Commit graph

16 commits

Author SHA1 Message Date
Daniel Rudolf
6bb65fb12b
Deny access to composer.phar in .htaccess
This file might be present if users strictly follow our install instructions
 and don't delete it on their own after successfully installing Pico.
2018-01-27 21:03:45 +01:00
Daniel Rudolf
e517eac396
Improve .htaccess regex
Deny access to all dot files and dirs by default (except .well-known)

Update nginx rules accordingly and pass denied requests to Pico rather than letting nginx send a 404 response
2017-12-24 13:58:42 +01:00
Daniel Rudolf
91771e67af
Update .htaccess 2017-06-14 12:03:30 +02:00
Daniel Rudolf
ddf3da0391
Merge branch 'master' into pico-1.1
Conflicts:
	.htaccess
	config/config.php.template
	content-sample/index.md
	lib/Pico.php
2016-06-18 20:23:23 +02:00
Daniel Rudolf
86b2839660
Update .htaccess
Thanks @smcdougall, see ee5b4f0d56 (commitcomment-17304977)
2016-04-29 18:02:19 +02:00
Daniel Rudolf
0f8deda6a3
Update .htaccess
Sync with Pico 1.0.3; see ee5b4f0
2016-04-27 21:07:59 +02:00
Daniel Rudolf
ee5b4f0d56
.htaccess: Deny access to CHANGELOG.md, composer.json, composer.lock
See discussion in #343
2016-04-27 21:02:20 +02:00
Daniel Rudolf
6465c2b0a9
Support REQUEST_URI routing method
With Pico 1.0 you had to setup URL rewriting (e.g. using `mod_rewrite` on Apache) in a way that rewritten URLs follow the `QUERY_STRING` principles. Starting with version 1.1, Pico additionally supports the `REQUEST_URI` routing method, what allows you to simply rewrite all requests to just `index.php`. Pico then reads the requested page from the `REQUEST_URI` environment variable provided by the webserver. Please note that `QUERY_STRING` takes precedence over `REQUEST_URI`.
2016-04-24 20:11:05 +02:00
Daniel Rudolf
31e55ca24a
.htaccess: Pass full URL to Pico when requesting content, lib... dirs
This allows Pico to e.g. serve content/config.md when http://example.com/pico/config/ is requested
2016-04-24 04:14:58 +02:00
Daniel Rudolf
49cb6c144a
Use Pico's 404.md to deny access to lib, content... dirs 2016-04-24 04:06:40 +02:00
Daniel Rudolf
b77c9da29b Force Apache's MultiViews feature to be disabled
Thanks @sonst-was for reporting this. Resolves #329
2016-02-24 23:28:41 +01:00
Daniel Rudolf
fbb744dd43 Deny access to config, content, content-sample, lib and vendor dirs
Send 404 Not Found instead of 403 Forbidden
2015-10-01 22:42:23 +02:00
Daniel Rudolf
c44afd396d Update .htaccess 2015-08-28 18:37:36 +02:00
theshka
a335eec82a add rewrite base directive 2015-05-25 07:51:18 -04:00
theshka
b11a358505 add comments and RewriteBase directive 2015-05-25 07:41:08 -04:00
Gilbert Pellegrom
92b792e8f2 Initial commit. 2012-04-04 14:45:09 +01:00