Add RewriteRule exception for ms-files.php

9161f1b7 · ale · 70543011 · 9161f1b7 · 9161f1b7 · 9161f1b7
Commit 9161f1b7 authored 3 years ago by ale
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,6 +9,8 @@ FROM registry.git.autistici.org/ai3/docker/apache2-php-base:master
 COPY --from=build /build/app/ /opt/noblogs/www
 COPY docker/htaccess /opt/noblogs/www/.htaccess
+COPY docker/htaccess-noindex /opt/noblogs/www/wp-admin/.htaccess
+COPY docker/htaccess-noindex /opt/noblogs/www/wp-includes/.htaccess
 COPY docker/wp-config.php /opt/noblogs/www/wp-config.php
 COPY docker/wp-cache-config.php /opt/noblogs/www/wp-content/wp-cache-config.php
 COPY docker/conf /tmp/conf

--- a/docker/htaccess
+++ b/docker/htaccess
@@ -27,10 +27,11 @@ RewriteRule ^gallery/[0-9]+/(.*)$  wp-includes/ms-files.php?file=2010/08/$1 [L]
 RewriteRule ^resource/[^/]+/preview/(.*)$ wp-includes/ms-files.php?file=2010/08/$1 [L]
 RewriteRule ^resource/[^/]+/download/(.*)$ wp-includes/ms-files.php?file=2010/08/$1 [L]
-# hardening of wp-includes
+# hardening of wp-includes (with the exception of ms-files.php, the WP multisite file server).
 RewriteRule ^wp-admin/includes/ - [F,L]
 RewriteRule !^wp-includes/ - [S=3]
-RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
+RewriteCond %{REQUEST_URI} !^wp-includes/ms-files.php$
+RewriteRule ^wp-includes/.+\.php$ - [F,L]
 RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
 RewriteRule ^wp-includes/theme-compat/ - [F,L]

--- a/docker/htaccess-noindex
+++ b/docker/htaccess-noindex
+Options -Indexes