From cb1c745b0746a97508f80421cc7a8a1b558e99cb Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Wed, 27 Apr 2022 08:32:40 +0100
Subject: [PATCH] Try a different approach for ms-files.php allowlist

---
 docker/htaccess | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docker/htaccess b/docker/htaccess
index 92aefd93..b7cc0975 100644
--- a/docker/htaccess
+++ b/docker/htaccess
@@ -29,10 +29,9 @@ RewriteRule ^resource/[^/]+/download/(.*)$ wp-includes/ms-files.php?file=2010/08
 
 # hardening of wp-includes (with the exception of ms-files.php, the WP multisite file server).
 RewriteRule ^wp-admin/includes/ - [F,L]
-RewriteRule !^wp-includes/ - [S=3]
-RewriteCond %{REQUEST_URI} !^wp-includes/ms-files.php$
+RewriteRule !^wp-includes/ - [S=2]
+RewriteCond $0 !^wp-includes/ms-files\.php$
 RewriteRule ^wp-includes/.+\.php$ - [F,L]
-RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
 RewriteRule ^wp-includes/theme-compat/ - [F,L]
 
 # BEGIN WPSuperCache
-- 
GitLab