Browse Source

[FIX] security fix: block access to git repo

master
Jannik Beyerstedt 1 year ago
parent
commit
b4546b5ceb
1 changed files with 8 additions and 2 deletions
  1. 8
    2
      .htaccess

+ 8
- 2
.htaccess View File

@@ -10,8 +10,8 @@ RewriteRule ^content/(.*)\.(txt|md|mdown)$ index.php [L]

# block all files in the site folder from being accessed directly
# except for requests to plugin assets files
#RewriteRule ^assets/plugins/([a-zA-Z0-9\.\-_%=]+)/(.*)$ site/plugins/$1/assets/$2 [L,N]
#RewriteCond $1 !^plugins/[a-zA-Z0-9\.\-_%=]+/assets/.*
RewriteRule ^assets/plugins/([a-zA-Z0-9\.\-_%=]+)/(.*)$ site/plugins/$1/assets/$2 [L,N]
RewriteCond $1 !^plugins/[a-zA-Z0-9\.\-_%=]+/assets/.*
RewriteRule ^site/(.*) index.php [L]

# block direct access to kirby and the panel sources
@@ -33,6 +33,12 @@ RewriteRule ^(.*) index.php [L]
# block update scripts
RewriteRule ^(.*).sh$ error [R=301,L]

# block git repo
RewriteRule ^.git/(.*) error [R=301,L]
RewriteRule ^.gitattributes error [R=301,L]
RewriteRule ^.gitignore error [R=301,L]
RewriteRule ^.gitmodules error [R=301,L]


# enable gzip compressed transfer
<IfModule mod_deflate.c>

Loading…
Cancel
Save