github
/
chevereto-free
mirror of https://github.com/rodber/chevereto-free
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat: harden .htaccess, close #102

1.5
Rodolfo Berrios 2021-10-03 10:07:12 -03:00
parent 46024c49d4
commit 5c8093f71e
No known key found for this signature in database
GPG Key ID: D3AAC2481DBDD9FE
6 changed files with 96 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.htaccess
View File

@ -1,34 +1,37 @@
# Disable server signature
ServerSignature Off ServerSignature Off
Options -Indexes
Options -MultiViews
# Enable CORS across all your subdomains (replace dev\.local with your domain\.com) # Enable CORS across all your subdomains (replace dev\.local with your domain\.com)
# SetEnvIf Origin ^(https?://.+\.dev\.local(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=$1 # SetEnvIf Origin ^(https?://.+\.dev\.local(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=$1
# Header append Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN # Header append Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN
# Header merge Vary "Origin" # Header merge Vary "Origin"
# Disable directory listing (-indexes), Multiviews (-MultiViews) <FilesMatch "composer\.(json|lock)|importing\.php|\.htaccess|\.gitignore">
Options -Indexes <IfModule !mod_authz_core.c>
Options -MultiViews Order Allow,Deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
<IfModule mod_rewrite.c> <IfModule mod_rewrite.c>
RewriteEngine On RewriteEngine On
# If you have problems with the rewrite rules remove the "#" from the following RewriteBase line # If you have problems with the rewrite rules remove the "#" from the following RewriteBase line
# You will also have to change the path to reflect the path to your Chevereto installation # You will also have to change the path to reflect the path to your Chevereto installation
# If you are using alias is most likely that you will need this. # If you are using mod alias is likely that you will need this.
#RewriteBase / #RewriteBase /
# 404 images # 404 images
# If you want to have your own fancy "image not found" image remove the "#" from RewriteCond and RewriteRule lines # If you want to have your own fancy "image not found" image remove the # from RewriteRule
# Make sure to apply the correct paths to reflect your current installation # Make sure to apply the correct paths to reflect your current installation
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule images/.+\.(gif|jpe?g|png|bmp|webp) - [NC,L,R=404]
#RewriteRule images/.+\.(gif|jpe?g|a?png|bmp|webp) content/images/system/default/404.gif [NC,L] #RewriteRule images/.+\.(gif|jpe?g|a?png|bmp|webp) content/images/system/default/404.gif [NC,L]
RewriteRule images/.+\.(gif|jpe?g|png|bmp|webp) - [NC,L,R=404]
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !\.(css|js|html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpe?g|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|swf|tar|tif|tiff|wav|webp|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ [NC]
RewriteRule . index.php [L] RewriteRule . index.php [L]
</IfModule> </IfModule>

22
app/.htaccess
View File

@ -1,11 +1,27 @@
<FilesMatch "\.(po|php|lock|sql)$"> <LimitExcept GET>
# Apache 2.2 <IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</LimitExcept>
<FilesMatch "\.(?:[Pp][Hh][Pp][345]?|[Pp][Hh][Tt][Mm][Ll])|(po|sql|html?)$">
<IfModule !mod_authz_core.c> <IfModule !mod_authz_core.c>
Order Allow,Deny Order Allow,Deny
Deny from all Deny from all
</IfModule> </IfModule>
# Apache 2.4
<IfModule mod_authz_core.c> <IfModule mod_authz_core.c>
Require all denied Require all denied
</IfModule> </IfModule>
</FilesMatch> </FilesMatch>
<IfModule mod_php7.c>
php_flag engine off
</IfModule>
<FilesMatch ".+\.*$">
SetHandler !
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteRule ^.*\.php$ - [F,L]
</IfModule>

27
app/content/.htaccess Normal file
View File

@ -0,0 +1,27 @@
<LimitExcept GET>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</LimitExcept>
<FilesMatch "\.(?:[Pp][Hh][Pp][345]?|[Pp][Hh][Tt][Mm][Ll])|(po|sql|html?)$">
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
<IfModule mod_php7.c>
php_flag engine off
</IfModule>
<FilesMatch ".+\.*$">
SetHandler !
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteRule ^.*\.php$ - [F,L]
</IfModule>

28
images/.htaccess
View File

@ -1 +1,27 @@
SetHandler default-handler <LimitExcept GET>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</LimitExcept>
<FilesMatch "\.(?:[Pp][Hh][Pp][345]?|[Pp][Hh][Tt][Mm][Ll])|(po|sql|html?)$">
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
<IfModule mod_php7.c>
php_flag engine off
</IfModule>
<FilesMatch ".+\.*$">
SetHandler !
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteRule ^.*\.php$ - [F,L]
</IfModule>

8
importing/.htaccess
View File

@ -1 +1,7 @@
SetHandler default-handler <IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>

2
lib/G/.htaccess
View File

@ -1,9 +1,7 @@
# Apache 2.2
<IfModule !mod_authz_core.c> <IfModule !mod_authz_core.c>
Order Allow,Deny Order Allow,Deny
Deny from all Deny from all
</IfModule> </IfModule>
# Apache 2.4
<IfModule mod_authz_core.c> <IfModule mod_authz_core.c>
Require all denied Require all denied
</IfModule> </IfModule>