html ErrorDocument 500 /assets/error-500.html # Ensure that X-Forwarded-Host is only allowed to determine the request # hostname for servers ips defined by SS_TRUSTED_PROXY_IPS in your _ss_environment.php # Note that in a future release this setting will be always on. SetEnv BlockUntrustedIPs true # Turn off index.php handling requests to the homepage fixes issue in apache >=2.4 DirectoryIndex disabled DirectorySlash Off SetEnv HTTP_MOD_REWRITE On RewriteEngine On # Enable HTTP Basic authentication workaround for PHP running in CGI mode RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # Deny access to potentially sensitive files and folders RewriteRule ^vendor(/|$) - [F,L,NC] RewriteRule silverstripe-cache(/|$) - [F,L,NC] RewriteRule composer\.(json|lock) - [F,L,NC] # Process through SilverStripe if no file with the requested name exists. # Pass through the original path as a query parameter, and retain the existing parameters. RewriteCond %{REQUEST_URI} ^(.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .* framework/main.php?url=%1 [QSA] # If framework isn't in a subdirectory, rewrite to installer RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule . %1/install.php? [R,L] ### SILVERSTRIPE END ###