fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity
rhymix/common/manual/server_config/rhymix-nginx.conf
Kijin Sung e2828ed155 Improve precision and security of .htaccess and nginx configuration 
- Block direct access to HTML and XML files in all modules, themes, etc.
- Block direct access to environment information in files/env/*
- Block direct access to dotfiles and other developer resources
- Block direct access to cache store
- Block PHP execution in upload directory (for additional protection)
- Ensure consitency between Apache and nginx rewrite rules
- Remove redundant rewrite rules
2016-06-18 13:16:02 +09:00

55 lines
1.9 KiB
Text
Raw Blame History

# block direct access to templates, XML schemas, config files, dotfiles, environment info, etc.
location ~ ^/modules/editor/(skins|styles)/.+\.html$ {
# pass
}
location ~ ^/(addons|common|files/ruleset|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml)$ {
return 403;
}
location ~ ^/files/(attach|config|cache/store)/.+\.php$ {
return 403;
}
location ~ ^/files/env/ {
return 403;
}
location ~ ^/(\.|codeception\.|composer\.|Gruntfile\.js|package\.json|CONTRIBUTING|COPYRIGHT|LICENSE|README) {
return 403;
}
# fix incorrect relative URLs (for legacy support)
rewrite ^/(.+)/(addons|files|layouts|m\.layouts|modules|widgets|widgetstyles)/(.*) /$2/$3 last;
# rss, blogAPI
rewrite ^/(rss|atom)$ /index.php?module=rss&act=$1 last;
rewrite ^/([a-zA-Z0-9_]+)/(rss|atom|api)$ /index.php?mid=$1&act=$2 last;
rewrite ^/([a-zA-Z0-9_]+)/([a-zA-Z0-9_]+)/(rss|atom|api)$ /index.php?vid=$1&mid=$2&act=$3 last;
# trackback
rewrite ^/([0-9]+)/(.+)/trackback$ /index.php?document_srl=$1&key=$2&act=trackback last;
rewrite ^/([a-zA-Z0-9_]+)/([0-9]+)/(.+)/trackback$ /index.php?vid=$1&document_srl=$2&key=$3&act=trackback last;
# administrator page
rewrite ^/admin/?$ /index.php?module=admin last;
# document category
rewrite ^/([a-zA-Z0-9_]+)/category/([0-9]+)$ /index.php?mid=$1&category=$2 last;
# document permanent link
rewrite ^/([0-9]+)$ /index.php?document_srl=$1 last;
# mid link
rewrite ^/([a-zA-Z0-9_]+)/?$ /index.php?mid=$1 last;
# mid + document link
rewrite ^/([a-zA-Z0-9_]+)/([0-9]+)$ /index.php?mid=$1&document_srl=$2 last;
# vid + mid link
rewrite ^/([a-zA-Z0-9_]+)/([a-zA-Z0-9_]+)/?$ /index.php?vid=$1&mid=$2 last;
# vid + mid + document link
rewrite ^/([a-zA-Z0-9_]+)/([a-zA-Z0-9_]+)/([0-9]+)$ /index.php?vid=$1&mid=$2&document_srl=$3 last;
# mid + entry title
rewrite ^/([a-zA-Z0-9_]+)/entry/(.+)$ /index.php?mid=$1&entry=$2 last;
# vid + mid + entry title
rewrite ^/([a-zA-Z0-9_]+)/([a-zA-Z0-9_]+)/entry/(.+)$ /index.php?vid=$1&mid=$2&entry=$3 last;
Reference in a new issue View git blame Copy permalink