humhub/.htaccess.dist

# check if RewriteModule is availbale
<IfModule mod_rewrite.c>
    Options +FollowSymLinks
    
    RewriteEngine on

    # uncomment if you've installed HumHub into a subdirectory relative to your webroot & adjust RewriteBase to match the install point
    #RewriteBase /humhub

    # uncomment to force https requests
    #RewriteCond %{HTTPS} !=on
    #RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ [NC]
    #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # prevent httpd from serving dotfiles (.htaccess, .svn, .git, etc.) - except let's encrypt challenge
    RedirectMatch 403 ^/?\.(?!well-known/acme-challenge/[\w-]{43}$)

    # ensure permalink when url rewriting was enabled (index.php?r=content/perma&id=6 => /content/perma/?id=6
    RewriteCond %{QUERY_STRING} ^r=content(/|%2)perma&id=([0-9]*)$
    RewriteRule ^index\.php$ %{REQUEST_URI}/content/perma/?id=%2 [R=302,L]

    RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
    RewriteRule ^(.*) - [E=BASE:%1]

    # Sets the HTTP_AUTHORIZATION header removed by apache
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f
    RewriteRule .? - [L]

    RewriteRule .? %{ENV:BASE}/index.php [L]
</IfModule>

# Config files from vendor should not be readable via browser
<FilesMatch "^(\.|composer\.(json|lock|phar)$)">
    <IfModule authz_core_module>
        Require all denied
    </IfModule>
    <IfModule !authz_core_module>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>
Removed caching section from htaccess file 2020-03-21 17:02:42 +01:00			`# check if RewriteModule is availbale`
Better .htaccess file - prevent accessing app folders (like app, assests, js...) - prevent using the /index.php in the URL - removes the need of RewriteBase in case HumHub is installed on a sub-folder 2016-11-12 02:10:12 +01:00			`<IfModule mod_rewrite.c>`
Update .htaccess.dist 2021-12-09 15:01:04 +01:00			`Options +FollowSymLinks`
Update .htaccess.dist 2021-07-26 14:38:16 +02:00
Update .htaccess.dist 2018-05-04 00:55:37 +02:00			`RewriteEngine on`
Added force https example to htaccess 2017-08-19 13:58:24 +02:00
Update .htaccess.dist 2018-05-04 00:55:37 +02:00			`# uncomment if you've installed HumHub into a subdirectory relative to your webroot & adjust RewriteBase to match the install point`
			`#RewriteBase /humhub`
Prevent httpd from serving dotfiles (.htaccess, .svn, .git, etc. 2014-09-19 00:47:39 +02:00
Update .htaccess.dist 2018-05-04 00:55:37 +02:00			`# uncomment to force https requests`
			`#RewriteCond %{HTTPS} !=on`
			`#RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ [NC]`
			`#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]`
Added RewriteBase Tweak to default .htaccess file and documentation 2014-09-04 20:50:02 +02:00
Update .htaccess.dist 2018-05-04 00:55:37 +02:00			`# prevent httpd from serving dotfiles (.htaccess, .svn, .git, etc.) - except let's encrypt challenge`
Avoid error 403 with let's encrypt challenge 2019-03-02 14:08:22 +01:00			`RedirectMatch 403 ^/?\.(?!well-known/acme-challenge/[\w-]{43}$)`
Initial Commit 2014-02-10 06:36:00 +01:00
Update .htaccess.dist 2018-05-04 00:55:37 +02:00			`# ensure permalink when url rewriting was enabled (index.php?r=content/perma&id=6 => /content/perma/?id=6`
			`RewriteCond %{QUERY_STRING} ^r=content(/\|%2)perma&id=([0-9]*)$`
			`RewriteRule ^index\.php$ %{REQUEST_URI}/content/perma/?id=%2 [R=302,L]`
Initial Commit 2014-02-10 06:36:00 +01:00
Update .htaccess.dist 2018-05-04 00:55:37 +02:00			`RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$`
			`RewriteRule ^(.*) - [E=BASE:%1]`
Better .htaccess file - prevent accessing app folders (like app, assests, js...) - prevent using the /index.php in the URL - removes the need of RewriteBase in case HumHub is installed on a sub-folder 2016-11-12 02:10:12 +01:00
Update .htaccess.dist 2018-05-04 00:55:37 +02:00			`# Sets the HTTP_AUTHORIZATION header removed by apache`
			`RewriteCond %{HTTP:Authorization} .`
			`RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]`
Added RewriteBase Tweak to default .htaccess file and documentation 2014-09-04 20:50:02 +02:00
Update .htaccess.dist 2018-05-04 00:55:37 +02:00			`RewriteCond %{REQUEST_FILENAME} -f`
			`RewriteRule .? - [L]`
Better .htaccess file - prevent accessing app folders (like app, assests, js...) - prevent using the /index.php in the URL - removes the need of RewriteBase in case HumHub is installed on a sub-folder 2016-11-12 02:10:12 +01:00
Update .htaccess.dist 2018-05-04 00:55:37 +02:00			`RewriteRule .? %{ENV:BASE}/index.php [L]`
Better .htaccess file - prevent accessing app folders (like app, assests, js...) - prevent using the /index.php in the URL - removes the need of RewriteBase in case HumHub is installed on a sub-folder 2016-11-12 02:10:12 +01:00			`</IfModule>`
[security] Update .htaccess Access to composer files should not be world readable as a malicious user could find information on outdated libraries. 2017-02-06 22:26:13 +01:00
			`# Config files from vendor should not be readable via browser`
Update .htaccess.dist 2018-05-04 00:55:37 +02:00			`<FilesMatch "^(\.\|composer\.(json\|lock\|phar)$)">`
			`<IfModule authz_core_module>`
			`Require all denied`
			`</IfModule>`
			`<IfModule !authz_core_module>`
			`Order deny,allow`
			`Deny from all`
			`</IfModule>`
[security] Update .htaccess Access to composer files should not be world readable as a malicious user could find information on outdated libraries. 2017-02-06 22:26:13 +01:00			`</FilesMatch>`