mirror of
https://github.com/wintercms/winter.git
synced 2024-06-28 05:33:29 +02:00
83fbddf5ee
This prevents access to files such as script.jpg.php, while such a file is not possible to upload today, we can never be too sure.
77 lines
2.5 KiB
ApacheConf
77 lines
2.5 KiB
ApacheConf
<IfModule mod_rewrite.c>
|
|
|
|
<IfModule mod_negotiation.c>
|
|
Options -MultiViews
|
|
</IfModule>
|
|
|
|
RewriteEngine On
|
|
|
|
##
|
|
## You may need to uncomment the following line for some hosting environments,
|
|
## if you have installed to a subdirectory, enter the name here also.
|
|
##
|
|
# RewriteBase /
|
|
|
|
##
|
|
## Black list protected files
|
|
##
|
|
RewriteRule ^themes/.*/(layouts|pages|partials)/.*.htm index.php [L,NC]
|
|
RewriteRule ^bootstrap/.* index.php [L,NC]
|
|
RewriteRule ^config/.* index.php [L,NC]
|
|
RewriteRule ^vendor/.* index.php [L,NC]
|
|
RewriteRule ^storage/cms/.* index.php [L,NC]
|
|
RewriteRule ^storage/logs/.* index.php [L,NC]
|
|
RewriteRule ^storage/framework/.* index.php [L,NC]
|
|
RewriteRule ^storage/temp/protected/.* index.php [L,NC]
|
|
RewriteRule ^storage/app/uploads/protected/.* index.php [L,NC]
|
|
|
|
##
|
|
## White listed folders and files
|
|
##
|
|
RewriteCond %{REQUEST_FILENAME} -f
|
|
RewriteCond %{REQUEST_URI} !\.js$
|
|
RewriteCond %{REQUEST_URI} !\.map$
|
|
RewriteCond %{REQUEST_URI} !\.ico$
|
|
RewriteCond %{REQUEST_URI} !\.jpg$
|
|
RewriteCond %{REQUEST_URI} !\.jpeg$
|
|
RewriteCond %{REQUEST_URI} !\.bmp$
|
|
RewriteCond %{REQUEST_URI} !\.png$
|
|
RewriteCond %{REQUEST_URI} !\.gif$
|
|
RewriteCond %{REQUEST_URI} !\.svg$
|
|
RewriteCond %{REQUEST_URI} !\.css$
|
|
RewriteCond %{REQUEST_URI} !\.less$
|
|
RewriteCond %{REQUEST_URI} !\.scss$
|
|
RewriteCond %{REQUEST_URI} !\.pdf$
|
|
RewriteCond %{REQUEST_URI} !\.swf$
|
|
RewriteCond %{REQUEST_URI} !\.txt$
|
|
RewriteCond %{REQUEST_URI} !\.xml$
|
|
RewriteCond %{REQUEST_URI} !\.xls$
|
|
RewriteCond %{REQUEST_URI} !\.eot$
|
|
RewriteCond %{REQUEST_URI} !\.woff$
|
|
RewriteCond %{REQUEST_URI} !\.woff2$
|
|
RewriteCond %{REQUEST_URI} !\.ttf$
|
|
RewriteCond %{REQUEST_URI} !\.flv$
|
|
RewriteCond %{REQUEST_URI} !\.wmv$
|
|
RewriteCond %{REQUEST_URI} !\.mp3$
|
|
RewriteCond %{REQUEST_URI} !\.ogg$
|
|
RewriteCond %{REQUEST_URI} !\.wav$
|
|
RewriteCond %{REQUEST_URI} !\.avi$
|
|
RewriteCond %{REQUEST_URI} !\.mov$
|
|
RewriteCond %{REQUEST_URI} !\.mp4$
|
|
RewriteCond %{REQUEST_URI} !\.mpeg$
|
|
RewriteCond %{REQUEST_URI} !\.webm$
|
|
RewriteCond %{REQUEST_URI} !\.mkv$
|
|
RewriteCond %{REQUEST_URI} !\.rar$
|
|
RewriteCond %{REQUEST_URI} !\.zip$
|
|
RewriteCond %{REQUEST_URI} !docs/.*
|
|
RewriteCond %{REQUEST_URI} !themes/.*
|
|
RewriteRule ^ index.php [L,NC]
|
|
|
|
##
|
|
## Standard routes
|
|
##
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteRule ^ index.php [L]
|
|
|
|
</IfModule>
|