-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathrecommended.htaccess
177 lines (146 loc) · 9.08 KB
/
recommended.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# Disable inaccurate security scanning (Composr has its own). This disabling only works with modsecurity1 unfortunately.
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
SecRuleRemoveById 300018 340147 340014 950119 950120 973331
</IfModule>
<IfModule mod_php7.c>
# Composr needs uploads; many hosts leave these low
php_value post_max_size "500M"
php_value upload_max_filesize "500M"
# Turn insecure things off
php_flag allow_url_fopen off
php_flag register_globals off
# Put some limits up. Composr is stable enough not to cause problems- it'll only use higher limits when it really needs them
php_value memory_limit "128M"
php_value max_execution_time "30"
php_value max_input_vars "2000"
# This causes unstability (and is known/documented to) but some hosts turn it on
php_value mbstring.func_overload "0"
php_flag mail.add_x_header off
# Suhosin can cause problems on configuration, language editing, and Catalogue forms, which use a lot of fields
php_value suhosin.post.max_vars "2000"
php_value suhosin.get.max_vars "100"
php_value suhosin.request.max_vars "2000"
php_value suhosin.cookie.max_vars "100"
php_value suhosin.post.max_value_length "100000000"
php_value suhosin.get.max_value_length "512"
php_value suhosin.request.max_value_length "100000000"
php_value suhosin.cookie.max_value_length "10000"
php_value suhosin.post.max_name_length "64"
php_value suhosin.get.max_name_length "64"
php_value suhosin.request.max_name_length "64"
php_value suhosin.cookie.max_name_length "64"
php_value suhosin.post.max_totalname_length "256"
php_value suhosin.get.max_totalname_length "256"
php_value suhosin.request.max_totalname_length "256"
php_value suhosin.cookie.max_totalname_length "256"
php_flag suhosin.cookie.encrypt off
php_flag suhosin.sql.union off
php_flag suhosin.sql.comment off
php_flag suhosin.sql.multiselect off
php_flag suhosin.upload.remove_binary off
# Some free hosts prepend/append junk, which is not legitimate (breaks binary and AJAX scripts, potentially more)
php_value auto_prepend_file none
php_value auto_append_file none
</IfModule>
# This unavoidably kills filedump folder creation, and stops us controlling our script execution time
# php_flag safe_mode off But unfortunately we can't control it except from php.ini
# Sandbox Composr to its own directory
# php_value open_basedir "/tmp:/home/blah/public_html/composr/" But needs customising for your server and only works outside php.ini in PHP6+
# Set Composr to handle 404 errors. Assume Composr is in the root
<FilesMatch "(?<!\.jpg|\.jpeg|\.gif|\.png|\.ico|\.svg|\.css|\.js)$">
ErrorDocument 404 /index.php?page=404
</FilesMatch>
# Compress some static resources
<IfModule mod_deflate.c>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript
</IfModule>
</IfModule>
# We do not want for TAR files, due to IE bug http://blogs.msdn.com/b/wndp/archive/2006/08/21/content-encoding-not-equal-content-type.aspx (IE won't decompress again as it thinks it's a mistake)
<IfModule mod_setenvif.c>
SetEnvIfNoCase Request_URI \.tar$ no-gzip dont-vary
</IfModule>
<IfModule mod_rewrite.c>
# Needed for mod_rewrite. Disable this line if your server does not have AllowOverride permission (can be one cause of Internal Server Errors)
Options +SymLinksIfOwnerMatch -MultiViews
RewriteEngine on
# Needed to pass HTTP-auth header on PHP CGI (it's not automatic, unlike PHP Module)
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# If rewrites are directing to bogus URLs, try adding a "RewriteBase /" line, or a "RewriteBase /subdir" line if you're in a subdirectory. Requirements vary from server to server.
# Anything that would point to a real file should actually be allowed to do so. If you have a "RewriteBase /subdir" command, you may need to change to "%{DOCUMENT_ROOT}/subdir/$1".
RewriteCond $1 ^\d+.shtml [OR]
RewriteCond $1 \.(css|js|json|gz|swf|xml|png|jpg|jpeg|gif|svg|ico|php) [OR]
RewriteCond %{DOCUMENT_ROOT}/$1 -f [OR]
RewriteCond %{DOCUMENT_ROOT}/$1 -l [OR]
RewriteCond %{DOCUMENT_ROOT}/$1 -d [OR]
RewriteCond $1 -f [OR]
RewriteCond $1 -l [OR]
RewriteCond $1 -d
RewriteRule ^(.*) - [L]
# crossdomain.xml is actually Composr-driven
RewriteRule ^crossdomain\.xml data/crossdomain.php
# WebDAV implementation (requires the non-bundled WebDAV addon)
RewriteRule ^webdav(/.*|$) data_custom/webdav.php
RewriteCond %{HTTP_HOST} ^webdav\..*
RewriteRule ^(.*)$ data_custom/webdav.php
#FAILOVER STARTS
### LEAVE THIS ALONE, AUTOMATICALLY MAINTAINED ###
#FAILOVER ENDS
# Redirect away from modules called directly by URL. Helpful as it allows you to "run" a module file in a debugger and still see it running.
RewriteRule ^([^=]*)pages/(modules|modules_custom)/([^/]*)\.php$ $1index.php\?page=$3 [L,QSA,R]
# PG STYLE: These have a specially reduced form (no need to make it too explicit that these are Wiki+). We shouldn't shorten them too much, or the actual zone or base URL might conflict
RewriteRule ^([^=]*)pg/s/([^\&\?]*)/index\.php$ $1index.php\?page=wiki&id=$2 [L,QSA]
# PG STYLE: These are standard patterns
RewriteRule ^([^=]*)pg/([^/\&\?]*)/([^/\&\?]*)/([^\&\?]*)/index\.php(.*)$ $1index.php\?page=$2&type=$3&id=$4$5 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)/([^/\&\?]*)/index\.php(.*)$ $1index.php\?page=$2&type=$3$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)/index\.php(.*)$ $1index.php\?page=$2$3 [L,QSA]
RewriteRule ^([^=]*)pg/index\.php(.*)$ $1index.php\?page=$2 [L,QSA]
# PG STYLE: Now the same as the above sets, but without any additional parameters (and thus no index.php)
RewriteRule ^([^=]*)pg/s/([^\&\?]*)$ $1index.php\?page=wiki&id=$2 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)/([^/\&\?]*)/([^\&\?]*)/$ $1index.php\?page=$2&type=$3&id=$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)/([^/\&\?]*)/([^\&\?]*)$ $1index.php\?page=$2&type=$3&id=$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)/([^/\&\?]*)$ $1index.php\?page=$2&type=$3 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?]*)$ $1index.php\?page=$2 [L,QSA]
# PG STYLE: And these for those nasty situations where index.php was missing and we couldn't do anything about it (usually due to keep_session creeping into a semi-cached URL)
RewriteRule ^([^=]*)pg/s/([^\&\?\.]*)&(.*)$ $1index.php\?$3&page=wiki&id=$2 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?\.]*)/([^/\&\?\.]*)/([^/\&\?\.]*)&(.*)$ $1index.php\?$5&page=$2&type=$3&id=$4 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?\.]*)/([^/\&\?\.]*)&(.*)$ $1index.php\?$4&page=$2&type=$3 [L,QSA]
RewriteRule ^([^=]*)pg/([^/\&\?\.]*)&(.*)$ $1index.php\?$3&page=$2 [L,QSA]
# HTM STYLE: These have a specially reduced form (no need to make it too explicit that these are Wiki+). We shouldn't shorten them too much, or the actual zone or base URL might conflict
RewriteRule ^(site|forum|adminzone|cms|collaboration|docs)/s/([^\&\?]*)\.htm$ $1/index.php\?page=wiki&id=$2 [L,QSA]
RewriteRule ^s/([^\&\?]*)\.htm$ index\.php\?page=wiki&id=$1 [L,QSA]
# HTM STYLE: These are standard patterns
RewriteRule ^(site|forum|adminzone|cms|collaboration|docs)/([^/\&\?]+)/([^/\&\?]*)/([^\&\?]*)\.htm$ $1/index.php\?page=$2&type=$3&id=$4 [L,QSA]
RewriteRule ^(site|forum|adminzone|cms|collaboration|docs)/([^/\&\?]+)/([^/\&\?]*)\.htm$ $1/index.php\?page=$2&type=$3 [L,QSA]
RewriteRule ^(site|forum|adminzone|cms|collaboration|docs)/([^/\&\?]+)\.htm$ $1/index.php\?page=$2 [L,QSA]
RewriteRule ^([^/\&\?]+)/([^/\&\?]*)/([^\&\?]*)\.htm$ index.php\?page=$1&type=$2&id=$3 [L,QSA]
RewriteRule ^([^/\&\?]+)/([^/\&\?]*)\.htm$ index.php\?page=$1&type=$2 [L,QSA]
RewriteRule ^([^/\&\?]+)\.htm$ index.php\?page=$1 [L,QSA]
# SIMPLE STYLE: These have a specially reduced form (no need to make it too explicit that these are Wiki+). We shouldn't shorten them too much, or the actual zone or base URL might conflict
#RewriteRule ^(site|forum|adminzone|cms|collaboration|docs)/s/([^\&\?]*)$ $1/index.php\?page=wiki&id=$2 [L,QSA]
#RewriteRule ^s/([^\&\?]*)$ index\.php\?page=wiki&id=$1 [L,QSA]
# SIMPLE STYLE: These are standard patterns
#RewriteRule ^(site|forum|adminzone|cms|collaboration|docs)/([^/\&\?]+)/([^/\&\?]*)/([^\&\?]*)$ $1/index.php\?page=$2&type=$3&id=$4 [L,QSA]
#RewriteRule ^(site|forum|adminzone|cms|collaboration|docs)/([^/\&\?]+)/([^/\&\?]*)$ $1/index.php\?page=$2&type=$3 [L,QSA]
#RewriteRule ^(site|forum|adminzone|cms|collaboration|docs)/([^/\&\?]+)$ $1/index.php\?page=$2 [L,QSA]
#RewriteRule ^([^/\&\?]+)/([^/\&\?]*)/([^\&\?]*)$ index.php\?page=$1&type=$2&id=$3 [L,QSA]
#RewriteRule ^([^/\&\?]+)/([^/\&\?]*)$ index.php\?page=$1&type=$2 [L,QSA]
#RewriteRule ^([^/\&\?]+)$ index.php\?page=$1 [L,QSA]
</IfModule>
# < Apache 2.4
<IfModule !mod_authz_core.c>
order allow,deny
allow from all
# IP bans go here (leave this comment here! If this file is writeable, Composr will write in IP bans below, in sync with its own DB-based banning - this makes DOS/hack attack prevention stronger)
# deny from xxx.xx.x.x (leave this comment here!)
</IfModule>
# >= Apache 2.4
<IfModule mod_authz_core.c>
<RequireAll>
require all granted
# IP bans go here (leave this comment here! If this file is writeable, Composr will write in IP bans below, in sync with its own DB-based banning - this makes DOS/hack attack prevention stronger)
# require not ip xxx.xx.x.x (leave this comment here!)
</RequireAll>
</IfModule>