Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F785010
in-portal
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Tue, Feb 11, 6:20 PM
Size
2 KB
Mime Type
text/x-diff
Expires
Thu, Feb 13, 6:20 PM (1 d, 7 h)
Engine
blob
Format
Raw Data
Handle
564081
Attached To
rINP In-Portal
in-portal
View Options
Index: branches/5.0.x/tools/.htaccess
===================================================================
--- branches/5.0.x/tools/.htaccess (revision 12427)
+++ branches/5.0.x/tools/.htaccess (revision 12428)
@@ -1,30 +1,49 @@
-###### Search Engine Friendly URLs ######
-
-# Uncomment line below if FollowSymLinks option is not enabled by default in server configuration
-#Options +FollowSymLinks
-RewriteEngine On
-
-#RewriteBase /
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteCond %{REQUEST_FILENAME}/ !-f
-RewriteCond %{REQUEST_FILENAME}/index.php !-f
-RewriteCond %{REQUEST_FILENAME}/index.html !-f
-RewriteCond %{REQUEST_URI} !\.(gif|jpg|png|js|css|ico|swf)$ [NC]
-RewriteRule ^(.*) index.php?rewrite=on&_mod_rw_url_=$1 [QSA]
-
-
-###### Security ######
+### File security
+# Exclude direct access to tpl, tpl.xml, inc.php, sql extensions
+#
<Files ~ "\.(tpl|tpl.xml|inc.php|sql)$">
order allow,deny
deny from all
</Files>
-<Files "config.php">
+# Exclude direct access
+<Files ~ "(config.php|debug.php)">
order allow,deny
deny from all
</Files>
-<Files "debug.php">
- order allow,deny
- deny from all
-</Files>
+## Enable mod-rewrite
+RewriteEngine On
+
+###### Rewrite rules to block common hacks
+## If you experience problems comment out the operations listed below
+## Block out any script trying to base64_encode crap to send via URL
+RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
+## Block out any script that includes a <script> tag in URL
+RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
+## Block out any script trying to set a PHP GLOBALS variable via URL
+RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
+## Block out any script trying to modify a _REQUEST variable via URL
+RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
+## Send all blocked request to homepage with 403 Forbidden error!
+RewriteRule ^(.*)$ index.php [F,L]
+
+## Uncomment line below if FollowSymLinks option is not enabled
+## by default in server configuration
+#
+# Options +FollowSymLinks
+
+## Uncomment following line if your webserver's URL
+## is not directly related to physical file paths.
+## Update Your In-Portal Directory (just / for root)
+#
+# RewriteBase /
+
+## In-Portal SEF URLs
+#
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME}/ !-f
+RewriteCond %{REQUEST_FILENAME}/index.php !-f
+RewriteCond %{REQUEST_FILENAME}/index.html !-f
+RewriteCond %{REQUEST_URI} !\.(gif|jpg|png|js|css|ico|swf)$ [NC]
+RewriteRule ^(.*) index.php?rewrite=on&_mod_rw_url_=$1 [QSA]
\ No newline at end of file
Event Timeline
Log In to Comment