silverstripe-webpack/public/.htaccess

### SILVERSTRIPE START ###

# Deny access to templates (but allow from localhost)
<Files *.ss>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Files>

# Deny access to IIS configuration
<Files web.config>
    Order deny,allow
    Deny from all
</Files>

# Deny access to YAML configuration files which might include sensitive information
<Files ~ "\.ya?ml$">
    Order allow,deny
    Deny from all
</Files>

# Route errors to static pages automatically generated by SilverStripe
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html

<IfModule mod_rewrite.c>

    # Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
    <IfModule mod_dir.c>
        DirectoryIndex disabled
        DirectorySlash On
    </IfModule>

    SetEnv HTTP_MOD_REWRITE On
    RewriteEngine On

    # Enable HTTP Basic authentication workaround for PHP running in CGI mode
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Deny access to potentially sensitive files and folders
    RewriteRule ^vendor(/|$) - [F,L,NC]
    RewriteRule ^\.env - [F,L,NC]
    RewriteRule silverstripe-cache(/|$) - [F,L,NC]
    RewriteRule composer\.(json|lock) - [F,L,NC]
    RewriteRule (error|silverstripe|debug)\.log - [F,L,NC]

    # Process through SilverStripe if no file with the requested name exists.
    # Pass through the original path as a query parameter, and retain the existing parameters.
    # Try finding framework in the vendor folder first
    RewriteCond %{REQUEST_URI} ^(.*)$
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule .* index.php
</IfModule>
### SILVERSTRIPE END ###
SS4.1 support 2018-03-24 11:45:31 +01:00			`### SILVERSTRIPE START ###`

			`# Deny access to templates (but allow from localhost)`
			`<Files *.ss>`
			`Order deny,allow`
			`Deny from all`
			`Allow from 127.0.0.1`
			`</Files>`

			`# Deny access to IIS configuration`
			`<Files web.config>`
			`Order deny,allow`
			`Deny from all`
			`</Files>`

			`# Deny access to YAML configuration files which might include sensitive information`
			`<Files ~ "\.ya?ml$">`
			`Order allow,deny`
			`Deny from all`
			`</Files>`

			`# Route errors to static pages automatically generated by SilverStripe`
			`ErrorDocument 404 /assets/error-404.html`
			`ErrorDocument 500 /assets/error-500.html`

			`<IfModule mod_rewrite.c>`

			`# Turn off index.php handling requests to the homepage fixes issue in apache >=2.4`
			`<IfModule mod_dir.c>`
			`DirectoryIndex disabled`
			`DirectorySlash On`
			`</IfModule>`

			`SetEnv HTTP_MOD_REWRITE On`
			`RewriteEngine On`

			`# Enable HTTP Basic authentication workaround for PHP running in CGI mode`
			`RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]`

			`# Deny access to potentially sensitive files and folders`
			`RewriteRule ^vendor(/\|$) - [F,L,NC]`
			`RewriteRule ^\.env - [F,L,NC]`
			`RewriteRule silverstripe-cache(/\|$) - [F,L,NC]`
			`RewriteRule composer\.(json\|lock) - [F,L,NC]`
			`RewriteRule (error\|silverstripe\|debug)\.log - [F,L,NC]`

			`# Process through SilverStripe if no file with the requested name exists.`
			`# Pass through the original path as a query parameter, and retain the existing parameters.`
			`# Try finding framework in the vendor folder first`
			`RewriteCond %{REQUEST_URI} ^(.*)$`
			`RewriteCond %{REQUEST_FILENAME} !-f`
			`RewriteRule .* index.php`
			`</IfModule>`
			`### SILVERSTRIPE END ###`