Improve .htaccess regex
Deny access to all dot files and dirs by default (except .well-known) Update nginx rules accordingly and pass denied requests to Pico rather than letting nginx send a 404 response
This commit is contained in:
parent
a1dcf54683
commit
e517eac396
|
@ -4,8 +4,9 @@
|
||||||
#RewriteBase /
|
#RewriteBase /
|
||||||
|
|
||||||
# Deny access to internal dirs and files by passing the URL to Pico
|
# Deny access to internal dirs and files by passing the URL to Pico
|
||||||
RewriteRule ^(\.git|_build|config|content|content-sample|lib|vendor)(/|$) index.php [L]
|
RewriteRule ^(config|content|content-sample|lib|vendor)(/|$) index.php [L]
|
||||||
RewriteRule ^(\.git(attributes|ignore)|CHANGELOG\.md|composer\.(json|lock))$ index.php [L]
|
RewriteRule ^(CHANGELOG\.md|composer\.(json|lock))(/|$) index.php [L]
|
||||||
|
RewriteRule (^\.|/\.)(?!well-known(/|$)) index.php [L]
|
||||||
|
|
||||||
# Enable URL rewriting
|
# Enable URL rewriting
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
RewriteCond %{REQUEST_FILENAME} !-f
|
||||||
|
|
|
@ -285,16 +285,16 @@ still shows no rewritten URLs, force URL rewriting by setting
|
||||||
|
|
||||||
If you're using Nginx, you can use the following configuration to enable URL
|
If you're using Nginx, you can use the following configuration to enable URL
|
||||||
rewriting (lines `5` to `8`) and denying access to Pico's internal files
|
rewriting (lines `5` to `8`) and denying access to Pico's internal files
|
||||||
(lines `1` to `3`). You'll need to adjust the path (`/pico` on lines `1`, `5`
|
(lines `1` to `3`). You'll need to adjust the path (`/pico` on lines `1`, `2`,
|
||||||
and `7`) to match your installation directory. Additionally, you'll need to
|
`5` and `7`) to match your installation directory. Additionally, you'll need to
|
||||||
enable URL rewriting by setting `rewrite_url: true` in your
|
enable URL rewriting by setting `rewrite_url: true` in your
|
||||||
`config/config.yml`. The Nginx configuration should provide the *bare minimum*
|
`config/config.yml`. The Nginx configuration should provide the *bare minimum*
|
||||||
you need for Pico. Nginx is a very extensive subject. If you have any trouble,
|
you need for Pico. Nginx is a very extensive subject. If you have any trouble,
|
||||||
please read through our [Nginx configuration docs][NginxConfig].
|
please read through our [Nginx configuration docs][NginxConfig].
|
||||||
|
|
||||||
```
|
```
|
||||||
location ~ /pico/(\.htaccess|\.git|config|content|content-sample|lib|vendor|CHANGELOG\.md|composer\.(json|lock)) {
|
location ~ ^/pico/((config|content|content-sample|lib|vendor|CHANGELOG\.md|composer\.(json|lock))(/|$)|(.+/)?\.(?!well-known(/|$))) {
|
||||||
return 404;
|
try_files /pico/index.php$is_args$args;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /pico/ {
|
location /pico/ {
|
||||||
|
|
Loading…
Reference in a new issue