Require all granted
</Directory>
- <LocationMatch "/\.">
- # Prevent accessing dotfiles
- RedirectMatch 404 ".*"
- </LocationMatch>
+ # BE CAREFUL: directives order matter!
- <LocationMatch "\.(?:ico|css|js|gif|jpe?g|png)$">
+ <FilesMatch ".*\.(?!(ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$)[^\.]*$">
+ Require all denied
+ </FilesMatch>
+
+ <Files "index.php">
+ Require all granted
+ </Files>
+
+ <FilesMatch "\.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2)$">
# allow client-side caching of static files
Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate"
- </LocationMatch>
+ </FilesMatch>
+
# serve the Shaarli favicon from its custom location
Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico
-
</VirtualHost>
```
location / {
# default index file when no file URI is requested
index index.php;
- try_files $uri /index.php$is_args$args;
+ try_files _ /index.php$is_args$args;
}
location ~ (index)\.php$ {
include fastcgi.conf;
}
- location ~ \.php$ {
- # deny access to all other PHP scripts
- # disable this if you host other PHP applications on the same virtualhost
- deny all;
- }
-
- location ~ /\. {
- # deny access to dotfiles
- deny all;
- }
-
- location ~ ~$ {
- # deny access to temp editor files, e.g. "script.php~"
- deny all;
- }
-
- location ~ /doc/ {
+ location ~ /doc/html/ {
default_type "text/html";
try_files $uri $uri/ $uri.html =404;
}
}
# allow client-side caching of static files
- location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
+ location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$ {
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
# HTTP 1.0 compatibility
add_header Pragma public;
}
-
}
```