-
Notifications
You must be signed in to change notification settings - Fork 588
/
.htaccess
39 lines (29 loc) · 1.09 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<ifModule mod_headers.c>
Header always set Access-Control-Allow-Methods "POST, GET, PUT, PATCH, DELETE"
</ifModule>
DirectoryIndex index.php
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
# Forbid access. Not actual as redirect to `public` is applied.
# An extra security measure if redirect not fired.
RewriteRule ^/?data/ - [F]
RewriteRule ^/?application/ - [F]
RewriteRule ^/?custom/ - [F]
RewriteRule ^/?vendor/ - [F]
RewriteRule /?web\.config - [F]
# Forbid `public` dir.
RewriteCond %{ENV:REDIRECT_STATUS} !=200
RewriteRule ^/?public/? - [F,L]
# Skip redirect for `client` dir.
RewriteRule ^client/ - [L]
# Store base path.
RewriteCond %{REQUEST_URI}::$1 ^(.*?/)(.*)::\2$
RewriteRule ^(.*)$ - [E=BASE:%1]
# Add trailing slash.
RewriteCond %{DOCUMENT_ROOT}/%{ENV:BASE}/public/$1 -d
RewriteRule ^(.*?[^/])$ %{REQUEST_URI}/ [L,R=301,NE]
# Rewrite to `public` dir.
RewriteRule ^((?!public/).*)$ %{ENV:BASE}/public/$1 [L,NC]
RewriteRule .* - [E=HTTP_ESPO_CGI_AUTH:%{HTTP:Authorization}]
</IfModule>