lighttpd.conf 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. ############# DO NOT FORGET TO CHANGE "grav_path" BY YOUR ACTUAL GRAV INSTALLATION FOLDER #############
  2. ############# IF GRAV IS AT THE ROOT OF YOUR WEBSITE, ie http://yoursite.tld POINTS TO #############
  3. ############# GRAV DIRECTLY, THEN JUST REMOVE ANY "/grav_path/" MENTION BELOW. OTHERWISE #############
  4. ############# WE ASSUME YOU RUN AN INSTALLATION SUCH AS http://yoursite.tld/grav_path/ #############
  5. #######################################################################################################
  6. ### GRAV RULES FOR LIGHTTPD ###
  7. ### By Mr3ase ###
  8. ### Last Rev. 2015/11/20 ###
  9. #PREVENTING EXPLOITS
  10. $HTTP["querystring"] =~ "base64_encode[^(]*\([^)]*\)" {
  11. url.redirect = (".*" => "/grav_path/index.php" )
  12. }
  13. $HTTP["querystring"] =~ "(<|%3C)([^s]*s)+cript.*(>|%3E)" {
  14. url.redirect = (".*" => "/grav_path/index.php" )
  15. }
  16. $HTTP["querystring"] =~ "GLOBALS(=|\[|\%[0-9A-Z])" {
  17. url.redirect = (".*" => "/grav_path/index.php" )
  18. }
  19. $HTTP["querystring"] =~ "_REQUEST(=|\[|\%[0-9A-Z])" {
  20. url.redirect = (".*" => "/grav_path/index.php" )
  21. }
  22. #REROUTING TO THE INDEX PAGE
  23. url.rewrite-if-not-file = (
  24. "^/grav_path/(.*)$" => "/grav_path/index.php?$1"
  25. )
  26. #IMPROVING SECURITY
  27. $HTTP["url"] =~ "^/grav_path/(LICENSE\.txt|composer\.json|composer\.lock|nginx\.conf|web\.config)$" {
  28. url.access-deny = ("")
  29. }
  30. $HTTP["url"] =~ "^/grav_path/(\.git|cache|bin|logs|backup|tests)/(.*)" {
  31. url.access-deny = ("")
  32. }
  33. $HTTP["url"] =~ "^/grav_path/(system|user|vendor)/(.*)\.(txt|md|html|yaml|yml|php|twig|sh|bat)$" {
  34. url.access-deny = ("")
  35. }
  36. $HTTP["url"] =~ "^/grav_path/(\.(.*))" {
  37. url.access-deny = ("")
  38. }
  39. url.access-deny += (".md","~",".inc")
  40. #PREVENT BROWSING AND SET INDEXES
  41. $HTTP["url"] =~ "^/grav_path($|/)" {
  42. dir-listing.activate = "disable"
  43. index-file.names = ( "index.php", "index.html" , "index.htm" )
  44. }