tikiwiki/conf/default-ssl.conf

1044 lines
24 KiB
Plaintext
Raw Normal View History

2023-04-11 21:48:35 +02:00
#<!-- listen 80 -->
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/tiki/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Directory "/var/www/html/tiki">
<FilesMatch "\.(bak|inc|lib|sh|tpl|sql)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "(changelog.txt|_htaccess)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<IfModule mod_dir.c>
DirectoryIndex index.php
</IfModule>
<IfModule mod_deflate.c>
<IfModule mod_headers.c>
# Make sure proxies don't deliver the wrong content.
Header append Vary User-Agent env=!dont-vary
</IfModule>
AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json
<IfModule mod_mime.c>
# DEFLATE by extension.
AddOutputFilter DEFLATE js css htm html xml svg
</IfModule>
</IfModule>
FileETag none
<IfModule mod_headers.c>
Header unset Cache-Control
<IfModule mod_setenvif.c>
# Mod_headers, y u no match by Content-Type?!
<FilesMatch "(?i)\.(gif|png|jpe?g|svgz?|ico)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>
<FilesMatch "(?i)\.(ttf|ttc|otf|eot|woff2?|css|js)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
<IfModule mod_expires.c>
<FilesMatch "(?i)\.(gif|png|jpe?g|svgz?|ico)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
</FilesMatch>
<FilesMatch "(?i)\.(js|css)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
</FilesMatch>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
# -- Apache Authorization Header -- #
# Rewrite rules for passing authorization with Apache running in CGI or FastCGI mode
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
# -- SVN Checkout Enabled Tiki -- #
# Prevents reading of SVN specific files, if your website is using this. (Development only normally)
RewriteRule .*/\.svn/.* - [F,L]
# -- If the URL Points to a File Then do Nothing -- #
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule (.*) - [L]
# -- Tiki URL Rewriting -- #
# Read more: https://dev.tiki.org/URL+Rewriting+Revamp
RewriteRule .* route.php [L]
</IfModule>
</Directory>
<Directory "/var/www/html/tiki/admin">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/db">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/doc">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/dump">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "\.(zip|tar)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/img">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "\.(jpe?g|png|svg|gif)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/installer">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/lang">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "\.(js)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/lib">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
#remaining files - unknown browser access
<FilesMatch "\.(js|swf|css|gif|png|svg|as|fla|ttf|xml)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/lists">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/modules">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/permissioncheck">
AuthUserFile /PATH_TO_TIKI_PERMISSIONCHECK/.htpasswd
AuthName "permissioncheck prepare password protection first"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
<FilesMatch "\.(bak|inc|inc\.php|lib|sh|sql|tpl)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/storage">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/storage/public">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
allow from all
</IfModule>
</FilesMatch>
</Directory>
<Directory "/var/www/html/tiki/temp">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "\.png$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/temp/public">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
allow from all
</IfModule>
</FilesMatch>
<IfModule mod_expires.c>
<FilesMatch "^avatar_.*">
ExpiresActive on
ExpiresDefault "modification"
</FilesMatch>
</IfModule>
</Directory>
<Directory "/var/www/html/tiki/templates">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/themes">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "(?i)\.(css|js|jpe?g|png|ico|gif|svgz?|bmp|json|xml|ttf|eot|woff2?|otf|swf|map|less)$">
#the map and less files are allowed for developer deugging tools.
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
</Directory>
<Directory "/var/www/html/tiki/var/www/html/tiki_tests">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/vendor">
<IfModule mod_rewrite.c>
RewriteEngine On
# -- Always Allow These File Types -- #
RewriteRule "\.(jpe?g|png|ico|gif|svgz?|ttf|eot|woff2?|otf|js|css)$" "-" [PT,L]
# -- Allow Access to files used by Developer Dubugging Tools -- #
RewriteRule "\.(map|less|scss)$" "-" [PT,L]
# -- Deny Everything Not Matched Above -- #
RewriteRule "/*" "-" [F]
</IfModule>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/vendor_bundled">
<IfModule mod_rewrite.c>
RewriteEngine On
# -- Always Allow These File Types -- #
RewriteRule "\.(jpe?g|png|ico|gif|svgz?|ttf|eot|woff2?|otf|js|css)$" "-" [PT,L]
# -- Allow Access to files used by Developer Dubugging Tools -- #
RewriteRule "\.(map|less|scss)$" "-" [PT,L]
# -- Vendor Exception List -- #
# These are file types by vendor file that will bypass the default filtering
#
# If you are adding a new vendor that needs browser access, adding a file
# type exception will be required.
RewriteRule "^(vendor/player/).*/.*\.swf$" "-" [PT,L]
RewriteRule "^(vendor/fortawesome/).*/.*\.swf$" "-" [PT,L]
RewriteRule "^(vendor/jquery/).*/.*\.swf$" "-" [PT,L]
RewriteRule "^(vendor/studio-42/).*/.*\.wav$" "-" [PT,L]
# -- Deny Everything Not Matched Above -- #
RewriteRule "/*" "-" [F]
</IfModule>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/vendor_bundled/vendor/ezyang/htmlpurifier/benchmarks">
Deny from all
</Directory>
<Directory "/var/www/html/tiki/vendor_bundled/vendor/ezyang/htmlpurifier/maintenance">
Deny from all
</Directory>
<Directory "/var/www/html/tiki/vendor_bundled/vendor/phenx/php-font-lib">
#deny from all
</Directory>
<Directory "/var/www/html/tiki/vendor_bundled/vendor/studio-42/elfinder/php/.tmp">
order deny,allow
deny from all
</Directory>
<Directory "/var/www/html/tiki/vendor_extra">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "\.(jpg|png|gif|css|js)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
</VirtualHost>
#<!-- end listen 80 -->
#<!-- listen 443 -->
2023-04-10 21:59:09 +02:00
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/tiki/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
#<Directory "/var/www/html/tiki">
# Options +MultiViews
# AllowOverride All
# Require all granted
#</Directory>
<Directory "/var/www/html/tiki">
<FilesMatch "\.(bak|inc|lib|sh|tpl|sql)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "(changelog.txt|_htaccess)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<IfModule mod_dir.c>
DirectoryIndex index.php
</IfModule>
<IfModule mod_deflate.c>
<IfModule mod_headers.c>
# Make sure proxies don't deliver the wrong content.
Header append Vary User-Agent env=!dont-vary
</IfModule>
AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json
<IfModule mod_mime.c>
# DEFLATE by extension.
AddOutputFilter DEFLATE js css htm html xml svg
</IfModule>
</IfModule>
FileETag none
<IfModule mod_headers.c>
Header unset Cache-Control
<IfModule mod_setenvif.c>
# Mod_headers, y u no match by Content-Type?!
<FilesMatch "(?i)\.(gif|png|jpe?g|svgz?|ico)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>
<FilesMatch "(?i)\.(ttf|ttc|otf|eot|woff2?|css|js)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
<IfModule mod_expires.c>
<FilesMatch "(?i)\.(gif|png|jpe?g|svgz?|ico)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
</FilesMatch>
<FilesMatch "(?i)\.(js|css)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
</FilesMatch>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
# -- Apache Authorization Header -- #
# Rewrite rules for passing authorization with Apache running in CGI or FastCGI mode
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
# -- SVN Checkout Enabled Tiki -- #
# Prevents reading of SVN specific files, if your website is using this. (Development only normally)
RewriteRule .*/\.svn/.* - [F,L]
# -- If the URL Points to a File Then do Nothing -- #
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule (.*) - [L]
# -- Tiki URL Rewriting -- #
# Read more: https://dev.tiki.org/URL+Rewriting+Revamp
RewriteRule .* route.php [L]
</IfModule>
</Directory>
<Directory "/var/www/html/tiki/admin">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/db">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/doc">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/dump">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "\.(zip|tar)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/img">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "\.(jpe?g|png|svg|gif)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/installer">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/lang">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "\.(js)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/lib">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
#remaining files - unknown browser access
<FilesMatch "\.(js|swf|css|gif|png|svg|as|fla|ttf|xml)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/lists">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/modules">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/permissioncheck">
AuthUserFile /PATH_TO_TIKI_PERMISSIONCHECK/.htpasswd
AuthName "permissioncheck prepare password protection first"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
<FilesMatch "\.(bak|inc|inc\.php|lib|sh|sql|tpl)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/storage">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/storage/public">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
allow from all
</IfModule>
</FilesMatch>
</Directory>
<Directory "/var/www/html/tiki/temp">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "\.png$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/temp/public">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
allow from all
</IfModule>
</FilesMatch>
<IfModule mod_expires.c>
<FilesMatch "^avatar_.*">
ExpiresActive on
ExpiresDefault "modification"
</FilesMatch>
</IfModule>
</Directory>
<Directory "/var/www/html/tiki/templates">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/themes">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "(?i)\.(css|js|jpe?g|png|ico|gif|svgz?|bmp|json|xml|ttf|eot|woff2?|otf|swf|map|less)$">
#the map and less files are allowed for developer deugging tools.
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
</Directory>
<Directory "/var/www/html/tiki/var/www/html/tiki_tests">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/vendor">
<IfModule mod_rewrite.c>
RewriteEngine On
# -- Always Allow These File Types -- #
RewriteRule "\.(jpe?g|png|ico|gif|svgz?|ttf|eot|woff2?|otf|js|css)$" "-" [PT,L]
# -- Allow Access to files used by Developer Dubugging Tools -- #
RewriteRule "\.(map|less|scss)$" "-" [PT,L]
# -- Deny Everything Not Matched Above -- #
RewriteRule "/*" "-" [F]
</IfModule>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/vendor_bundled">
<IfModule mod_rewrite.c>
RewriteEngine On
# -- Always Allow These File Types -- #
RewriteRule "\.(jpe?g|png|ico|gif|svgz?|ttf|eot|woff2?|otf|js|css)$" "-" [PT,L]
# -- Allow Access to files used by Developer Dubugging Tools -- #
RewriteRule "\.(map|less|scss)$" "-" [PT,L]
# -- Vendor Exception List -- #
# These are file types by vendor file that will bypass the default filtering
#
# If you are adding a new vendor that needs browser access, adding a file
# type exception will be required.
RewriteRule "^(vendor/player/).*/.*\.swf$" "-" [PT,L]
RewriteRule "^(vendor/fortawesome/).*/.*\.swf$" "-" [PT,L]
RewriteRule "^(vendor/jquery/).*/.*\.swf$" "-" [PT,L]
RewriteRule "^(vendor/studio-42/).*/.*\.wav$" "-" [PT,L]
# -- Deny Everything Not Matched Above -- #
RewriteRule "/*" "-" [F]
</IfModule>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
<Directory "/var/www/html/tiki/vendor_bundled/vendor/ezyang/htmlpurifier/benchmarks">
Deny from all
</Directory>
<Directory "/var/www/html/tiki/vendor_bundled/vendor/ezyang/htmlpurifier/maintenance">
Deny from all
</Directory>
<Directory "/var/www/html/tiki/vendor_bundled/vendor/phenx/php-font-lib">
#deny from all
</Directory>
<Directory "/var/www/html/tiki/vendor_bundled/vendor/studio-42/elfinder/php/.tmp">
order deny,allow
deny from all
</Directory>
<Directory "/var/www/html/tiki/vendor_extra">
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "\.(jpg|png|gif|css|js)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
# -- Prevent Directory Browsing -- #
Options -Indexes
</Directory>
</VirtualHost>
</IfModule>
2023-04-11 21:48:35 +02:00
#<!-- end listen 443 -->