aboutsummaryrefslogtreecommitdiffhomepage
path: root/.htaccess
blob: af2dc5a7ff24a244d731a5d2382dc496f62d1eda (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# Disable directory listing
Options -Indexes

RewriteEngine On

# Prevent accessing subdirectories not managed by SCM
RewriteRule ^(.git|doxygen|vendor) - [F]

# Forward the "Authorization" HTTP header
# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

# REST API
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]

<LimitExcept GET POST PUT DELETE PATCH OPTIONS>
  <IfModule version_module>
    <IfVersion >= 2.4>
       Require all denied
    </IfVersion>
    <IfVersion < 2.4>
       Allow from none
       Deny from all
    </IfVersion>
  </IfModule>

  <IfModule !version_module>
    Require all denied
  </IfModule>
</LimitExcept>