Browse Source

Deny access to some files using permissions

kudlav 7 months ago
parent
commit
b3e522b3fc
3 changed files with 7 additions and 2 deletions
  1. 1 0
      .htaccess
  2. 6 2
      www/.htaccess
  3. 0 0
      www/web-down.php

+ 1 - 0
.htaccess

@@ -0,0 +1 @@
+Require all denied

+ 6 - 2
www/.htaccess

@@ -1,5 +1,5 @@
 # Apache configuration file (see https://httpd.apache.org/docs/current/mod/quickreference.html)
-Allow from all
+Require all granted
 
 # disable directory listing
 <IfModule mod_autoindex.c>
@@ -11,13 +11,17 @@ Allow from all
 	RewriteEngine On
 	# RewriteBase /
 
+	# use HTTPS
+	# RewriteCond %{HTTPS} !on
+	# RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+
 	# prevents files starting with dot to be viewed by browser
 	RewriteRule /\.|^\.(?!well-known/) - [F]
 
 	# front controller
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteCond %{REQUEST_FILENAME} !-d
-	RewriteRule !\.(pdf|js|ico|gif|jpg|png|css|rar|zip|tar\.gz|map)$ index.php [L]
+	RewriteRule !\.(pdf|js|ico|gif|jpg|jpeg|png|webp|svg|css|rar|zip|7z|tar\.gz|map|eot|ttf|otf|woff|woff2)$ index.php [L]
 </IfModule>
 
 # enable gzip compression

www/index-web-down.php → www/web-down.php