Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(288)

Side by Side Diff: joomla-master-htaccess.txt

Issue 4312049: Joomla master .htaccess - differences 2.3.a - 2.4.1 Base URL: http://joomla-master-htaccess.googlecode.com/svn/trunk/
Patch Set: Created 3 years, 1 month ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 ############################################################################### 1 ###############################################################################
2 ## The Master .htaccess 2 ## The Master .htaccess
3 ## 3 ##
4 ## Version 2.2 - November 18th, 2010 4 ## Version 2.4 (proposed) - March 24th, 2011
g1smd 2011/03/25 09:18:08 Ver 2.2 here but noted as 2.3 further down. Assume
5 ## 5 ##
6 ## ---------- 6 ## ----------
7 ## This file is designed to be the template .htaccess file to put on your new 7 ## This file is designed to be the template .htaccess file to put on your new
8 ## sites, increasing your site's security and performance. It is not meant to 8 ## sites, increasing your site's security and performance. It is not meant to
9 ## be just dropped in your site, though. You should go through all of its 9 ## be just dropped in your site, though. You should go through all of its
10 ## sections and modify it to match your site. Most notably, all instances of 10 ## sections and modify it to match your site. Most notably, all instances of
11 ## domain.com and domain\.com should be replaced with your real domain name. 11 ## example.com and example\.com should be replaced with your real domain name.
g1smd 2011/03/25 09:18:08 example.com as per RFC 2606.
12 ## 12 ##
13 ## Some sections are too picky and may cause problems with legitimate requests. 13 ## Some sections are too picky and may cause problems with legitimate requests.
14 ## You are ultimately responsible for disabling them or writing exception rules 14 ## You are ultimately responsible for disabling them or writing exception rules
15 ## for your requests. Most notably, the advanced server protection section will 15 ## for your requests. Most notably, the advanced server protection section will
16 ## cause issues with several minifiers, eXtplorer, VirtueMart and other exten- 16 ## cause issues with several minifiers, eXtplorer, VirtueMart and other exten-
17 ## sions which use non-standard scripts as their entry points. You must add 17 ## sions which use non-standard scripts as their entry points. You must add
18 ## exceptions for them manually. 18 ## exceptions for them manually.
19 ## 19 ##
20 ## Some sections - depending on your server configuration - may cause your site 20 ## Some sections - depending on your server configuration - may cause your site
21 ## to throw 500 Internal Server Error. The only way to figure out which one is 21 ## to throw 500 Internal Server Error. The only way to figure out which one is
(...skipping 10 matching lines...) Expand all
32 ## 32 ##
33 ## Learn more: http://www.akeebabackup.com/software/admin-tools.html 33 ## Learn more: http://www.akeebabackup.com/software/admin-tools.html
34 ## ---------------------------------------------------------------------- 34 ## ----------------------------------------------------------------------
35 ## 35 ##
36 ## Have fun, stay safe. 36 ## Have fun, stay safe.
37 ## 37 ##
38 ## Nicholas K. Dionysopoulos 38 ## Nicholas K. Dionysopoulos
39 ## Lead Developer, AkeebaBackup.com 39 ## Lead Developer, AkeebaBackup.com
40 ## 40 ##
41 ## CHANGELOG: 41 ## CHANGELOG:
42 ## Version 2.4 (proposed) (March 24th, 2011)
43 ## - Dozens of speed optimisations and many logic and syntax corrections.
42 ## Version 2.3 (November 18th, 2010) 44 ## Version 2.3 (November 18th, 2010)
43 ## - Added .ico to the pass-through rules, for favicons to load 45 ## - Added .ico to the pass-through rules, for favicons to load
44 ## Version 2.2 (October 25th, 2010) 46 ## Version 2.2 (October 25th, 2010)
45 ## - Bug in the tmpl=component rule 47 ## - Bug in the tmpl=component rule
46 ## Version 2.1 (October 19th, 2010) 48 ## Version 2.1 (October 19th, 2010)
47 ## - index.php to root redirection would kill some AJAX requests 49 ## - index.php to root redirection would kill some AJAX requests
48 ## - Referer filtering was screwed up 50 ## - Referer filtering was screwed up
49 ## - Simplified and more thorough PHP Easter Egg code (thanks Jon!) 51 ## - Simplified and more thorough PHP Easter Egg code (thanks Jon!)
50 ## - The tp/template/tmpl filter was not thorough and killed some components 52 ## - The tp/template/tmpl filter was not thorough and killed some components
51 ## - Optimized Joomla! core SEF section 53 ## - Optimized Joomla! core SEF section
52 ## - Bot filters and GZip optimization would never run for dynamic content 54 ## - Bot filters and GZip optimization would never run for dynamic content
53 ## - Content expiration optimization got more optimized 55 ## - Content expiration optimization got more optimized
54 ## - Added ETag rule 56 ## - Added ETag rule
55 ## 57 ##
56 ############################################################################### 58 ###############################################################################
57 59
58 ########## Begin - RewriteEngine enabled 60 ########## Begin - RewriteEngine enabled
59 RewriteEngine On 61 RewriteEngine On
62 Options +FollowSymLinks
60 ########## End - RewriteEngine enabled 63 ########## End - RewriteEngine enabled
61 64
62 ########## Begin - RewriteBase 65 ########## Begin - RewriteBase
63 # Uncomment following line if your webserver's URL 66 # Uncomment following line if your webserver's URL
64 # is not directly related to physical file paths. 67 # is not directly related to physical file paths.
65 # Update Your Joomla! Directory (just / for root) 68 # Update Your Joomla! Directory (just / for root)
66 69
67 # RewriteBase / 70 # RewriteBase /
68 ########## End - RewriteBase 71 ########## End - RewriteBase
69 72
70 ########## Begin - File exection order, by Komra.de 73 ########## Begin - File execution order, by Komra.de
71 DirectoryIndex index.php index.html 74 DirectoryIndex index.php index.html
72 ########## End - File exection order 75 ########## End - File execution order
73 76
74 ########## Begin - No directory listings 77 ########## Begin - No directory listings
75 ## Note: +FollowSymlinks may cause problems and you might have to remove it 78 ## Note: +FollowSymlinks may cause problems and you might have to remove it
76 IndexIgnore * 79 IndexIgnore *
77 Options +FollowSymLinks All -Indexes 80 Options +FollowSymLinks All -Indexes
78 ########## End - No directory listings 81 ########## End - No directory listings
79 82
80 ########## Begin - ETag Optimization 83 ########## Begin - ETag Optimization
81 ## This rule will create an ETag for files based only on the modification 84 ## This rule will create an ETag for files based only on the modification
82 ## timestamp and their size. This works wonders if you are using rsync'ed 85 ## timestamp and their size. This works wonders if you are using rsync'ed
83 ## servers, where the inode number of identical files differs. 86 ## servers, where the inode number of identical files differs.
84 ## Note: It may cause problems on your server and you may need to remove it 87 ## Note: It may cause problems on your server and you may need to remove it
85 FileETag MTime Size 88 FileETag MTime Size
86 ########## End - ETag Optimization 89 ########## End - ETag Optimization
87 90
88 ########## Begin - Optimal default expiration time 91 ########## Begin - Optimal default expiration time
89 ## Note: this might cause problems and you might have to comment it out by 92 ## Note: this might cause problems and you might have to comment it out by
90 ## placing a hash in front of this section's lines 93 ## placing a hash in front of this section's lines
91 <IfModule mod_expires.c> 94 <IfModule mod_expires.c>
92 # Enable expiration control 95 # Enable expiration control
93 ExpiresActive On 96 ExpiresActive On
94 97
95 # Default expiration: 1 hour after request 98 # Default expiration: 1 hour after request
96 ExpiresDefault "now plus 1 hour" 99 ExpiresDefault "now plus 1 hour"
97 » 100
98 # CSS and JS expiration: 1 week after request 101 # CSS and JS expiration: 1 week after request
99 ExpiresByType text/css "now plus 1 week" 102 ExpiresByType text/css "now plus 1 week"
100 ExpiresByType application/javascript "now plus 1 week" 103 ExpiresByType application/javascript "now plus 1 week"
101 ExpiresByType application/x-javascript "now plus 1 week" 104 ExpiresByType application/x-javascript "now plus 1 week"
102 » 105
103 » # Image files expiration: 1 year after request 106 » # Image files expiration: 1 month after request
g1smd 2011/03/25 09:18:08 There are diminishing returns after only a few day
g1smd 2011/03/25 09:18:08 One month is way more than enough.
104 » ExpiresByType image/bmp "now plus 1 year" 107 » ExpiresByType image/bmp "now plus 1 month"
105 » ExpiresByType image/gif "now plus 1 year" 108 » ExpiresByType image/gif "now plus 1 month"
106 » ExpiresByType image/jpeg "now plus 1 year" 109 » ExpiresByType image/jpeg "now plus 1 month"
107 » ExpiresByType image/jp2 "now plus 1 year" 110 » ExpiresByType image/jp2 "now plus 1 month"
108 » ExpiresByType image/pipeg "now plus 1 year" 111 » ExpiresByType image/pipeg "now plus 1 month"
109 » ExpiresByType image/png "now plus 1 year" 112 » ExpiresByType image/png "now plus 1 month"
110 » ExpiresByType image/svg+xml "now plus 1 year" 113 » ExpiresByType image/svg+xml "now plus 1 month"
111 » ExpiresByType image/tiff "now plus 1 year" 114 » ExpiresByType image/tiff "now plus 1 month"
112 » ExpiresByType image/vnd.microsoft.icon "now plus 1 year" 115 » ExpiresByType image/vnd.microsoft.icon "now plus 1 month"
113 » ExpiresByType image/x-icon "now plus 1 year" 116 » ExpiresByType image/x-icon "now plus 1 month"
114 » ExpiresByType image/ico "now plus 1 year" 117 » ExpiresByType image/ico "now plus 1 month"
115 » ExpiresByType image/icon "now plus 1 year" 118 » ExpiresByType image/icon "now plus 1 month"
116 » ExpiresByType text/ico "now plus 1 year" 119 » ExpiresByType text/ico "now plus 1 month"
117 » ExpiresByType application/ico "now plus 1 year" 120 » ExpiresByType application/ico "now plus 1 month"
118 » ExpiresByType image/vnd.wap.wbmp "now plus 1 year" 121 » ExpiresByType image/vnd.wap.wbmp "now plus 1 month"
119 » ExpiresByType application/vnd.wap.wbxml "now plus 1 year" 122 » ExpiresByType application/vnd.wap.wbxml "now plus 1 month"
120 » ExpiresByType application/smil "now plus 1 year" 123 » ExpiresByType application/smil "now plus 1 month"
121 » 124
122 » # Audio files expiration: 1 year after request 125 » # Audio files expiration: 1 month after request
123 » ExpiresByType audio/basic "now plus 1 year" 126 » ExpiresByType audio/basic "now plus 1 month"
124 » ExpiresByType audio/mid "now plus 1 year" 127 » ExpiresByType audio/mid "now plus 1 month"
125 » ExpiresByType audio/midi "now plus 1 year" 128 » ExpiresByType audio/midi "now plus 1 month"
126 » ExpiresByType audio/mpeg "now plus 1 year" 129 » ExpiresByType audio/mpeg "now plus 1 month"
127 » ExpiresByType audio/x-aiff "now plus 1 year" 130 » ExpiresByType audio/x-aiff "now plus 1 month"
128 » ExpiresByType audio/x-mpegurl "now plus 1 year" 131 » ExpiresByType audio/x-mpegurl "now plus 1 month"
129 » ExpiresByType audio/x-pn-realaudio "now plus 1 year" 132 » ExpiresByType audio/x-pn-realaudio "now plus 1 month"
130 » ExpiresByType audio/x-wav "now plus 1 year" 133 » ExpiresByType audio/x-wav "now plus 1 month"
131 » 134
132 » # Movie files expiration: 1 year after request 135 » # Movie files expiration: 1 month after request
133 » ExpiresByType application/x-shockwave-flash "now plus 1 year" 136 » ExpiresByType application/x-shockwave-flash "now plus 1 month"
134 » ExpiresByType x-world/x-vrml "now plus 1 year" 137 » ExpiresByType x-world/x-vrml "now plus 1 month"
135 » ExpiresByType video/x-msvideo "now plus 1 year" 138 » ExpiresByType video/x-msvideo "now plus 1 month"
136 » ExpiresByType video/mpeg "now plus 1 year" 139 » ExpiresByType video/mpeg "now plus 1 month"
137 » ExpiresByType video/mp4 "now plus 1 year" 140 » ExpiresByType video/mp4 "now plus 1 month"
138 » ExpiresByType video/quicktime "now plus 1 year" 141 » ExpiresByType video/quicktime "now plus 1 month"
139 » ExpiresByType video/x-la-asf "now plus 1 year" 142 » ExpiresByType video/x-la-asf "now plus 1 month"
140 » ExpiresByType video/x-ms-asf "now plus 1 year" 143 » ExpiresByType video/x-ms-asf "now plus 1 month"
141 </IfModule> 144 </IfModule>
142 ########## End - Optimal expiration time 145 ########## End - Optimal expiration time
143 146
144 ########## Begin - Common hacking tools and bandwidth hoggers block 147 ########## Begin - Common hacking tools and bandwidth hoggers block
145 ## By SigSiu.net and @nikosdion. 148 ## By SigSiu.net and @nikosdion.
146 ## WARNING: This will also block old versions of JoomlaPack Remote 149 ## WARNING: This will also block old versions of JoomlaPack Remote
147 ## and will disallow running CRON jobs using wget. 150 ## and will disallow running CRON jobs using wget.
148 # The following rules are for common hacking tools: 151 # The following rules are for common hacking tools:
149 SetEnvIf user-agent "Indy Library" stayout=1 152 SetEnvIf user-agent "Indy Library" stayout=1
150 SetEnvIf user-agent "libwww-perl" stayout=1 153 SetEnvIf user-agent "libwww-perl" stayout=1
151 SetEnvIf user-agent "Wget" stayout=1 154 SetEnvIf user-agent "Wget" stayout=1
152 # The following rules are for bandwidth-hogging download tools 155 # The following rules are for bandwidth-hogging download tools
153 SetEnvIf user-agent "Download Demon" stayout=1 156 SetEnvIf user-agent "Download Demon" stayout=1
154 SetEnvIf user-agent "GetRight" stayout=1 157 SetEnvIf user-agent "GetRight" stayout=1
155 SetEnvIf user-agent "GetWeb!" stayout=1 158 SetEnvIf user-agent "GetWeb!" stayout=1
156 SetEnvIf user-agent "Go!Zilla" stayout=1 159 SetEnvIf user-agent "Go!Zilla" stayout=1
157 SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1 160 SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1
158 SetEnvIf user-agent "GrabNet" stayout=1 161 SetEnvIf user-agent "GrabNet" stayout=1
159 SetEnvIf user-agent "TurnitinBot" stayout=1 162 SetEnvIf user-agent "TurnitinBot" stayout=1
160 # This line denies access to all of the above tools 163 # This line denies access to all of the above tools
161 deny from env=stayout 164 deny from env=stayout
162 ########## End - Common hacking tools and bandwidth higgers block 165 ########## End - Common hacking tools and bandwidth higgers block
163 166
164 ########## Begin - Automatic compression of resources 167 ########## Begin - Automatic compression of resources
165 # Compress text, html, javascript, css, xml, kudos to Komra.de 168 # Compress text, html, javascript, css, xml, kudos to Komra.de
166 # May kill access to your site for old versions of Internet Explorer 169 # May kill access to your site for old versions of Internet Explorer
170 # The server needs to be compiled with mod_deflate otherwise it will send HTTP 5 00 Error.
g1smd 2011/03/25 09:18:08 Helpful note as several people reported 500 error
171 # mod_deflate is not available on Apache 1.x series. Can only be used with Apach e 2.x server.
172 # AddOutputFilterByType is now deprecated by Apache. Use mod_filter in the futur e.
167 AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application /xml application/xhtml+xml application/rss+xml application/javascript applicatio n/x-javascript 173 AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application /xml application/xhtml+xml application/rss+xml application/javascript applicatio n/x-javascript
168 ########## End - Automatic compression of resources 174 ########## End - Automatic compression of resources
169 175
170 ########## Begin - Google Apps redirection, by Komra.de 176 ########## Begin - Google Apps redirection, by Komra.de
171 Redirect 301 /mail http://mail.google.com/a/domain.com 177 RewriteRule ^mail http://mail.google.com/a/example.com [R=301,L]
g1smd 2011/03/25 09:18:08 Execution order not guaranteed if Redirect and Rew
172 ########## End - Google Apps redirection 178 ########## End - Google Apps redirection
173 179
174 ########## Begin - Redirect index.php to / 180 ########## Begin - Redirect index.html~htm to / for root and /path/ for folders
175 ## Note: Change domain.com to reflect your own domain 181 ## Note: Change example.com to reflect your own domain name
176 RewriteCond %{THE_REQUEST} ^.*/index\.php$ 182 RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.html?\ HTTP/
g1smd 2011/03/25 09:18:08 This rule can never work. Pattern will never match
g1smd 2011/03/25 09:18:08 Matches "GET /index.html HTTP/1.1" in one pass, bu
177 RewriteRule ^index\.php$ http://www.domain.com/ [R,L] 183 RewriteRule ^(([^/]+/)*)index\.html?$ http://www.example.com/$1 [R=301,L]
g1smd 2011/03/25 09:18:08 Returns 302 status. 301 required.
178 ########## End - Redirect index.php to / 184 ########## End - Redirect index.html~htm to / for root and /path/ for folders
185
186 ########## Begin - Redirect index.php to / for root and /path/ for folders
187 ## Note: Change example.com to reflect your own domain name
188 RewriteCond %{THE_REQUEST} !^POST
g1smd 2011/03/25 09:18:08 POST should not be redirected, so stops this redir
189 RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
g1smd 2011/03/25 09:18:08 Matches "GET /index.php HTTP/1.1" in one pass.
190 RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
g1smd 2011/03/25 09:18:08 Preserves HTTP/HTTPS from original request in the
191 RewriteRule ^(([^/]+/)*)index\.php$ http%2://www.example.com/$1 [R=301,L]
g1smd 2011/03/25 09:18:08 Redirects in folders and in root. Avoids Duplicate
192 ########## End - Redirect index.php to / for root and /path/ for folders
179 193
180 ########## Begin - Redirect non-www to www 194 ########## Begin - Redirect non-www to www
181 RewriteCond %{HTTP_HOST} !^www\. [NC] 195 ## Note: Change www.example.com to reflect your own domain name
g1smd 2011/03/25 09:18:08 Domain canonicalisation fails for www.example.com:
182 RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L] 196 RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
g1smd 2011/03/25 09:18:08 Returns 302 status. 301 required.
g1smd 2011/03/25 09:18:08 If not EXACTLY www.example.com then redirect to ww
197 RewriteRule (.*) http://www.example.com/$1 [R=301,L]
183 ########## End - Redirect non-www to www 198 ########## End - Redirect non-www to www
184 199
185 ########## Begin - Redirect www to non-www 200 ########## Begin - Redirect www to non-www
186 ## WARNING: Comment out the non-www to www rule if you choose to use this 201 ## WARNING: Comment out the non-www to www rule if you choose to use this
187 #RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] 202 #RewriteCond %{HTTP_HOST} !^(example\.com)?$
g1smd 2011/03/25 09:18:08 Domain canonicalisation fails for example.com:80 r
g1smd 2011/03/25 09:18:08 If not EXACTLY example.com then redirect to exampl
188 #RewriteRule ^(.*)$ http://%1/$1 [R,L] 203 #RewriteRule (.*) http://example.com/$1 [R=301,L]
g1smd 2011/03/25 09:18:08 Returns 302 status. 301 required.
189 ########## End - Redirect non-www to www 204 ########## End - Redirect non-www to www
190 205
191 ########## Begin - Redirect olddomain.com to www.domain.com 206 ########## Begin - Redirect (www.)olddomain.com to www.example.com
192 ## Note: olddomain.com is your old domain name, you want to redirect FROM, 207 ## Note: olddomain.com is your old domain name, you want to redirect FROM,
193 ## whereas www.domain.com is the new domain name you want to redirect TO. 208 ## whereas www.example.com is the new domain name you want to redirect TO.
194 ## Change those names to reflect your current configuration. Remember, this 209 ## Change those names to reflect your current configuration. Remember, this
195 ## file is supposed to be placed in www.domain.com! 210 ## small part of the file is supposed to be placed in olddomain.com!
196 RewriteCond %{HTTP_HOST} ^olddomain.com [NC] 211 RewriteCond %{HTTP_HOST} ^(www\.)?olddomain\.com [NC]
g1smd 2011/03/25 09:18:08 Literal periods in patterns should be escaped. Red
g1smd 2011/03/25 09:18:08 Redirect both www and non-www for olddomain reques
197 RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R] 212 RewriteRule ^(([^/]+/)*)index\.(php|html?) http://www.example.com/$1 [R=301,L]
g1smd 2011/03/25 09:18:08 Returns 302 status. 301 required.
g1smd 2011/03/25 09:18:08 Canonicalisation for index requests made to old do
198 ########## End - Redirect olddomain.com to www.domain.com 213 RewriteCond %{HTTP_HOST} ^(www\.)?olddomain\.com [NC]
g1smd 2011/03/25 09:18:08 Redirect both www and non-www for olddomain reques
214 RewriteRule (.*) http://www.example.com/$1 [R=301,L]
215 ## Note: The above section is only required if you are changing your domain name .
216 ########## End - Redirect (www.)olddomain.com to www.example.com
199 217
200 ########## Begin - Force HTTPS for certain pages 218 ########## Begin - Force HTTPS for certain pages
201 # Force the page foobar.html to run in HTTPS mode, no matter what Joomla! says. 219 # Force the page foobar.html to run in HTTPS mode, no matter what Joomla! says.
202 # This line is required for this rule to work properly 220 # This line is required for this rule to work properly
203 RewriteCond %{HTTPS} ^off$ [NC] 221 RewriteCond %{SERVER_PORT} !^443$
g1smd 2011/03/25 09:18:08 HTTPS variable isn't available on all servers.
g1smd 2011/03/25 09:18:08 SERVER_PORT is a more reliable test.
204 # This is a sample redirection for foobar.html. Do note that you have to change 222 # This is a sample redirection for foobar.html. Do note that you have to change
205 # www.domain.com to reflect your own domain. Remember to escape the dots using 223 # www.example.com to reflect your own domain. Remember to escape the dots using
206 # \. in the left hand side of each rule. 224 # \. in the left hand side of each rule.
207 RewriteRule ^foobar\.html$ https://www.domain.com/foobar.html [L,R] 225 RewriteRule ^foobar\.html$ https://www.example.com/foobar.html [R=301,L]
g1smd 2011/03/25 09:18:08 Returns 302 status. 301 required.
208 # Add mode rules below this line 226 # Add more rules below this line as required
209 ########## End - Force HTTPS for certain pages 227 ########## End - Force HTTPS for certain pages
210 228
211 ########## Begin - Rewrite rules to block out some common exploits 229 ########## Begin - Rewrite rules to block out some common exploits
212 ## If you experience problems on your site block out the operations listed below 230 ## If you experience problems on your site block out the operations listed below
213 ## This attempts to block the most common type of exploit `attempts` to Joomla! 231 ## This attempts to block the most common type of exploit `attempts` to Joomla!
214 # 232 #
215 # If the request contains /proc/self/environ (by SigSiu.net) 233 # If the request query string contains /proc/self/environ (by SigSiu.net)
216 RewriteCond %{QUERY_STRING} proc\/self\/environ [OR] 234 RewriteCond %{QUERY_STRING} proc/self/environ [OR]
g1smd 2011/03/25 09:18:08 Slashes should not be escaped.
217 # Legacy configuration variable injection 235 # Block out any script trying to set a mosConfig value through the URL
218 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] 236 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
219 # Block out any script trying to base64_encode stuff to send via URL 237 # Block out any script trying to base64_encode or base64_decode data within the URL
220 RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] 238 RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR]
g1smd 2011/03/25 09:18:08 The .* forces multiple backoff and retry attempts.
221 # Block out any script trying to base64_decode stuff to send via URL
222 RewriteCond %{QUERY_STRING} base64_decode.*\(.*\) [OR]
g1smd 2011/03/25 09:18:08 The .* forces multiple backoff and retry attempts.
223 # Block out any script that includes a <script> tag in URL 239 # Block out any script that includes a <script> tag in URL
224 RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] 240 RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
g1smd 2011/03/25 09:18:08 The .* forces multiple backoff and retry attempts.
225 # Block out any script trying to set a PHP GLOBALS variable via URL 241 # Block out any script trying to set a PHP GLOBALS variable via URL
226 RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] 242 RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
227 # Block out any script trying to modify a _REQUEST variable via URL 243 # Block out any script trying to modify a _REQUEST variable via URL
228 RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) 244 RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
229 # Return a 403 Forbidden 245 # Return 403 Forbidden header and show the content of the root homepage
230 RewriteRule ^(.*)$ index.php [F,L] 246 RewriteRule .* index.php [F]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
231 # 247 #
232 ########## End - Rewrite rules to block out some common exploits 248 ########## End - Rewrite rules to block out some common exploits
233 249
234 ########## Begin - File injection protection, by SigSiu.net 250 ########## Begin - File injection protection, by SigSiu.net
235 RewriteCond %{REQUEST_METHOD} GET 251 RewriteCond %{REQUEST_METHOD} GET
236 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]\=http:\/\/(.*) 252 RewriteCond %{QUERY_STRING} [a-z0-9_]=http:// [NC]
g1smd 2011/03/25 09:18:08 [a-zA-Z] simplifies to [a-z] when used with [NC] f
237 RewriteRule ^(.*)$ - [F,L] 253 RewriteRule .* - [F]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
238 ########## End - File injection protection 254 ########## End - File injection protection
239 255
240 ########## Begin - Advanced server protection rules exceptions #### 256 ########## Begin - Advanced server protection rules exceptions ####
241 ## 257 ##
242 ## These are sample exceptions to the Advanced Server Protection 2.0 258 ## These are sample exceptions to the Advanced Server Protection 2.0
243 ## rule set further down this file. 259 ## rule set further down this file.
244 ## 260 ##
245 ## Allow UddeIM CAPTCHA 261 ## Allow UddeIM CAPTCHA
246 RewriteRule ^(components/com_uddeim/captcha15\.php)$ $1 [L] 262 RewriteRule ^components/com_uddeim/captcha15\.php$ - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
247 ## Allow Phil Taylor's Turbo Gears 263 ## Allow Phil Taylor's Turbo Gears
248 RewriteRule ^(plugins/system/GoogleGears/gears-manifest\.php) $1 [L] 264 RewriteRule ^plugins/system/GoogleGears/gears-manifest\.php - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
249 ## Allow JoomlaWorks AllVideos 265 ## Allow JoomlaWorks AllVideos
250 RewriteRule ^(plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php) $ 1 [L] 266 RewriteRule ^plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php - [ L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
251 ## Allow Admin Tools Joomla! updater to run 267 ## Allow Admin Tools Joomla! updater to run
252 RewriteRule ^(administrator/components/com_admintools/restore\.php) $1 [L] 268 RewriteRule ^administrator/components/com_admintools/restore\.php - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
253 ## Allow Akeeba Backup Professional's integrated restoration script to run 269 ## Allow Akeeba Backup Professional's integrated restoration script to run
254 RewriteRule ^(administrator/components/com_akeeba/restore\.php) $1 [L] 270 RewriteRule ^administrator/components/com_akeeba/restore\.php - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
255 271
256 # Add more rules to single PHP files here 272 # Add more rules to single PHP files here
257 273
258 ## Allow Agora attachments, but not PHP files in that directory! 274 ## Allow Agora attachments, but not PHP files in that directory!
275 RewriteCond %{REQUEST_FILENAME} !(\.php)$
259 RewriteCond %{REQUEST_FILENAME} -f 276 RewriteCond %{REQUEST_FILENAME} -f
260 RewriteCond %{REQUEST_FILENAME} !(\.php)$ 277 RewriteRule ^components/com_agora/img/members/ - [L]
g1smd 2011/03/25 09:18:08 Don't run the very slow and inefficient file-syste
261 RewriteRule ^(components/com_agora/img/members/.*) $1 [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
262 278
263 # Add more rules for allowing full access (except PHP files) on more directories here 279 # Add more rules for allowing full access (except PHP files) on more directories here
264 280
265 ## Uncomment to allow full access to the cache directory (strongly not recommend ed!) 281 ## Uncomment to allow full access to the cache directory (strongly not recommend ed!)
266 #RewriteRule ^(cache/.*)$ $1 [L] 282 #RewriteRule ^cache/ - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
267 ## Uncomment to allow full access to the tmp directory (strongly not recommended !) 283 ## Uncomment to allow full access to the tmp directory (strongly not recommended !)
268 #RewriteRule ^(tmp/.*)$ $1 [L] 284 #RewriteRule ^tmp/ - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
269 285
270 # Add more full access rules here 286 # Add more full access rules here
271 287
272 ########## End - Advanced server protection rules exceptions #### 288 ########## End - Advanced server protection rules exceptions ####
273 289
274 ########## Begin - Advanced server protection 290 ########## Begin - Advanced server protection
275 # Advanced server protection, version 2.0 - August 2010 291 # Advanced server protection, version 2.0 - August 2010
276 # by Nicholas K. Dionysopoulos 292 # by Nicholas K. Dionysopoulos
277 293
278 ## Referrer filtering for common media files. Replace with your own domain. 294 ## Referrer filtering for common media files. Replace with your own domain.
279 ## This blocks most common fingerprinting attacks ;) 295 ## This blocks most common fingerprinting attacks ;)
280 ## Note: Change www\.domain\.com with your own domain name, substituting the dot s with 296 ## Note: Change www\.example\.com with your own domain name, substituting
281 ## \., i.e.: www\.example\.com for www.example.com 297 ## the dots with \. i.e. use www\.example\.com for www.example.com
g1smd 2011/03/25 09:18:08 visual clarity for \. characters.
282 RewriteRule ^(images/stories/*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l] ?))$ $1 [L] 298 RewriteRule ^images/stories/([^.]+)\.(jpe?[g2]?|png|gif|bmp|css|js|swf|ico|html? ) - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
g1smd 2011/03/25 21:39:45 The pattern "/stories/*\.(jpe" matches only when t
299 RewriteCond %{HTTP_REFERER} .
300 RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC]
g1smd 2011/03/25 09:18:08 Cater for http and https.
283 RewriteCond %{REQUEST_FILENAME} -f 301 RewriteCond %{REQUEST_FILENAME} -f
g1smd 2011/03/25 09:18:08 Don't run the very slow and inefficient file-syste
g1smd 2011/03/25 09:18:08 Expensive file system read is the last condition,
284 RewriteCond %{HTTP_REFERER} !^http://www\.domain\.com [NC] 302 RewriteRule \.(jpe?[g2]?|png|gif|bmp|css|js|swf|ico|html?)$ - [F]
g1smd 2011/03/25 09:18:08 Rule fails if REFERER is HTTPS version of own site
285 RewriteRule \.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?)$ - [F,L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
286 303
287 ## Disallow visual fingerprinting of Joomla! sites (module position dump) 304 ## Disallow visual fingerprinting of Joomla! sites (module position dump)
288 ## Initial idea by Brian Teeman and Ken Crowder, see: 305 ## Initial idea by Brian Teeman and Ken Crowder, see:
289 ## http://www.slideshare.net/brianteeman/hidden-joomla-secrets 306 ## http://www.slideshare.net/brianteeman/hidden-joomla-secrets
290 ## Improved by @nikosdion to work more efficientyl and handle template 307 ## Improved by @nikosdion to work more efficiently and handle template
291 ## and tmpl query parameters 308 ## and tmpl query parameters
292 RewriteCond %{QUERY_STRING} (^|&)tmpl=component [NC] 309 RewriteCond %{QUERY_STRING} (^|&)tmpl=component [NC]
293 RewriteRule ^(.*)$ $1 [L] 310 RewriteRule .* - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
294 RewriteCond %{QUERY_STRING} (^|&)tp= [NC,OR] 311 RewriteCond %{QUERY_STRING} (^|&)tp= [NC,OR]
295 RewriteCond %{QUERY_STRING} (^|&)template= [NC,OR] 312 RewriteCond %{QUERY_STRING} (^|&)template= [NC,OR]
296 RewriteCond %{QUERY_STRING} (^|&)tmpl= [NC] 313 RewriteCond %{QUERY_STRING} (^|&)tmpl= [NC]
297 RewriteRule ^(.*)$ - [F,L] 314 RewriteRule .* - [F]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
298 315
299 ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine 316 ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine
300 ## your PHP version). See http://www.0php.com/php_easter_egg.php and 317 ## your PHP version). See http://www.0php.com/php_easter_egg.php and
301 ## http://osvdb.org/12184 for more information 318 ## http://osvdb.org/12184 for more information
302 RewriteCond %{QUERY_STRING} =PHP[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}- [a-z0-9]{12} [NC] 319 RewriteCond %{QUERY_STRING} PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[ 0-9a-f]{12} [NC]
g1smd 2011/03/25 09:18:08 Leading "=" says the following is LITERAL, not a p
303 RewriteRule ^(.*)$ - [F,L] 320 RewriteRule .* - [F]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
304 321
305 ## Back-end protection 322 ## Back-end protection
306 ## This also blocks fingerprinting attacks browsing for XML and INI files 323 ## This also blocks fingerprinting attacks browsing for XML and INI files
307 RewriteRule ^(administrator[/]?)$ administrator/index.php [L] 324 RewriteRule ^administrator/?$ administrator/index.php [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
308 RewriteRule ^(administrator/index.htm[l]?)$ $1 [L] 325 RewriteRule ^administrator/index\.(php|html?)$ - [L]
g1smd 2011/03/25 09:18:08 Literal periods in patterns must be escaped. No ne
309 RewriteRule ^(administrator/index.php)$ $1 [L] 326 RewriteRule ^administrator/index[23]\.php$ - [L]
g1smd 2011/03/25 09:18:08 Literal periods in patterns must be escaped. The p
310 RewriteRule ^(administrator/index[2,3].php)$ $1 [L] 327 RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+) \.(jpe?[g2]?|png|gif|bmp|css|js|swf|html?)$ - [L]
g1smd 2011/03/25 09:18:08 Literal periods in patterns must be escaped. No ne
311 RewriteRule ^(administrator/(components|modules|templates|images|plugins)/.*\.(j pe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?))$ $1 [L] 328 RewriteRule ^administrator/ - [F]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
312 RewriteRule ^administrator/(.*)$ - [F,L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
313 329
314 ## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ d irectory 330 ## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ d irectory
315 RewriteRule ^(xmlrpc/index\.php)$ $1 [L] 331 RewriteRule ^xmlrpc/(index\.php)?$ - [L]
g1smd 2011/03/25 09:18:08 "-" instead of "$1" is faster.
g1smd 2011/03/25 21:39:45 Comment says "allow plain xmlrpc/ directory" but c
g1smd 2011/03/25 09:18:08 Allow "/xmlrec/" index page and named "/xmlrpc/ind
g1smd 2011/03/25 21:39:45 Code changed to now do what comment says it should
316 RewriteRule ^xmlrpc/(.*)$ - [F,L] 332 RewriteRule ^xmlrpc/ - [F]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
317 333
318 ## Disallow front-end access for certain Joomla! system directories 334 ## Disallow front-end access for certain Joomla! system directories
319 RewriteRule ^(includes/js/.*)$ $1 [L] 335 RewriteRule ^includes/js/ - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
320 RewriteRule ^(cache|includes|language|libraries|logs|tmp)/.*$ - [F,L] 336 RewriteRule ^(cache|includes|language|libraries|logs|tmp)/ - [F]
g1smd 2011/03/25 09:18:08 Trailing .* forces pattern matching to read whole
321 337
322 ## Allow limited access for certain Joomla! system directories with client-acces sible content 338 ## Allow limited access for certain Joomla! system directories with client-acces sible content
323 RewriteRule ^((components|modules|plugins|templates)/.*\.(jp[g,2,eg]?|png|gif|bm p|css|js|swf|ico|htm[l]?))$ $1 [L] 339 RewriteRule ^(components|modules|plugins|templates)/([^.]+)\.(jpe?[g2]?|png|gif| bmp|css|js|swf|ico|html?)$ - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
324 RewriteRule ^((components|modules|plugins|templates)/.*index\.php(.*))$ $1 [L] 340 RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
325 RewriteRule ^(templates/.*\.php)$ $1 [L] 341 RewriteRule ^templates/([^.]+)\.php$ - [L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
326 RewriteRule ^(components|modules|plugins|templates)/.*$ - [F,L] 342 RewriteRule ^(components|modules|plugins|templates)/.+ - [F]
g1smd 2011/03/25 09:18:08 Trailing .* forces pattern matching to read whole
343 ## Changed above patterns to allow both /folder/ and /folder/index.php requests for JA Purity II
327 344
328 ## Disallow access to htaccess.txt and configuration.php-dist 345 ## Disallow access to htaccess.txt, configuration.php, configuration.php-dist an d php.ini
329 RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F,L] 346 RewriteRule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ - [F]
g1smd 2011/03/25 09:18:08 [F] implies [L]. Omit [L].
g1smd 2011/03/25 09:18:08 Match both configuration.php and configuration.php
330 347
331 ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @ 348 ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @
332 ## http://www.sigsiu.net/presentations/fortifying_your_joomla_website.html 349 ## http://www.sigsiu.net/presentations/fortifying_your_joomla_website.html
333 ## May cause problems on legitimate requests 350 ## May cause problems on legitimate requests
334 RewriteCond %{QUERY_STRING} concat.*\( [NC,OR] 351 RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
g1smd 2011/03/25 09:18:08 The .* forces multiple backoff and retry attempts.
335 RewriteCond %{QUERY_STRING} union.*select.*\( [NC,OR] 352 RewriteCond %{QUERY_STRING} union([^s]*s)+elect[^\(]*\( [NC,OR]
g1smd 2011/03/25 09:18:08 The .* forces multiple backoff and retry attempts.
336 RewriteCond %{QUERY_STRING} union.*all.*select.* [NC] 353 RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC]
g1smd 2011/03/25 09:18:08 The .* forces multiple backoff and retry attempts.
337 RewriteRule ^(.*)$ - [F,L] 354 RewriteRule .* - [F]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
338 355
339 ########## End - Advanced server protection 356 ########## End - Advanced server protection
340 357
341 ########## Begin - Basic antispam Filter, by SigSiu.net 358 ########## Begin - Basic antispam Filter, by SigSiu.net
342 ## I removed some common words, tweak to your liking 359 ## I removed some common words, tweak to your liking
343 RewriteCond %{query_string} \bviagra\b [NC,OR] 360 ## This code uses PCRE and works only with Apache 2.x.
g1smd 2011/03/25 09:18:08 %{QUERY_STRING} not %{query_string}
g1smd 2011/03/25 09:18:08 Useful note.
344 RewriteCond %{query_string} \bambien\b [NC,OR] 361 ## This code will NOT work with Apache 1.x servers.
g1smd 2011/03/25 09:18:08 %{QUERY_STRING} not %{query_string}
345 RewriteCond %{query_string} \bblue\spill\b [NC,OR] 362 RewriteCond %{QUERY_STRING} \b(ambien|blue\spill|cialis|cocaine|ejaculation|erec tile)\b [NC,OR]
g1smd 2011/03/25 09:18:08 %{QUERY_STRING} not %{query_string}
346 RewriteCond %{query_string} \bcialis\b [NC,OR] 363 RewriteCond %{QUERY_STRING} \b(erections|hoodia|huronriveracres|impotence|levitr a|libido)\b [NC,OR]
g1smd 2011/03/25 09:18:08 %{QUERY_STRING} not %{query_string}
347 RewriteCond %{query_string} \bcocaine\b [NC,OR] 364 RewriteCond %{QUERY_STRING} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|t royhamby)\b [NC,OR]
g1smd 2011/03/25 09:18:08 %{QUERY_STRING} not %{query_string}
348 RewriteCond %{query_string} \bejaculation\b [NC,OR] 365 RewriteCond %{QUERY_STRING} \b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxai eo)\b [NC]
g1smd 2011/03/25 09:18:08 %{QUERY_STRING} not %{query_string}
g1smd 2011/03/25 09:18:08 Local OR parses faster.
349 RewriteCond %{query_string} \berectile\b [NC,OR] 366 ## Note: The final RewriteCond must NOT use the [OR] flag.
350 RewriteCond %{query_string} \berections\b [NC,OR] 367 RewriteRule .* - [F]
g1smd 2011/03/25 09:18:08 %{QUERY_STRING} not %{query_string}
g1smd 2011/03/25 09:18:08 .* instead of (.*)
351 RewriteCond %{query_string} \bhoodia\b [NC,OR]
352 RewriteCond %{query_string} \bhuronriveracres\b [NC,OR]
353 RewriteCond %{query_string} \bimpotence\b [NC,OR]
354 RewriteCond %{query_string} \blevitra\b [NC,OR]
355 RewriteCond %{query_string} \blibido\b [NC,OR]
356 RewriteCond %{query_string} \blipitor\b [NC,OR]
357 RewriteCond %{query_string} \bphentermin\b [NC,OR]
358 RewriteCond %{query_string} \bprosac\b [NC,OR]
359 RewriteCond %{query_string} \bsandyauer\b [NC,OR]
360 RewriteCond %{query_string} \btramadol\b [NC,OR]
361 RewriteCond %{query_string} \btroyhamby\b [NC,OR]
362 RewriteCond %{query_string} \bultram\b [NC,OR]
363 RewriteCond %{query_string} \bunicauca\b [NC,OR]
364 RewriteCond %{query_string} \bvalium\b [NC,OR]
365 RewriteCond %{query_string} \bviagra\b [NC,OR]
g1smd 2011/03/25 21:39:45 Duplicate entry.
366 RewriteCond %{query_string} \bvicodin\b [NC,OR]
367 RewriteCond %{query_string} \bxanax\b [NC,OR]
368 RewriteCond %{query_string} \bypxaieo\b [NC]
369 RewriteRule ^(.*)$ - [F,L]
g1smd 2011/03/25 09:18:08 No need to create backreference that isn't going t
370 ########## End - Basic antispam Filter, by SigSiu.net 368 ########## End - Basic antispam Filter, by SigSiu.net
371 369
372 ########## Begin - Joomla! core SEF Section 370 ########## Begin - Joomla! core SEF Section
373 # 371 #
374 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 372 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
375 RewriteCond %{REQUEST_URI} !^/index.php 373 #
g1smd 2011/03/25 21:39:45 Literal periods in patterns must be escaped.
376 RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|\.ini|\.zip| \.json|/[^.]*)$ [NC] 374 # If the requested path and file is not /index.php and the request
g1smd 2011/03/25 09:18:08 Why "find" the period nine times when you can find
375 # has not already been internally rewritten to the index.php script
376 RewriteCond %{REQUEST_URI} !^/index\.php
377 # and the request is for the site root, or for an extensionless URL,
378 # or the requested URL ends with one of the listed extensions
379 RewriteCond %{REQUEST_URI} (/[^.]*|\.(php|html?|feed|pdf|raw|ini|zip|json))$ [NC ]
g1smd 2011/03/25 09:18:08 Find root or extensionless. If it fails then find
380 # and the requested path and file doesn't directly match a physical file
377 RewriteCond %{REQUEST_FILENAME} !-f 381 RewriteCond %{REQUEST_FILENAME} !-f
382 # and the requested path doesn't directly match a physical folder
378 RewriteCond %{REQUEST_FILENAME} !-d 383 RewriteCond %{REQUEST_FILENAME} !-d
379 RewriteRule (.*) index.php [L] 384 # internally rewrite the request to the index.php script
385 RewriteRule .* index.php [L]
380 # 386 #
381 ########## End - Joomla! core SEF Section 387 ########## End - Joomla! core SEF Section
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1278:e6ce13d99bf5