| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- ############# DO NOT FORGET TO CHANGE "grav_path" BY YOUR ACTUAL GRAV INSTALLATION FOLDER #############
- ############# IF GRAV IS AT THE ROOT OF YOUR WEBSITE, ie http://yoursite.tld POINTS TO #############
- ############# GRAV DIRECTLY, THEN JUST REMOVE ANY "/grav_path/" MENTION BELOW. OTHERWISE #############
- ############# WE ASSUME YOU RUN AN INSTALLATION SUCH AS http://yoursite.tld/grav_path/ #############
- #######################################################################################################
- ### GRAV RULES FOR LIGHTTPD ###
- ### By Mr3ase ###
- ### Last Rev. 2015/11/20 ###
- #PREVENTING EXPLOITS
- $HTTP["querystring"] =~ "base64_encode[^(]*\([^)]*\)" {
- url.redirect = (".*" => "/grav_path/index.php" )
- }
- $HTTP["querystring"] =~ "(<|%3C)([^s]*s)+cript.*(>|%3E)" {
- url.redirect = (".*" => "/grav_path/index.php" )
- }
- $HTTP["querystring"] =~ "GLOBALS(=|\[|\%[0-9A-Z])" {
- url.redirect = (".*" => "/grav_path/index.php" )
- }
- $HTTP["querystring"] =~ "_REQUEST(=|\[|\%[0-9A-Z])" {
- url.redirect = (".*" => "/grav_path/index.php" )
- }
- #REROUTING TO THE INDEX PAGE
- url.rewrite-if-not-file = (
- "^/grav_path/(.*)$" => "/grav_path/index.php?$1"
- )
- #IMPROVING SECURITY
- $HTTP["url"] =~ "^/grav_path/(LICENSE\.txt|composer\.json|composer\.lock|nginx\.conf|web\.config)$" {
- url.access-deny = ("")
- }
- $HTTP["url"] =~ "^/grav_path/(\.git|cache|bin|logs|backup|tests)/(.*)" {
- url.access-deny = ("")
- }
- $HTTP["url"] =~ "^/grav_path/(system|user|vendor)/(.*)\.(txt|md|html|yaml|yml|php|twig|sh|bat)$" {
- url.access-deny = ("")
- }
- $HTTP["url"] =~ "^/grav_path/(\.(.*))" {
- url.access-deny = ("")
- }
- url.access-deny += (".md","~",".inc")
- #PREVENT BROWSING AND SET INDEXES
- $HTTP["url"] =~ "^/grav_path($|/)" {
- dir-listing.activate = "disable"
- index-file.names = ( "index.php", "index.html" , "index.htm" )
- }
|
