akaunting/.htaccess

# Prevent Directory Listing
<IfModule autoindex>
	IndexIgnore *
</IfModule>

<IfModule mod_rewrite.c>
    # Prevent Directory Listing
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Prevent Direct Access to Protected Files
    <FilesMatch "(?i)(^artisan$|\.env|\.log)">
        # Apache 2.2 syntax
        <IfModule !mod_authz_core.c>
            Order deny,allow
            Deny from all
        </IfModule>
        # Apache 2.4 syntax
        <IfModule mod_authz_core.c>
            Require all denied
        </IfModule>
    </FilesMatch>

    # Prevent Direct Access To Protected Folders
    RewriteRule ^(app|bootstrap|config|database|overrides|resources|routes|storage|tests)/(.*) / [L,R=301]

    # Prevent Direct Access To modules/vendor Folders Except Assets
    RewriteRule ^(modules|vendor)/(.*)\.((?!ico|gif|jpg|jpeg|png|js\b|css|less|sass|font|woff|woff2|eot|ttf|svg).)*$ / [L,R=301]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
fixed #396 2018-06-29 18:48:10 +03:00			`# Prevent Directory Listing`
prevent directory listing 2018-06-29 14:58:40 +03:00			`<IfModule autoindex>`
fixed #396 2018-06-29 18:48:10 +03:00			`IndexIgnore *`
prevent directory listing 2018-06-29 14:58:40 +03:00			`</IfModule>`

first commit 2017-09-14 22:21:00 +03:00			`<IfModule mod_rewrite.c>`
fixed #396 2018-06-29 18:48:10 +03:00			`# Prevent Directory Listing`
first commit 2017-09-14 22:21:00 +03:00			`<IfModule mod_negotiation.c>`
fixed #396 2018-06-29 18:48:10 +03:00			`Options -MultiViews -Indexes`
first commit 2017-09-14 22:21:00 +03:00			`</IfModule>`

			`RewriteEngine On`

composer gitignore update 2017-12-02 12:43:55 +03:00			`# Prevent Direct Access to Protected Files`
reverted json deny 2020-02-20 13:31:10 +03:00			`<FilesMatch "(?i)(^artisan$\|\.env\|\.log)">`
Added direct access prevention for Apache 2.4 2020-06-14 13:51:20 +02:00			`# Apache 2.2 syntax`
			`<IfModule !mod_authz_core.c>`
			`Order deny,allow`
			`Deny from all`
			`</IfModule>`
			`# Apache 2.4 syntax`
			`<IfModule mod_authz_core.c>`
			`Require all denied`
			`</IfModule>`
composer gitignore update 2017-12-02 12:43:55 +03:00			`</FilesMatch>`

improved uploads 2017-09-28 18:10:13 +03:00			`# Prevent Direct Access To Protected Folders`
added new exceptions 2020-02-20 09:42:03 +03:00			`RewriteRule ^(app\|bootstrap\|config\|database\|overrides\|resources\|routes\|storage\|tests)/(.*) / [L,R=301]`
improved uploads 2017-09-28 18:10:13 +03:00
			`# Prevent Direct Access To modules/vendor Folders Except Assets`
prevent direct access to json files 2021-02-10 00:40:59 +03:00			`RewriteRule ^(modules\|vendor)/(.)\.((?!ico\|gif\|jpg\|jpeg\|png\|js\b\|css\|less\|sass\|font\|woff\|woff2\|eot\|ttf\|svg).)$ / [L,R=301]`
improved uploads 2017-09-28 18:10:13 +03:00
first commit 2017-09-14 22:21:00 +03:00			`# Redirect Trailing Slashes If Not A Folder...`
			`RewriteCond %{REQUEST_FILENAME} !-d`
			`RewriteRule ^(.*)/$ /$1 [L,R=301]`

started l7 2020-03-04 11:09:28 +03:00			`# Send Requests To Front Controller...`
first commit 2017-09-14 22:21:00 +03:00			`RewriteCond %{REQUEST_FILENAME} !-d`
			`RewriteCond %{REQUEST_FILENAME} !-f`
			`RewriteRule ^ index.php [L]`

			`# Handle Authorization Header`
			`RewriteCond %{HTTP:Authorization} .`
			`RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]`
			`</IfModule>`