34 lines
801 B
Caddyfile
34 lines
801 B
Caddyfile
:8080
|
|
gzip
|
|
fastcgi / 127.0.0.1:9000 php
|
|
|
|
# Begin - Security
|
|
# deny all direct access for these folders
|
|
rewrite {
|
|
r /(\.git|cache|bin|logs|backups|tests)/.*$
|
|
to /403
|
|
}
|
|
# deny running scripts inside core system folders
|
|
rewrite {
|
|
r /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$
|
|
to /403
|
|
}
|
|
# deny running scripts inside user folder
|
|
rewrite {
|
|
r /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$
|
|
to /403
|
|
}
|
|
# deny access to specific files in the root folder
|
|
rewrite {
|
|
r /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess)
|
|
to /403
|
|
}
|
|
|
|
status 403 /403
|
|
## End - Security
|
|
|
|
# global rewrite should come last.
|
|
rewrite {
|
|
to {path} {path}/ /index.php?_url={uri}&{query}
|
|
}
|