fixed htaccess RedirectMatch 403 rule

2026-03-03 02:27:01 +00:00 · 2014-09-15 12:35:32 +03:00
parent 053793be9c
commit 1399913606
4 changed files with 23 additions and 23 deletions
--- a/.htaccess
+++ b/.htaccess
@@ -4,23 +4,22 @@

 DirectoryIndex index.php index.html

-# PROTECTED DIRECTORIES
 <IfModule mod_rewrite.c>
  RewriteEngine On
-  RewriteCond %{REQUEST_FILENAME} -d
-  RewriteRule (?i)(data|api) - [F]
-</IfModule>
-RedirectMatch 403 (?i)/data/config\.php$
-RedirectMatch 403 (?i)/data/logs
-RedirectMatch 403 (?i)/data/cache
-RedirectMatch 403 (?i)/data/upload
-RedirectMatch 403 (?i)/application
-RedirectMatch 403 (?i)/custom
-RedirectMatch 403 (?i)/vendor
-#END PROTECTED DIRECTORIES

-<IfModule mod_rewrite.c>
-  RewriteEngine On
+  # PROTECTED DIRECTORIES
+  RewriteCond %{REQUEST_FILENAME} -d
+  RewriteRule ^/?(data|api)/ - [F]
+
+  RewriteRule ^/?data/config\.php$ - [F]
+  RewriteRule ^/?data/logs/ - [F]
+  RewriteRule ^/?data/cache/ - [F]
+  RewriteRule ^/?data/upload/ - [F]
+  RewriteRule ^/?application/ - [F]
+  RewriteRule ^/?custom/ - [F]
+  RewriteRule ^/?vendor/ - [F]
+  #END PROTECTED DIRECTORIES
+
  RewriteRule .* - [E=HTTP_ESPO_CGI_AUTH:%{HTTP:Authorization}]

  RewriteRule reset/?$ reset.html [QSA,L]
--- a/frontend/client/custom/.data
+++ b/frontend/client/custom/.data
@@ -0,0 +1 @@
+ 
--- a/install/core/SystemHelper.php
+++ b/install/core/SystemHelper.php
@@ -279,7 +279,7 @@ class SystemHelper extends \Espo\Core\Utils\System
 		$serverType = $this->getServerType();

 		$rules = array(
-			'nginx' => "location /api/v1/ {\n    if (!-e " . '$request_filename' . "){\n        rewrite ^/api/v1/(.*)$ /api/v1/index.php last; break;\n    }\n}\n\nlocation / {\n    rewrite reset/?$ reset.html break;\n}\n\nlocation /(data|api) {\n    if (-e " . '$request_filename' . "){\n        return 403;\n    }\n}\n\nlocation /data/logs {\n    return 403;\n}\nlocation /data/config.php$ {\n    return 403;\n}\nlocation /data/cache {\n    return 403;\n}\nlocation /data/upload {\n    return 403;\n}\nlocation /application {\n    return 403;\n}\nlocation /custom {\n    return 403;\n}\nlocation /vendor {\n    return 403;\n}",
+			'nginx' => "location /api/v1/ {\n    if (!-e " . '$request_filename' . "){\n        rewrite ^/api/v1/(.*)$ /api/v1/index.php last; break;\n    }\n}\n\nlocation / {\n    rewrite reset/?$ reset.html break;\n}\n\nlocation ^~ (data|api)/ {\n    if (-e " . '$request_filename' . "){\n        return 403;\n    }\n}\n\nlocation ^~ /data/logs/ {\n    return 403;\n}\nlocation ^~ /data/config.php {\n    return 403;\n}\nlocation ^~ /data/cache/ {\n    return 403;\n}\nlocation ^~ /data/upload/ {\n    return 403;\n}\nlocation ^~ /application/ {\n    return 403;\n}\nlocation ^~ /custom/ {\n    return 403;\n}\nlocation ^~ /vendor/ {\n    return 403;\n}",
 		);

 		if (isset($rules[$serverType])) {
--- a/web.config
+++ b/web.config
@@ -5,35 +5,35 @@
        <rewrite>
            <rules>
                <rule name="rule 1X" stopProcessing="true">
-                    <match url="/?reset/?$"  />
+                    <match url="^/?reset/?$"  />
                    <action type="Rewrite" url="reset.html"  appendQueryString="true" />
                </rule>
                <rule name="RequestBlocking1" stopProcessing="true">
-                    <match url="/?data/config\.php$" />
+                    <match url="^/?data/config\.php$" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." />
                </rule>
                <rule name="RequestBlocking2" stopProcessing="true">
-                    <match url="/?data/logs" />
+                    <match url="^/?data/logs/" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." />
                </rule>
                <rule name="RequestBlocking3" stopProcessing="true">
-                    <match url="/?data/cache" />
+                    <match url="^/?data/cache/" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." />
                </rule>
                <rule name="RequestBlocking4" stopProcessing="true">
-                    <match url="/?data/upload" />
+                    <match url="^/?data/upload/" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." />
                </rule>
                <rule name="RequestBlocking5" stopProcessing="true">
-                    <match url="/?application" />
+                    <match url="^/?application/" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." />
                </rule>
                <rule name="RequestBlocking6" stopProcessing="true">
-                    <match url="/?custom" />
+                    <match url="^/?custom/" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." />
                </rule>
                <rule name="RequestBlocking7" stopProcessing="true">
-                    <match url="/?vendor" />
+                    <match url="^/?vendor/" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." />
                </rule>
            </rules>