Merge pull request #28 from terokorp/feature/apache2.4_htaccess

Allowing access only to index.php, admin.php, api.php and assets folder
2015-10-30 17:23:10 +01:00 · 2015-10-30 17:23:10 +01:00 · 93ed335a8e
parent 0acb8857f4 7bff4a2d80
commit 93ed335a8e
1 changed files with 4 additions and 12 deletions
--- a/.htaccess
+++ b/.htaccess
@ -3,21 +3,12 @@

 <IfModule mod_authz_host.c>
  Require all granted
-
-  <Files flarum/*>
-    Require all denied	  
-  </Files>
 </IfModule>
 <IfModule !mod_authz_host.c>
  Order Allow,Deny
  Allow from all
-
-  <Files flarum/*>
-    Deny from All
-  </Files>
 </IfModule>

-
 <IfModule mod_rewrite.c>
  RewriteEngine on

@ -26,12 +17,13 @@
  RewriteRule ^api(.*)$ api.php [QSA,L]
  RewriteRule ^admin(.*)$ admin.php [QSA,L]

-  RewriteCond %{REQUEST_FILENAME} !-f
-  RewriteCond %{REQUEST_FILENAME} !-d
-  RewriteRule ^(.*)$ index.php [QSA,L]
+  RewriteRule !^assets index.php [QSA,L]
  
  # MultiViews can mess up our rewriting scheme
  Options -MultiViews
+
+  # Autoindex will list all assets files which is not so good
+  Options -Indexes
 </IfModule>

 <IfModule mod_deflate.c>