-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add: Default .htaccess template for deployment action
- Loading branch information
1 parent
a43d6a5
commit 6a56609
Showing
2 changed files
with
109 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| # managed by ansible | ||
| # last run: {{ template_run_date }} | ||
| # to: {{ template_host }} | ||
|
|
||
| ### SILVERSTRIPE START ### | ||
|
|
||
| # Deny access to templates (but allow from localhost) | ||
| <Files *.ss> | ||
| Order deny,allow | ||
| Deny from all | ||
| Allow from 127.0.0.1 | ||
| </Files> | ||
|
|
||
| # Deny access to IIS configuration | ||
| <Files web.config> | ||
| Order deny,allow | ||
| Deny from all | ||
| </Files> | ||
|
|
||
| # Deny access to YAML configuration files which might include sensitive information | ||
| <Files ~ "\.ya?ml$"> | ||
| Order allow,deny | ||
| Deny from all | ||
| </Files> | ||
|
|
||
| # Route errors to static pages automatically generated by SilverStripe | ||
| ErrorDocument 404 /assets/error-404.html | ||
| ErrorDocument 500 /assets/error-500.html | ||
|
|
||
| <IfModule mod_rewrite.c> | ||
|
|
||
| # Turn off index.php handling requests to the homepage fixes issue in apache >=2.4 | ||
| <IfModule mod_dir.c> | ||
| DirectoryIndex disabled | ||
| DirectorySlash On | ||
| </IfModule> | ||
|
|
||
| SetEnv HTTP_MOD_REWRITE On | ||
| RewriteEngine On | ||
|
|
||
| # Redirect www. to a page without www | ||
| RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] | ||
| RewriteRule ^(.*)$ https://%1/$1 [R=301,L] | ||
|
|
||
| # Enable HTTP Basic authentication workaround for PHP running in CGI mode | ||
| RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | ||
|
|
||
| # Deny access to potentially sensitive files and folders | ||
| RewriteRule ^vendor(/|$) - [F,L,NC] | ||
| RewriteRule ^\.env - [F,L,NC] | ||
| RewriteRule silverstripe-cache(/|$) - [F,L,NC] | ||
| RewriteRule composer\.(json|lock) - [F,L,NC] | ||
| RewriteRule (error|silverstripe|debug)\.log - [F,L,NC] | ||
|
|
||
| # Process through SilverStripe if no file with the requested name exists. | ||
| RewriteCond %{REQUEST_FILENAME} !-f | ||
| RewriteRule .* index.php | ||
| </IfModule> | ||
| ### SILVERSTRIPE END ### | ||
|
|
||
| <ifmodule mod_deflate.c> | ||
| # Compress HTML, CSS, JavaScript, Text, XML and fonts | ||
| AddOutputFilterByType DEFLATE image/svg+xml | ||
| AddOutputFilterByType DEFLATE application/javascript | ||
| AddOutputFilterByType DEFLATE application/rss+xml | ||
| AddOutputFilterByType DEFLATE application/vnd.ms-fontobject | ||
| AddOutputFilterByType DEFLATE application/x-font | ||
| AddOutputFilterByType DEFLATE application/x-font-opentype | ||
| AddOutputFilterByType DEFLATE application/x-font-otf | ||
| AddOutputFilterByType DEFLATE application/x-font-truetype | ||
| AddOutputFilterByType DEFLATE application/x-font-ttf | ||
| AddOutputFilterByType DEFLATE application/x-javascript | ||
| AddOutputFilterByType DEFLATE application/xhtml+xml | ||
| AddOutputFilterByType DEFLATE application/xml | ||
| AddOutputFilterByType DEFLATE font/opentype | ||
| AddOutputFilterByType DEFLATE font/otf | ||
| AddOutputFilterByType DEFLATE font/ttf | ||
| AddOutputFilterByType DEFLATE image/x-icon | ||
| AddOutputFilterByType DEFLATE text/css | ||
| AddOutputFilterByType DEFLATE text/html | ||
| AddOutputFilterByType DEFLATE text/javascript | ||
| AddOutputFilterByType DEFLATE text/plain | ||
| AddOutputFilterByType DEFLATE text/xml | ||
| # Remove browser bugs (only needed for really old browsers) | ||
| BrowserMatch ^Mozilla/4 gzip-only-text/html | ||
| BrowserMatch ^Mozilla/4\.0[678] no-gzip | ||
| BrowserMatch \bMSIE !no-gzip !gzip-only-text/html | ||
| Header append Vary User-Agent | ||
| </ifmodule> | ||
|
|
||
| <IfModule mod_expires.c> | ||
| # Turn on the module. | ||
| ExpiresActive on | ||
| # Set the default expiry times. | ||
| ExpiresDefault "access plus 2 days" | ||
| ExpiresByType image/jpg "access plus 1 month" | ||
| ExpiresByType image/svg+xml "access 1 month" | ||
| ExpiresByType image/gif "access plus 1 month" | ||
| ExpiresByType image/jpeg "access plus 1 month" | ||
| ExpiresByType image/png "access plus 1 month" | ||
| ExpiresByType text/css "access plus 1 month" | ||
| ExpiresByType text/javascript "access plus 1 month" | ||
| ExpiresByType application/javascript "access plus 1 month" | ||
| ExpiresByType image/ico "access plus 1 month" | ||
| ExpiresByType image/x-icon "access plus 1 month" | ||
| ExpiresByType text/html "access plus 1 minute" | ||
| </IfModule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters