From 38cc4e5fb61eba6bb6d8d0e504d18316a2f6d317 Mon Sep 17 00:00:00 2001 From: PICCORO Lenz McKAY Date: Sat, 21 Sep 2019 20:37:50 -0400 Subject: [PATCH 1/2] make webserver agnosting and no need of htaccess rewrite rule, working setup * this able to work with all webservers and not only apache2 setups * this solves many issues due redirectiin subdomains or path installs * this setup permits install in subdomains and subdirectoryes * this setup does not need a rewrite support in any webserver --- .htaccess | 22 +++++++++++++--------- index.php | 12 ++++++++++++ public/.htaccess | 9 +++++---- 3 files changed, 30 insertions(+), 13 deletions(-) create mode 100644 index.php diff --git a/.htaccess b/.htaccess index 55eeab755f..0723cfffdd 100755 --- a/.htaccess +++ b/.htaccess @@ -1,13 +1,17 @@ -# redirect to public page - - RewriteEngine On - RewriteCond %{REQUEST_URI} !^public$ - RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC] - RewriteRule "^(.*)$" "/public/" [R=301,L] - -# disable directory browsing -# For security reasons, Option all cannot be overridden. +## by default opensourcepos uses only apache2 rules and close related tricks.. +## if you already wants that uncomment those lines +## and property setup rewrite path (if you do not hijacked root webserver) +## due all are redirect to public page in public directory for security issues +# +# RewriteEngine On +# RewriteCond %{REQUEST_URI} !^public$ +# RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC] +# RewriteRule "^(.*)$" "/public/" [R=301,L] +# + +## disable directory browsing +## For security reasons, Option all cannot be overridden. Options +ExecCGI +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes # prevent folder listing diff --git a/index.php b/index.php new file mode 100644 index 0000000000..1e0da29382 --- /dev/null +++ b/index.php @@ -0,0 +1,12 @@ + diff --git a/public/.htaccess b/public/.htaccess index 20aeda3d83..e92a498128 100644 --- a/public/.htaccess +++ b/public/.htaccess @@ -1,5 +1,6 @@ RewriteEngine On +# Please read first the .htaccess file in the parent directory # To redirect a subdomain to a subdir because of https not supporting wildcards # replace values between <> with your ones # RewriteCond %{HTTP_HOST} ^\.\.com$ [OR] @@ -11,10 +12,10 @@ RewriteEngine On # RewriteCond %{HTTP_HOST} !^www\..+$ [NC] # RewriteCond %{HTTP_HOST} (.+)$ [NC] # RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteCond %{REQUEST_FILENAME} !-d +# RewriteCond %{REQUEST_FILENAME} !-f +# RewriteCond %{REQUEST_FILENAME} !-d # if in web root -RewriteRule ^(.*)$ index.php?/$1 [L] +# RewriteRule ^(.*)$ index.php?/$1 [L] # if in subdir comment above line, uncomment below one and replace with your path # RewriteRule ^(.*)$ //public/index.php?/$1 [L] @@ -60,4 +61,4 @@ IndexIgnore * ExpiresActive On ExpiresDefault "access plus 1 week" - \ No newline at end of file + From 6093349afdeca00fc0d619976a6bfdd15afe4891 Mon Sep 17 00:00:00 2001 From: PICCORO Lenz McKAY Date: Sat, 21 Sep 2019 20:37:50 -0400 Subject: [PATCH 2/2] make webserver agnosting and no need of htaccess rewrite rule, working setup * this able to work with all webservers and not only apache2 setups * this solves many issues due redirectiin subdomains or path installs * this setup permits install in subdomains and subdirectoryes * this setup does not need a rewrite support in any webserver --- .htaccess | 22 +++++++++++++--------- index.php | 12 ++++++++++++ public/.htaccess | 9 +++++---- 3 files changed, 30 insertions(+), 13 deletions(-) create mode 100644 index.php diff --git a/.htaccess b/.htaccess index 55eeab755f..0723cfffdd 100755 --- a/.htaccess +++ b/.htaccess @@ -1,13 +1,17 @@ -# redirect to public page - - RewriteEngine On - RewriteCond %{REQUEST_URI} !^public$ - RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC] - RewriteRule "^(.*)$" "/public/" [R=301,L] - -# disable directory browsing -# For security reasons, Option all cannot be overridden. +## by default opensourcepos uses only apache2 rules and close related tricks.. +## if you already wants that uncomment those lines +## and property setup rewrite path (if you do not hijacked root webserver) +## due all are redirect to public page in public directory for security issues +# +# RewriteEngine On +# RewriteCond %{REQUEST_URI} !^public$ +# RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC] +# RewriteRule "^(.*)$" "/public/" [R=301,L] +# + +## disable directory browsing +## For security reasons, Option all cannot be overridden. Options +ExecCGI +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes # prevent folder listing diff --git a/index.php b/index.php new file mode 100644 index 0000000000..1e0da29382 --- /dev/null +++ b/index.php @@ -0,0 +1,12 @@ + diff --git a/public/.htaccess b/public/.htaccess index 20aeda3d83..e92a498128 100644 --- a/public/.htaccess +++ b/public/.htaccess @@ -1,5 +1,6 @@ RewriteEngine On +# Please read first the .htaccess file in the parent directory # To redirect a subdomain to a subdir because of https not supporting wildcards # replace values between <> with your ones # RewriteCond %{HTTP_HOST} ^\.\.com$ [OR] @@ -11,10 +12,10 @@ RewriteEngine On # RewriteCond %{HTTP_HOST} !^www\..+$ [NC] # RewriteCond %{HTTP_HOST} (.+)$ [NC] # RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteCond %{REQUEST_FILENAME} !-d +# RewriteCond %{REQUEST_FILENAME} !-f +# RewriteCond %{REQUEST_FILENAME} !-d # if in web root -RewriteRule ^(.*)$ index.php?/$1 [L] +# RewriteRule ^(.*)$ index.php?/$1 [L] # if in subdir comment above line, uncomment below one and replace with your path # RewriteRule ^(.*)$ //public/index.php?/$1 [L] @@ -60,4 +61,4 @@ IndexIgnore * ExpiresActive On ExpiresDefault "access plus 1 week" - \ No newline at end of file +