forked from LimeSurvey/LimeSurvey
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess
36 lines (28 loc) · 1.07 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<IfModule mod_rewrite.c>
RewriteEngine on
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
# RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
# deny access to hidden files and directories except .well-known
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*/)?\.+ - [F]
# deny access to composer.json that is used for remote fingerprinting
RewriteRule ^composer.json - [F]
</IfModule>
# deny access to hidden files and directories without mod_rewrite
RedirectMatch 403 ^/(?!\.well-known/)(.*/)?\.+
# General setting to properly handle LimeSurvey paths
# AcceptPathInfo on
# XSS protection
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
<FilesMatch "\.(svgz?)$">
Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'"
</FilesMatch>
</IfModule>
# Disable Multiviews (issue #16859)
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>