aboutsummaryrefslogtreecommitdiffhomepage
path: root/.htaccess
Commit message (Collapse)AuthorAgeFilesLines
* Reviewed Apache configurationArthurHoaro2020-11-081-1/+1
| | | | | | | (in documentation) For security purpose, block access to any static file not matching the list of allowed extensions. It allows us to remove the specific retriction on dotfiles, and fix Apache part of #1608.
* Workaround for hoster (ionos)Christoph Stoettner2020-09-291-0/+4
| | | | | | The hoster writes the environment variable with bearer token to REDIRECT_HTTP_AUTHORIZATION and needs to provide RewriteBase / to .htaccess
* Merge pull request #1556 from kcaran/apache_methodsArthurHoaro2020-09-221-17/+1
|\
| * Added PATCH to the allowed Apache request methods.Keith Carangelo2020-09-141-17/+1
| |
* | **General rewording, proof-reading, deduplication, shortening, reordering, ↵nodiscc2020-09-121-0/+1
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | simplification, cleanup/formatting/standardization** - standardize page names, rework documentation structure, update TOC - use same example paths everywhere - level 1 titles on all pages - fix broken links - .md suffix on all page links (works both from readthedocs and github repository views) **Server:** A full and concise installation guide with examples is a frequent request. The documentation should provide such a guide for basic installation needs, while explaining alternative/advanced configuration at the end. Links to reference guides and documentation should be used more frequently to avoid recommending an outdated or excessively complex configuration. - server: move most server-related info to server-configuration.md, cleanup/shorten - server: update list of php dependencies/libraries, link to composer.json - server: installation: support 3 install methods (from release zip, from sources, using docker) - server: installation: use rsync instead of mv as mv results will change depending of taget directory already existing or not - server: add example/basic usage of certbot - server, upgrade, installation: update file permissions setup, use sudo for upgrade operations in webserver document root - server: apache: add comments to configuration, fix and factorize file permissions setup, set cache-control header, deny access to dotfiles, add missing apache config steps, add http->https redirect example - server: nginx: refactor nginx configuration, add comments, DO log access to denied/protected files - server: add links to MDN for x-forwarded-* http headers explanation, cleanup/clarify robots.txt and crawlers section - server: bump file upload size limit to 100MB we have reports of bookmark exports weighing +40MB - i have a 13MB one here - server: simplify phpinfo documentation - server: move backup and restore information to dedicated page - docker: move all docker docs to Docker.md, simplify/ docker setup, add docker-compose.yml example, replace docker-101 with docker cheatsheet - troubleshooting: move all troubleshooting documentation to troubleshooting.md **Usage:** - index: add getting started section on index page - features/usage: move all usage-related documentation to usage.md, add links from the main feature list to corresponding usage docs, clarify/reword features list - shaarli configuration: add note about configuring from web interface **Removed:** - remove obsolete/orphan images - remove obsolete shaarchiver example - remove outdated "decode datastore content" snippet **Development:** - development: move development-related docs (static analysis, CI, unit tests, 3rd party libs, link structure/directory, guidelines, security....) to dev/ directory - development: Merge several pages to development.md - **Breaking change?:** remove mentions of 'stable' branch, switch to new branch/release model (master=latest commit, release=latest tag) - **Breaking change?:** refer to base sharing unit as "Shaare" everywhere (TODO: reflect changes in the code?) doc: update featues list/link to usage.md for details - development: directory structure: add note about required file permissions - .travis-ci.yml: add comments - .htaccess: add comment
* Use version condition in the root .htaccessArthurHoaro2018-08-101-0/+25
| | | | Related to #1196
* API - Apache - Specify allowed HTTP method in .htaccessArthurHoaro2018-07-051-0/+7
|
* httpd: always forward the 'Authorization' headerVirtualTam2018-03-221-0/+4
| | | | | | | | | | | | | | | | | | | | | On some Apache HTTPD setups where the CGI/FastCGI mode is used, the HTTP header containing the JWT token is not forwarded, which results in the following error when attempting to use the REST API: "401 Not authorized: JWT token not provided" This patch allows forwarding the 'Authorization' header. An alternative would be to use the `CGIPassAuth` directive to allow all authorization headers to be forwarded. See: - https://secure.php.net/manual/en/features.http-auth.php#114877 - https://stackoverflow.com/questions/26475885/authorization-header-missing-in-php-post-request - https://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame - https://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers - https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* htaccess: prevent accessing resources not managed by SCMVirtualTam2018-02-051-0/+8
| | | | | | | | | See: - https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/ - https://stackoverflow.com/questions/2530372/how-do-i-disable-directory-browsing - https://httpd.apache.org/docs/current/mod/mod_rewrite.html Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* REST API structure using Slim frameworkArthurHoaro2016-12-151-0/+4
* REST API routes are handle by Slim. * Every API controller go through ApiMiddleware which handles security. * First service implemented `/info`, for tests purpose.