From 7ca3be324ba731820d54a8f37d0128ad5e39ebc5 Mon Sep 17 00:00:00 2001 From: Franck Perrin Date: Tue, 20 Feb 2024 16:25:24 +0100 Subject: [PATCH 1/2] IBX-7818: Fixed direct acces to index.php with long URL --- resources/templates/apache2/vhost.template | 2 +- resources/templates/nginx/ibexa_params.d/ibexa_rewrite_params | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/templates/apache2/vhost.template b/resources/templates/apache2/vhost.template index 27f4ebf..4484f0b 100644 --- a/resources/templates/apache2/vhost.template +++ b/resources/templates/apache2/vhost.template @@ -100,7 +100,7 @@ RewriteRule ^/(css|js|fonts?)/.*\.(css|js|otf|eot|ttf|svg|woff) - [L] # Prevent access to website with direct usage of index.php in URL - RewriteRule ^/([^/]+/)?index\.php([/?#]|$) - [R=404,L] + RewriteRule ^/([^/]+/)*?index\.php([/?#]|$) - [R=404,L] RewriteRule .* /index.php diff --git a/resources/templates/nginx/ibexa_params.d/ibexa_rewrite_params b/resources/templates/nginx/ibexa_params.d/ibexa_rewrite_params index a0b05a3..1832bfa 100644 --- a/resources/templates/nginx/ibexa_params.d/ibexa_rewrite_params +++ b/resources/templates/nginx/ibexa_params.d/ibexa_rewrite_params @@ -19,7 +19,7 @@ rewrite "^/build/(.*)" "/build/$1" break; rewrite "^/assets/(.*)" "/assets/$1" break; # Prevent access to website with direct usage of index.php in URL -if ($request_uri ~ "^/([^/]+/)?index\.php([/?#]|$)") { +if ($request_uri ~ "^/([^/]+/)*?index\.php([/?#]|$)") { return 404; } From ea2a901244a385f1cf814b8fbf3f2b5176882a6a Mon Sep 17 00:00:00 2001 From: Franck Perrin Date: Tue, 20 Feb 2024 16:25:24 +0100 Subject: [PATCH 2/2] IBX-7818: Fixed direct acces to index.php with long URL --- resources/templates/apache2/vhost.template | 2 +- resources/templates/nginx/ibexa_params.d/ibexa_rewrite_params | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/templates/apache2/vhost.template b/resources/templates/apache2/vhost.template index 27f4ebf..4484f0b 100644 --- a/resources/templates/apache2/vhost.template +++ b/resources/templates/apache2/vhost.template @@ -100,7 +100,7 @@ RewriteRule ^/(css|js|fonts?)/.*\.(css|js|otf|eot|ttf|svg|woff) - [L] # Prevent access to website with direct usage of index.php in URL - RewriteRule ^/([^/]+/)?index\.php([/?#]|$) - [R=404,L] + RewriteRule ^/([^/]+/)*?index\.php([/?#]|$) - [R=404,L] RewriteRule .* /index.php diff --git a/resources/templates/nginx/ibexa_params.d/ibexa_rewrite_params b/resources/templates/nginx/ibexa_params.d/ibexa_rewrite_params index a0b05a3..1832bfa 100644 --- a/resources/templates/nginx/ibexa_params.d/ibexa_rewrite_params +++ b/resources/templates/nginx/ibexa_params.d/ibexa_rewrite_params @@ -19,7 +19,7 @@ rewrite "^/build/(.*)" "/build/$1" break; rewrite "^/assets/(.*)" "/assets/$1" break; # Prevent access to website with direct usage of index.php in URL -if ($request_uri ~ "^/([^/]+/)?index\.php([/?#]|$)") { +if ($request_uri ~ "^/([^/]+/)*?index\.php([/?#]|$)") { return 404; }