aboutsummaryrefslogtreecommitdiffhomepage
path: root/.htaccess
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-01-20 16:20:53 +0100
committerVirtualTam <virtualtam@flibidi.net>2018-02-05 18:18:52 +0100
commitcabf1b6becbc0143f6a9d0d6846fd948c06b5a64 (patch)
tree5e0671ed51d327b755cd90de449fd3e9463404bd /.htaccess
parent91f17fc92a7168e2baf1096910b8f44f3a24a8a2 (diff)
downloadShaarli-cabf1b6becbc0143f6a9d0d6846fd948c06b5a64.tar.gz
Shaarli-cabf1b6becbc0143f6a9d0d6846fd948c06b5a64.tar.zst
Shaarli-cabf1b6becbc0143f6a9d0d6846fd948c06b5a64.zip
htaccess: prevent accessing resources not managed by SCM
See: - https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/ - https://stackoverflow.com/questions/2530372/how-do-i-disable-directory-browsing - https://httpd.apache.org/docs/current/mod/mod_rewrite.html Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to '.htaccess')
-rw-r--r--.htaccess8
1 files changed, 8 insertions, 0 deletions
diff --git a/.htaccess b/.htaccess
index 66ef8f69..19dd72a8 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,4 +1,12 @@
1# Disable directory listing
2Options -Indexes
3
1RewriteEngine On 4RewriteEngine On
5
6# Prevent accessing subdirectories not managed by SCM
7RewriteRule ^(.git|doxygen|vendor) - [F]
8
9# REST API
2RewriteCond %{REQUEST_FILENAME} !-f 10RewriteCond %{REQUEST_FILENAME} !-f
3RewriteCond %{REQUEST_FILENAME} !-d 11RewriteCond %{REQUEST_FILENAME} !-d
4RewriteRule ^ index.php [QSA,L] 12RewriteRule ^ index.php [QSA,L]