-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.htaccess
More file actions
84 lines (71 loc) · 2.59 KB
/
Copy path.htaccess
File metadata and controls
84 lines (71 loc) · 2.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# MWEBscan Apache config.
# Block VCS / cache directories by path (FilesMatch only sees basenames).
RedirectMatch 404 (?i)(^|/)\.(git|svn|hg|bzr)(/|$)
RedirectMatch 404 (?i)/(__pycache__|\.pytest_cache)(/|$)
RedirectMatch 404 (?i)\.(pyc|pyo)$
# Block data, source and config files.
<IfModule mod_authz_core.c>
<FilesMatch "\.(db|db-wal|db-shm|db-journal|sqlite|py|csv|json|service|timer|md|lock|bak|orig|save|swp|inc)$|~$">
Require all denied
</FilesMatch>
</IfModule>
<IfModule !mod_authz_core.c>
<FilesMatch "\.(db|db-wal|db-shm|db-journal|sqlite|py|csv|json|service|timer|md|lock|bak|orig|save|swp|inc)$|~$">
Order allow,deny
Deny from all
</FilesMatch>
</IfModule>
# Block source/config files not caught by extension above. (robots.txt and
# sitemap.xml stay public for crawlers; assets/fonts/OFL.txt ships with the font.)
<IfModule mod_authz_core.c>
<FilesMatch "^requirements\.txt$">
Require all denied
</FilesMatch>
</IfModule>
<IfModule !mod_authz_core.c>
<FilesMatch "^requirements\.txt$">
Order allow,deny
Deny from all
</FilesMatch>
</IfModule>
# Block dotfiles.
<FilesMatch "^\.">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</FilesMatch>
# Security headers.
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
# Custom error pages.
ErrorDocument 404 /404.php
ErrorDocument 403 /403.php
# Clean, extensionless URLs.
<IfModule mod_rewrite.c>
RewriteEngine On
# /index and /index.php -> /
RewriteCond %{THE_REQUEST} \s/+index(\.php)?[\s?] [NC]
RewriteRule ^ / [R=301,L]
# Strip .php: redirect /page.php -> /page (api.php keeps its own routing below).
RewriteCond %{THE_REQUEST} \s/+([^.\s?]+)\.php[\s?] [NC]
RewriteCond %1 !^api$ [NC]
RewriteRule ^ /%1 [R=301,L,NE]
# API: /api/<endpoint> (e.g. /api/stats) and /api. /api.php?endpoint=... still works.
RewriteRule ^api/([a-z_]+)/?$ api.php?endpoint=$1 [QSA,L]
RewriteRule ^api/?$ api.php [QSA,L]
# Block: /block/<height|hash> -> block.php (per-block MWEB analysis view).
RewriteRule ^block/([0-9a-fA-F]{64}|[0-9]+)/?$ block.php?q=$1 [QSA,L]
# Serve /page.php when /page is requested.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+?)/?$ $1.php [L,QSA]
</IfModule>
Options -Indexes