From: ArthurHoaro <arthur@hoa.ro>
Date: Tue, 10 Nov 2020 09:45:05 +0000 (+0100)
Subject: Merge pull request #1630 from ArthurHoaro/fix/apache-config
X-Git-Tag: v0.12.1^2~4
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=7e78237fc9106f5f53802c36ce26be0b44938255;hp=-c;p=github%2Fshaarli%2FShaarli.git

Merge pull request #1630 from ArthurHoaro/fix/apache-config

Reviewed Apache configuration
---

7e78237fc9106f5f53802c36ce26be0b44938255
diff --combined doc/md/Server-configuration.md
index 5b8aff53,66db8c57..a49b6033
--- a/doc/md/Server-configuration.md
+++ b/doc/md/Server-configuration.md
@@@ -193,19 -193,24 +193,24 @@@ sudo nano /etc/apache2/sites-available/
          Require all granted
      </Directory>
  
-     <LocationMatch "/\.">
-         # Prevent accessing dotfiles
-         RedirectMatch 404 ".*"
-     </LocationMatch>
+     # BE CAREFUL: directives order matter!
  
-     <LocationMatch "\.(?:ico|css|js|gif|jpe?g|png)$">
+     <FilesMatch ".*\.(?!(ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$)[^\.]*$">
+         Require all denied
+     </FilesMatch>
+ 
+     <Files "index.php">
+         Require all granted
+     </Files>
+ 
+     <FilesMatch "\.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2)$">
          # allow client-side caching of static files
          Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate"
-     </LocationMatch>
+     </FilesMatch>
+ 
  
      # serve the Shaarli favicon from its custom location
      Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico
- 
  </VirtualHost>
  ```
  
@@@ -296,7 -301,7 +301,7 @@@ server 
      location / {
          # default index file when no file URI is requested
          index index.php;
 -        try_files $uri /index.php$is_args$args;
 +        try_files _ /index.php$is_args$args;
      }
  
      location ~ (index)\.php$ {
@@@ -309,7 -314,23 +314,7 @@@
          include        fastcgi.conf;
      }
  
 -    location ~ \.php$ {
 -        # deny access to all other PHP scripts
 -        # disable this if you host other PHP applications on the same virtualhost
 -        deny all;
 -    }
 -
 -    location ~ /\. {
 -        # deny access to dotfiles
 -        deny all;
 -    }
 -
 -    location ~ ~$ {
 -        # deny access to temp editor files, e.g. "script.php~"
 -        deny all;
 -    }
 -
 -    location ~ /doc/ {
 +    location ~ /doc/html/ {
          default_type "text/html";
          try_files $uri $uri/ $uri.html =404;
      }
@@@ -320,12 -341,13 +325,12 @@@
      }
  
      # allow client-side caching of static files
 -    location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
 +    location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$ {
          expires    max;
          add_header Cache-Control "public, must-revalidate, proxy-revalidate";
          # HTTP 1.0 compatibility
          add_header Pragma public;
      }
 -
  }
  ```