Updating Caddyfile

* Updating Caddyfile Now /sitemap.xml or blog.rss or /info.php and so on are working also the evil regex is removed * Updating Caddyfile adding suggestion by @abiosoft
2025-02-20 19:56:53 +01:00 · 2016-04-04 14:29:22 +02:00 · 2016-04-04 14:29:22 +02:00 · 1408477827
commit 1408477827
parent 34a211a532
1 changed files with 26 additions and 3 deletions
--- a/webserver-configs/Caddyfile
+++ b/webserver-configs/Caddyfile
@ -1,8 +1,31 @@
 :8080
 gzip
 fastcgi / 127.0.0.1:9000 php
+
+# Begin - Security
+# deny all direct access for these folders
 rewrite {
-    regexp .*
-    ext    /
-    to     /index.php?_url={uri}
+    r       /(.git|cache|bin|logs|backups|tests)/.*$
+    status  403
+}
+# deny running scripts inside core system folders
+rewrite {
+    r       /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$
+    status  403
+}
+# deny running scripts inside user folder
+rewrite {
+    r       /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$
+    status  403
+}
+# deny access to specific files in the root folder
+rewrite {
+    r       /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess)
+    status  403
+}
+## End - Security
+
+# global rewrite should come last.
+rewrite {
+    to  {path} {path}/ /index.php?_url={uri}
 }