From 9f47d1a86d43ec683f75651aebaaeb270433abff Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 24 Sep 2025 16:26:26 +0200 Subject: [PATCH] new location of .htaccess --- www/.htaccess | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 www/.htaccess diff --git a/www/.htaccess b/www/.htaccess new file mode 100644 index 000000000..8ed71d8de --- /dev/null +++ b/www/.htaccess @@ -0,0 +1,43 @@ +Options -Indexes + + +Header set Strict-Transport-Security: "max-age=15768000; includeSubDomains; preload" +Header set X-Content-Type-Options: "nosniff" + + +RewriteEngine On +RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}] +#RewriteRule "^favicon\.ico$" "-" [L] +#RewriteRule "^(favicon\.ico)$" %{HTTP_HOST}/views/bootstrap/images/favicon.svg [L,NC] +RewriteRule "^(favicon\.ico)" /views/bootstrap/images/favicon.svg [L,NC] + +# Store the current location in an environment variable CWD to use +# mod_rewrite in .htaccess files without knowing the RewriteBase +RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$ +RewriteRule ^.*$ - [E=CWD:%2] + +# Do not allow access on the other directories in www +RewriteRule "^utils/.*$" "" [F] +RewriteRule "^doc/.*$" "" [F] + +# Anything below the following dirs will never be rewritten +RewriteRule "^pdfviewer/.*$" "-" [L] +RewriteRule "^views/.*/images.*$" "-" [L] +RewriteRule "^out/images.*$" "-" [L] +RewriteRule "^styles/.*$" "-" [L] + +# Accessing a file in an extension is only possible in one +# of the directories op, out, res, node_modules +# Added for old extensions which do not use routes +RewriteRule ^ext/[^/]+/icon.(?:png|svg)$ - [L] +RewriteCond %{REQUEST_URI} "ext/[^/]+/" +RewriteRule !^ext/[^/]+/.*(?:op|out|res|node_modules) - [F] +RewriteCond %{REQUEST_URI} "ext/[^/]+/res/.*$" [NC] +RewriteRule !^ext/[^/]+/res/.*\.(?:css|js|mjs|ftl|png|gif|svg|ico|html|woff|ttf) - [F] +RewriteCond %{REQUEST_FILENAME} -f +RewriteRule ^ext/.*$ - [L] + +RewriteCond %{REQUEST_FILENAME} !-f +RewriteCond %{REQUEST_FILENAME} !-d +RewriteCond %{REQUEST_FILENAME} !-l +RewriteRule ^.*$ %{ENV:CWD}index.php [QSA,L]