forked from humhub/humhub
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess.dist
44 lines (34 loc) · 1.56 KB
/
.htaccess.dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# check if RewriteModule is availbale
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on
# uncomment if you've installed HumHub into a subdirectory relative to your webroot & adjust RewriteBase to match the install point
#RewriteBase /humhub
# uncomment to force https requests
#RewriteCond %{HTTPS} !=on
#RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ [NC]
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# prevent httpd from serving dotfiles (.htaccess, .svn, .git, etc.) - except let's encrypt challenge
RedirectMatch 403 ^/?\.(?!well-known/acme-challenge/[\w-]{43}$)
# ensure permalink when url rewriting was enabled (index.php?r=content/perma&id=6 => /content/perma/?id=6
RewriteCond %{QUERY_STRING} ^r=content(/|%2)perma&id=([0-9]*)$
RewriteRule ^index\.php$ %{REQUEST_URI}/content/perma/?id=%2 [R=302,L]
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
# Sets the HTTP_AUTHORIZATION header removed by apache
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .? - [L]
RewriteRule .? %{ENV:BASE}/index.php [L]
</IfModule>
# Config files from vendor should not be readable via browser
<FilesMatch "^(\.|composer\.(json|lock|phar)$)">
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Order deny,allow
Deny from all
</IfModule>
</FilesMatch>