Update .htaccess to cover subdomain cases and protect dir content (#624)

2026-04-15 20:37:50 -04:00 · 2016-09-08 18:11:42 +01:00
parent 068f426c9e
commit ffa5b4ddb7
1 changed files with 35 additions and 1 deletions
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -1,4 +1,38 @@
 RewriteEngine On
+
+# To redirect a subdomain to a subdir because of https not supporting wildcards
+# replace values between <> with your ones
+# RewriteCond %{HTTP_HOST} ^<OSPOS subdomain>\.<my web domain>\.com$ [OR]
+# RewriteCond %{HTTP_HOST} ^www\.<OSPOS subdomain>\.<my web domain>\.com$
+# RewriteRule ^/?$ "https\:\/\/www\.<my web domain>\.com\/<OSPOS path>" [R=301,L]
+
+# To rewrite "domain.com -> www.domain.com" uncomment the following lines.
+# RewriteCond %{HTTPS} !=on
+# RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
+# RewriteCond %{HTTP_HOST} (.+)$ [NC]
+# RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]
+
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
-RewriteRule ^(.*)$ index.php/$1 [L]
+# if in web root
+RewriteRule ^(.*)$ index.php?/$1 [L]
+# if in subdir comment above line, uncomment below one and replace <OSPOS path> with your path
+# RewriteRule ^(.*)$ /<OSPOS path>/public/index.php?/$1 [L]
+
+# disable directory browsing
+# For security reasons, Option all cannot be overridden.
+#Options All -Indexes
+Options +ExecCGI +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes
+
+# secure htaccess file
+<Files .htaccess>
+  Order allow,deny
+  Deny from all
+</Files>
+
+<IfModule mod_expires.c>
+  <FilesMatch "\.(jpe?g|png|gif|js|css)$">
+    ExpiresActive On
+    ExpiresDefault "access plus 1 week"
+  </FilesMatch>
+</IfModule>