jannik
/
web-jbeyerstedt
1
0
Fork 0
Code Releases Activity

[FIX] security fix: block access to git repo

This commit is contained in:
Jannik Beyerstedt 2018-08-20 13:19:37 +02:00
parent e4b323e39d
commit b4546b5ceb
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.htaccess
View File

@ -10,8 +10,8 @@ RewriteRule ^content/(.*)\.(txt|md|mdown)$ index.php [L]
# block all files in the site folder from being accessed directly
# except for requests to plugin assets files
#RewriteRule ^assets/plugins/([a-zA-Z0-9\.\-_%=]+)/(.*)$ site/plugins/$1/assets/$2 [L,N]
#RewriteCond $1 !^plugins/[a-zA-Z0-9\.\-_%=]+/assets/.*
RewriteRule ^assets/plugins/([a-zA-Z0-9\.\-_%=]+)/(.*)$ site/plugins/$1/assets/$2 [L,N]
RewriteCond $1 !^plugins/[a-zA-Z0-9\.\-_%=]+/assets/.*
RewriteRule ^site/(.*) index.php [L]
# block direct access to kirby and the panel sources
@ -33,6 +33,12 @@ RewriteRule ^(.*) index.php [L]
# block update scripts
RewriteRule ^(.*).sh$ error [R=301,L]
# block git repo
RewriteRule ^.git/(.*) error [R=301,L]
RewriteRule ^.gitattributes error [R=301,L]
RewriteRule ^.gitignore error [R=301,L]
RewriteRule ^.gitmodules error [R=301,L]
# enable gzip compressed transfer
<IfModule mod_deflate.c>