humhub/.htaccess.dist

# check if RewriteModule is availbale 
<IfModule mod_rewrite.c>
RewriteEngine on

# uncomment if you've installed HumHub into a subdirectory relative to your webroot & adjust RewriteBase to match the install point
#RewriteBase /humhub

# uncomment to force https requests
#RewriteCond %{HTTPS} !=on
#RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ [NC]
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


# prevent httpd from serving dotfiles (.htaccess, .svn, .git, etc.) - except let's encrypt challenge
RedirectMatch 403 ^/?\.(?!/well-known/acme-challenge/[\w-]{43}$)

# ensure permalink when url rewriting was enabled (index.php?r=content/perma&id=6 => /content/perma/?id=6
RewriteCond %{QUERY_STRING} ^r=content(/|%2)perma&id=([0-9]*)$
RewriteRule ^index\.php$ %{REQUEST_URI}/content/perma/?id=%2 [R=302,L]

RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]

# Sets the HTTP_AUTHORIZATION header removed by apache
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .? - [L]

RewriteRule .? %{ENV:BASE}/index.php [L]

</IfModule>

# Config files from vendor should not be readable via browser
<FilesMatch "composer.json">
    Order Allow,Deny
    Deny from All
</FilesMatch>

<FilesMatch "composer.lock">
    Order Allow,Deny
    Deny from All
</FilesMatch>
Better .htaccess file - prevent accessing app folders (like app, assests, js...) - prevent using the /index.php in the URL - removes the need of RewriteBase in case HumHub is installed on a sub-folder 2016-11-12 02:10:12 +01:00			`# check if RewriteModule is availbale`
			`<IfModule mod_rewrite.c>`
Added missing RewriteEngine on in .htaccess.dist 2017-01-26 16:50:30 +01:00			`RewriteEngine on`
Initial Commit 2014-02-10 06:36:00 +01:00
Update .htaccess.dist 2018-03-25 12:37:54 +09:00			`# uncomment if you've installed HumHub into a subdirectory relative to your webroot & adjust RewriteBase to match the install point`
			`#RewriteBase /humhub`
Fix: Base Subdomains 2018-03-24 18:52:44 +09:00
Added force https example to htaccess 2017-08-19 13:58:24 +02:00			`# uncomment to force https requests`
			`#RewriteCond %{HTTPS} !=on`
Fix: Let's Encrypt ACME Error The issue is seen on the community site [here](https://community.humhub.com/content/perma?id=133524). 2017-12-23 19:09:54 +09:00			`#RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ [NC]`
Added force https example to htaccess 2017-08-19 13:58:24 +02:00			`#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]`


added let's encrypt challenge as an exception in RedirectMatch 2016-09-20 21:04:57 +02:00			`# prevent httpd from serving dotfiles (.htaccess, .svn, .git, etc.) - except let's encrypt challenge`
			`RedirectMatch 403 ^/?\.(?!/well-known/acme-challenge/[\w-]{43}$)`
Prevent httpd from serving dotfiles (.htaccess, .svn, .git, etc. 2014-09-19 00:47:39 +02:00
Revert "Revert "Merge branch 'v1.3-dev' into master"" This reverts commit 955d83be8b9e20183b1db209141db7ab24d048a3. 2018-01-23 09:50:01 +01:00			`# ensure permalink when url rewriting was enabled (index.php?r=content/perma&id=6 => /content/perma/?id=6`
			`RewriteCond %{QUERY_STRING} ^r=content(/\|%2)perma&id=([0-9]*)$`
			`RewriteRule ^index\.php$ %{REQUEST_URI}/content/perma/?id=%2 [R=302,L]`

Better .htaccess file - prevent accessing app folders (like app, assests, js...) - prevent using the /index.php in the URL - removes the need of RewriteBase in case HumHub is installed on a sub-folder 2016-11-12 02:10:12 +01:00			`RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$`
			`RewriteRule ^(.*) - [E=BASE:%1]`
Added RewriteBase Tweak to default .htaccess file and documentation 2014-09-04 20:50:02 +02:00
Better .htaccess file - prevent accessing app folders (like app, assests, js...) - prevent using the /index.php in the URL - removes the need of RewriteBase in case HumHub is installed on a sub-folder 2016-11-12 02:10:12 +01:00			`# Sets the HTTP_AUTHORIZATION header removed by apache`
			`RewriteCond %{HTTP:Authorization} .`
			`RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]`
Initial Commit 2014-02-10 06:36:00 +01:00
Better .htaccess file - prevent accessing app folders (like app, assests, js...) - prevent using the /index.php in the URL - removes the need of RewriteBase in case HumHub is installed on a sub-folder 2016-11-12 02:10:12 +01:00			`RewriteCond %{REQUEST_FILENAME} -f`
			`RewriteRule .? - [L]`
Initial Commit 2014-02-10 06:36:00 +01:00
Better .htaccess file - prevent accessing app folders (like app, assests, js...) - prevent using the /index.php in the URL - removes the need of RewriteBase in case HumHub is installed on a sub-folder 2016-11-12 02:10:12 +01:00			`RewriteRule .? %{ENV:BASE}/index.php [L]`

			`</IfModule>`
[security] Update .htaccess Access to composer files should not be world readable as a malicious user could find information on outdated libraries. 2017-02-06 22:26:13 +01:00
			`# Config files from vendor should not be readable via browser`
			`<FilesMatch "composer.json">`
			`Order Allow,Deny`
			`Deny from All`
			`</FilesMatch>`

			`<FilesMatch "composer.lock">`
			`Order Allow,Deny`
			`Deny from All`
			`</FilesMatch>`