chevereto-free/.htaccess

ServerSignature Off
Options -Indexes
Options -MultiViews

# Enable CORS across all your subdomains (replace dev\.local with your domain\.com)
# SetEnvIf Origin ^(https?://.+\.dev\.local(?::\d{1,5})?)$   CORS_ALLOW_ORIGIN=$1
# Header append Access-Control-Allow-Origin  %{CORS_ALLOW_ORIGIN}e   env=CORS_ALLOW_ORIGIN
# Header merge  Vary "Origin"

<FilesMatch "composer\.(json|lock)|importing\.php|\.htaccess|\.gitignore">
	<IfModule !mod_authz_core.c>
        Order Allow,Deny
        Deny from all
    </IfModule>
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule> 
</FilesMatch>

<IfModule mod_rewrite.c>
	RewriteEngine On
	# If you have problems with the rewrite rules remove the "#" from the following RewriteBase line
	# You will also have to change the path to reflect the path to your Chevereto installation
	# If you are using mod alias is likely that you will need this.
	#RewriteBase /

	# 404 images
	# If you want to have your own fancy "image not found" image remove the # from RewriteRule
	# Make sure to apply the correct paths to reflect your current installation
	RewriteCond %{REQUEST_FILENAME} !-f
	#RewriteRule images/.+\.(gif|jpe?g|a?png|bmp|webp) content/images/system/default/404.gif [NC,L]
	RewriteRule images/.+\.(gif|jpe?g|png|bmp|webp) - [NC,L,R=404]

	# PHP front controller
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . index.php [L]

    # Single PHP-entrypoint (disables direct access to .php files)
    RewriteCond %{THE_REQUEST} ^.+?\ [^?]+\.php[?\ ] [NC]
    RewriteRule \.php$ - [NC,L,F,R=404]
</IfModule>
Fork from 3.15.2 2020-06-24 18:35:15 +00:00			`ServerSignature Off`
feat: harden .htaccess, close #102 2021-10-03 13:07:12 +00:00			`Options -Indexes`
			`Options -MultiViews`
Fork from 3.15.2 2020-06-24 18:35:15 +00:00
			`# Enable CORS across all your subdomains (replace dev\.local with your domain\.com)`
			`# SetEnvIf Origin ^(https?://.+\.dev\.local(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=$1`
			`# Header append Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN`
			`# Header merge Vary "Origin"`

feat: harden .htaccess, close #102 2021-10-03 13:07:12 +00:00			`<FilesMatch "composer\.(json\|lock)\|importing\.php\|\.htaccess\|\.gitignore">`
			`<IfModule !mod_authz_core.c>`
			`Order Allow,Deny`
			`Deny from all`
			`</IfModule>`
			`<IfModule mod_authz_core.c>`
			`Require all denied`
			`</IfModule>`
			`</FilesMatch>`
Fork from 3.15.2 2020-06-24 18:35:15 +00:00
			`<IfModule mod_rewrite.c>`
			`RewriteEngine On`
			`# If you have problems with the rewrite rules remove the "#" from the following RewriteBase line`
			`# You will also have to change the path to reflect the path to your Chevereto installation`
feat: harden .htaccess, close #102 2021-10-03 13:07:12 +00:00			`# If you are using mod alias is likely that you will need this.`
Fork from 3.15.2 2020-06-24 18:35:15 +00:00			`#RewriteBase /`

			`# 404 images`
feat: harden .htaccess, close #102 2021-10-03 13:07:12 +00:00			`# If you want to have your own fancy "image not found" image remove the # from RewriteRule`
Fork from 3.15.2 2020-06-24 18:35:15 +00:00			`# Make sure to apply the correct paths to reflect your current installation`
			`RewriteCond %{REQUEST_FILENAME} !-f`
			`#RewriteRule images/.+\.(gif\|jpe?g\|a?png\|bmp\|webp) content/images/system/default/404.gif [NC,L]`
feat: harden .htaccess, close #102 2021-10-03 13:07:12 +00:00			`RewriteRule images/.+\.(gif\|jpe?g\|png\|bmp\|webp) - [NC,L,R=404]`
Fork from 3.15.2 2020-06-24 18:35:15 +00:00
close #118 2021-10-28 00:06:35 +00:00			`# PHP front controller`
Fork from 3.15.2 2020-06-24 18:35:15 +00:00			`RewriteCond %{REQUEST_FILENAME} !-f`
			`RewriteCond %{REQUEST_FILENAME} !-d`
			`RewriteRule . index.php [L]`
close #118 2021-10-28 00:06:35 +00:00
			`# Single PHP-entrypoint (disables direct access to .php files)`
			`RewriteCond %{THE_REQUEST} ^.+?\ [^?]+\.php[?\ ] [NC]`
			`RewriteRule \.php$ - [NC,L,F,R=404]`
Fork from 3.15.2 2020-06-24 18:35:15 +00:00			`</IfModule>`