Whitelist urls instead of blacklist

This commit is contained in:
An Phan 2016-06-10 01:11:46 +08:00
parent efcdac82e3
commit fe0376bb42
No known key found for this signature in database
GPG key ID: 05536BB4BCDC02A2
2 changed files with 7 additions and 15 deletions

View file

@ -12,19 +12,16 @@
RewriteEngine On
RewriteBase /
# Deny access to framework directories
RewriteRule ^(app|bootstrap|config|database|resources|storage|tests|vendor|node_modules)/ - [R=404,L,NC]
# And dot files/folders (for example .env)
RedirectMatch 404 /\..*$
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Whitelist only index.php, robots.txt, and those start with public/ or api/
RewriteRule ^(?!($|index\.php|robots\.txt|(public|api)/)) - [R=404,L]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
RewriteRule .* index.php [L]
# https://github.com/tymondesigns/jwt-auth/wiki/Authentication
RewriteCond %{HTTP:Authorization} ^(.*)

View file

@ -4,14 +4,9 @@ server {
root /var/www/koel;
index index.php;
# Deny access to dotfiles
location ~ /\. {
deny all;
}
# Deny access to framework directories
location ~ /(app|bootstrap|config|database|resources|storage|tests|vendor|node_modules)/ {
deny all;
# Whitelist only index.php, robots.txt, and those start with public/ or api/
if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {
return 404;
}
location /media/ {