Allowing access only to index.php, admin.php, api.php and assets folder

2015-10-30 14:36:40 +02:00 · 2015-10-30 14:36:40 +02:00 · 7bff4a2d80
parent 1e15cabd06
commit 7bff4a2d80
1 changed files with 4 additions and 12 deletions
--- a/.htaccess
+++ b/.htaccess
@ -3,21 +3,12 @@

 <IfModule mod_authz_host.c>
  Require all granted
-
-  <Files flarum/*>
-    Require all denied	  
-  </Files>
 </IfModule>
 <IfModule !mod_authz_host.c>
  Order Allow,Deny
  Allow from all
-
-  <Files flarum/*>
-    Deny from All
-  </Files>
 </IfModule>

-
 <IfModule mod_rewrite.c>
  RewriteEngine on

@ -26,12 +17,13 @@
  RewriteRule ^api(.*)$ api.php [QSA,L]
  RewriteRule ^admin(.*)$ admin.php [QSA,L]

-  RewriteCond %{REQUEST_FILENAME} !-f
-  RewriteCond %{REQUEST_FILENAME} !-d
-  RewriteRule ^(.*)$ index.php [QSA,L]
+  RewriteRule !^assets index.php [QSA,L]
  
  # MultiViews can mess up our rewriting scheme
  Options -MultiViews
+
+  # Autoindex will list all assets files which is not so good
+  Options -Indexes
 </IfModule>

 <IfModule mod_deflate.c>