mirror of
https://github.com/a2nt/silverstripe-webpack.git
synced 2024-10-22 17:05:31 +02:00
110 lines
4.5 KiB
ApacheConf
110 lines
4.5 KiB
ApacheConf
|
Header set X-Content-Security-Policy "allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self';"
|
||
|
Header always append X-Frame-Options SAMEORIGIN
|
||
|
ServerSignature Off
|
||
|
<ifModule mod_gzip.c>
|
||
|
mod_gzip_on Yes
|
||
|
mod_gzip_dechunk Yes
|
||
|
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
|
||
|
mod_gzip_item_include handler ^cgi-script$
|
||
|
mod_gzip_item_include mime ^text/.*
|
||
|
mod_gzip_item_include mime ^application/x-javascript.*
|
||
|
mod_gzip_item_exclude mime ^image/.*
|
||
|
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
|
||
|
</ifModule>
|
||
|
<IfModule mod_expires.c>
|
||
|
ExpiresActive On
|
||
|
ExpiresByType image/jpg "access 1 year"
|
||
|
ExpiresByType image/jpeg "access 1 year"
|
||
|
ExpiresByType image/gif "access 1 year"
|
||
|
ExpiresByType image/png "access 1 year"
|
||
|
ExpiresByType text/css "access 1 month"
|
||
|
ExpiresByType text/html "access 1 month"
|
||
|
ExpiresByType application/pdf "access 1 month"
|
||
|
ExpiresByType text/x-javascript "access 1 month"
|
||
|
ExpiresByType application/x-shockwave-flash "access 1 month"
|
||
|
ExpiresByType image/x-icon "access 1 year"
|
||
|
ExpiresDefault "access 1 month"
|
||
|
</IfModule>
|
||
|
|
||
|
RewriteEngine On
|
||
|
RewriteCond %{HTTPS} off
|
||
|
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
||
|
RewriteCond %{HTTP_HOST} !^www\.
|
||
|
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
|
||
|
|
||
|
### SILVERSTRIPE START ###
|
||
|
# Deny access to templates (but allow from localhost)
|
||
|
<Files *.ss>
|
||
|
Order deny,allow
|
||
|
Deny from all
|
||
|
Allow from 127.0.0.1
|
||
|
</Files>
|
||
|
|
||
|
# Deny access to IIS configuration
|
||
|
<Files web.config>
|
||
|
Order deny,allow
|
||
|
Deny from all
|
||
|
</Files>
|
||
|
|
||
|
# Deny access to YAML configuration files which might include sensitive information
|
||
|
<Files *.yml>
|
||
|
Order allow,deny
|
||
|
Deny from all
|
||
|
</Files>
|
||
|
|
||
|
# Route errors to static pages automatically generated by SilverStripe
|
||
|
ErrorDocument 404 /assets/error-404.html
|
||
|
ErrorDocument 500 /assets/error-500.html
|
||
|
|
||
|
<IfModule mod_rewrite.c>
|
||
|
SetEnv HTTP_MOD_REWRITE On
|
||
|
RewriteEngine On
|
||
|
RewriteBase '/'
|
||
|
|
||
|
# Deny access to potentially sensitive files and folders
|
||
|
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
|
||
|
RewriteRule ^vendor(/|$) - [F,L,NC]
|
||
|
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
|
||
|
RewriteRule silverstripe-cache(/|$) - [F,L,NC]
|
||
|
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
|
||
|
RewriteRule composer\.(json|lock) - [F,L,NC]
|
||
|
|
||
|
# Process through SilverStripe if no file with the requested name exists.
|
||
|
# Pass through the original path as a query parameter, and retain the existing parameters.
|
||
|
RewriteCond %{REQUEST_URI} ^(.*)$
|
||
|
RewriteCond %{REQUEST_FILENAME} !-f
|
||
|
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
|
||
|
RewriteRule .* framework/main.php?url=%1 [QSA]
|
||
|
</IfModule>
|
||
|
### SILVERSTRIPE END ###
|
||
|
|
||
|
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
|
||
|
RewriteRule ^\.git - [F,L,NC]
|
||
|
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
|
||
|
RewriteRule \.sql$ - [F,L,NC]
|
||
|
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
|
||
|
RewriteRule \.editorconfig - [F,L,NC]
|
||
|
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
|
||
|
RewriteRule error_log - [F,L,NC]
|
||
|
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
|
||
|
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
|
||
|
RewriteRule Envoy\.blade\.php - [F,L,NC]
|
||
|
|