From 14084778275ed089fd8724996cfab5c241e0b07a Mon Sep 17 00:00:00 2001
From: Mathias Rhein <mathias@rhein.rocks>
Date: Mon, 4 Apr 2016 14:29:22 +0200
Subject: [PATCH] Updating Caddyfile

* Updating Caddyfile

Now /sitemap.xml or blog.rss or /info.php and so on are working also the evil regex is removed

* Updating Caddyfile

adding suggestion by @abiosoft
---
 webserver-configs/Caddyfile | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/webserver-configs/Caddyfile b/webserver-configs/Caddyfile
index 014017c93..682947087 100644
--- a/webserver-configs/Caddyfile
+++ b/webserver-configs/Caddyfile
@@ -1,8 +1,31 @@
 :8080
 gzip
 fastcgi / 127.0.0.1:9000 php
+
+# Begin - Security
+# deny all direct access for these folders
 rewrite {
-    regexp .*
-    ext    /
-    to     /index.php?_url={uri}
+    r       /(.git|cache|bin|logs|backups|tests)/.*$
+    status  403
+}
+# deny running scripts inside core system folders
+rewrite {
+    r       /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$
+    status  403
+}
+# deny running scripts inside user folder
+rewrite {
+    r       /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$
+    status  403
+}
+# deny access to specific files in the root folder
+rewrite {
+    r       /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess)
+    status  403
+}
+## End - Security
+
+# global rewrite should come last.
+rewrite {
+    to  {path} {path}/ /index.php?_url={uri}
 }