diff --git a/CHANGELOG.md b/CHANGELOG.md index ef7db0ea2..dd259827b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * Use new `permissions` field in user account 1. [](#improved) * Added alias `selfupdate` to the `self-upgrade` `bin/gpm` CLI command + * Synced `webserver-configs/htaccess.txt` with `.htaccess` # v1.1.9-rc.2 ## 11/26/2016 diff --git a/webserver-configs/htaccess.txt b/webserver-configs/htaccess.txt index c82ca8fa6..faef479f7 100644 --- a/webserver-configs/htaccess.txt +++ b/webserver-configs/htaccess.txt @@ -3,7 +3,7 @@ RewriteEngine On ## Begin RewriteBase -# If you are getting 404 errors on subpages, you may have to uncomment the RewriteBase entry +# If you are getting 500 or 404 errors on subpages, you may have to uncomment the RewriteBase entry # You should change the '/' to your appropriate subfolder. For example if you have # your Grav install at the root of your site '/' should work, else it might be something # along the lines of: RewriteBase / @@ -13,6 +13,16 @@ RewriteEngine On ## End - RewriteBase +## Begin - X-Forwarded-Proto +# In some hosted or load balanced environments, SSL negotiation happens upstream. +# In order for Grav to recognize the connection as secure, you need to uncomment +# the following lines. +# +# RewriteCond %{HTTP:X-Forwarded-Proto} https +# RewriteRule .* - [E=HTTPS:on] +# +## End - X-Forwarded-Proto + ## Begin - Exploits # If you experience problems on your site block out the operations listed below # This attempts to block the most common type of exploit `attempts` to Grav @@ -52,7 +62,7 @@ RewriteRule ^(user)/(.*)\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ error [F] # Block all direct access to .md files: RewriteRule \.md$ error [F] # Block all direct access to files and folders beginning with a dot -RewriteRule (^\.|/\.) - [F] +RewriteRule (^|/)\.(?!well-known) - [F] # Block access to specific files in the root folder RewriteRule ^(LICENSE.txt|composer.lock|composer.json|\.htaccess)$ error [F] ## End - Security @@ -62,4 +72,4 @@ RewriteRule ^(LICENSE.txt|composer.lock|composer.json|\.htaccess)$ error [F] # Begin - Prevent Browsing and Set Default Resources Options -Indexes DirectoryIndex index.php index.html index.htm -# End - Prevent Browsing and Set Default Resources +# End - Prevent Browsing and Set Default Resources \ No newline at end of file