-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.htaccess
84 lines (67 loc) · 3.69 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
Options -Indexes
ErrorDocument 400 /error/400
ErrorDocument 401 /error/401
ErrorDocument 403 /error/403
ErrorDocument 404 /error/404
ErrorDocument 405 /error/405
ErrorDocument 408 /error/408
ErrorDocument 410 /error/410
ErrorDocument 411 /error/411
ErrorDocument 412 /error/412
ErrorDocument 413 /error/413
ErrorDocument 414 /error/414
ErrorDocument 415 /error/415
ErrorDocument 417 /error/417
ErrorDocument 500 /error/500
ErrorDocument 501 /error/501
ErrorDocument 502 /error/502
ErrorDocument 503 /error/503
# These headers are recommended for security reasons. If you set them in
# Apache, then you should set them to null in config/config.php. -- cwells
# Great resource: https://github.com/h5bp/server-configs-apache
#<IfModule mod_headers.c>
# Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
# Header set X-Content-Type-Options "nosniff"
# These do not need to be set for all file types, so they are unset in those cases. -- cwells
# Header set Content-Security-Policy "frame-ancestors 'none'"
# Header set X-Frame-Options "DENY"
# Header set X-XSS-Protection "1; mode=block"
# <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
# Header unset Content-Security-Policy
# Header unset X-Frame-Options
# Header unset X-XSS-Protection
# </FilesMatch>
#</IfModule>
DirectorySlash Off
RewriteEngine On
RewriteBase /
# Redirect www to non-www.
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
# Redirect http to https.
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect root to the site index.
RewriteRule ^/?$ /site [R=302,QSA,L]
# If the URL ends with a trailing slash, remove it.
RewriteRule ^(.*)/$ $1 [R=302,QSA,L]
# Files inside the public directory and main.php are the only directly accessible files.
RewriteRule ^public/ - [L]
RewriteRule ^application/main\.php - [L]
# If the requested file path exists under the public directory, rewrite to the path inside public.
RewriteCond %{DOCUMENT_ROOT}/public/%{REQUEST_URI} -f
RewriteRule ^(.+)$ public/$1 [QSA,L]
# Uncomment to enable maintenance mode:
#RewriteRule ^.*$ /application/main.php?controller=site&method=maintenance [QSA,L]
# If there is only one "directory" in the URL path, use it as the controller name and call its default method.
RewriteRule ^([^/]+)$ /application/main.php?controller=$1&method=index [QSA,L]
# If a DatabaseRecordController method other than "view" is provided, use it for the method:
RewriteRule ^(roles|users)/(add|admin|delete|edit|page|save)(/(.+))?$ /application/main.php?controller=$1&method=$2¶meter=$4 [QSA,L]
RewriteRule ^(blog|tags)/(add|admin|delete|edit|page|save)(/(.+))?$ /application/main.php?controller=$1&method=$2¶meter=$4 [QSA,L]
# For each DatabaseRecordController with extra methods, set the method to "view" if none of those methods are provided:
RewriteRule ^blog/image(/(.+))?$ /application/main.php?controller=blog&method=image¶meter=$2 [QSA,L]
# Call the "view" method for any other DatabaseRecordController, ErrorController, or FileController URL.
RewriteRule ^(roles|users|error)/(.+)$ /application/main.php?controller=$1&method=view¶meter=$2 [QSA,L]
RewriteRule ^(blog|tags)/(.+)$ /application/main.php?controller=$1&method=view¶meter=$2 [QSA,L]
# Interpret more than one "directory" in the URL path as /<controller>/<method>/<parameter>
RewriteRule ^([^/]+)/([^/]+)(/(.+))?$ /application/main.php?controller=$1&method=$2¶meter=$4 [QSA,L]