forked from bioversity/PGRDG
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess
executable file
·91 lines (81 loc) · 3.55 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
RewriteEngine On
RewriteBase /
# ----------------------------------------------------------------------
# Webfont access
# ----------------------------------------------------------------------
# Allow access from all domains for webfonts.
# Alternatively you could only whitelist your
# subdomains like "subdomain.example.com".
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
# Deflate files to fasten the loading
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE application/x-httpd-php text/html text/xml text/plain text/css text/javascript application/javascript application/x-javascript image/jpeg image/jpg image/png image/gif font/ttf font/eot font/otf
</IfModule>
<IfModule mod_headers.c>
# properly handle requests coming from behind proxies
Header append Vary User-Agent
</IfModule>
<IfModule mod_deflate.c>
# Properly handle old browsers that do not support compression
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Explicitly exclude binary files from compression just in case
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|swf|ico|zip|ttf|eot|svg)$ no-gzip
</IfModule>
<FilesMatch "\.(js)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
# ----------- REMOVE UNWANTED ELEMENTS FROM URI -----------
#
# Replace spaces " " and plus "+" symbols with underscore "_"
RewriteCond %{REQUEST_URI} !^/(share_data|share_data/.*?)($|/)
RewriteRule (.*)\ (.*) http://%{SERVER_NAME}/$1_$2 [R=303,L]
RewriteRule (.*)\+(.*) http://%{SERVER_NAME}/$1_$2 [R=303,L]
# Replace double quotes �"� with single quotes �'�
RewriteRule (.*)\"(.*) http://%{SERVER_NAME}/$1'$2 [R=303,L]
# Replace all double-slashes "//" with single slash "/"
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . http://%{SERVER_NAME}/%1/%2 [R=303,L]
# ----------- URI CONVERSION -----------
#
#RewriteRule ^API/(.*)/? pgrdg/API/index.php?$1 [L]
#RewriteCond %{QUERY_STRING} id=1
#RewriteRule ^API$ /API/index.php? [L,R=301]
# Convert GET keys "(?|&)x=" in slash "/"
RewriteCond $0 !^(API|API/.*?)($|/)
RewriteRule ^([^/\.]+)/?$ /index.php?p=$1 [QSA]
RewriteCond $0 !^(API|API/.*?)($|/)
RewriteRule ^([^/\.]+)/([^/]+)/?$ /index.php?p=$1&s=$2 [QSA]
RewriteCond $0 !^(API|API/.*?)($|/)
RewriteRule ^([^/\.]+)/([^/]+)/([^/\.]+)/?$ /index.php?p=$1&s=$2&ss=$3 [QSA]
RewriteCond $0 !^(API|API/.*?)($|/)
RewriteRule ^([^/\.]+)/([^/]+)/([^/\.]+)/([^/\.]+)/?$ /index.php?p=$1&s=$2&ss=$3&t=$4 [QSA]
# ----------- ERROR PAGES -----------
#
ErrorDocument 401 index.php?error=401
ErrorDocument 404 index.php?error=404
ErrorDocument 405 index.php?error=405
# ----------- SECURITY -----------
#
# proc/self/environ? no!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block any script that trying to set mosConfig value via URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block any script base64_encode crap
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block any script that contains tag <script>
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block any script that trying to set a PHP global variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block any script that trying to edit a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
# Send all blocked requests to 403 error page
RewriteRule ^(.*)$ index.php [F,L]