Skip to content
Snippets Groups Projects
Commit cb1c745b authored by ale's avatar ale
Browse files

Try a different approach for ms-files.php allowlist

parent 9161f1b7
No related branches found
No related tags found
1 merge request!54Harden htaccess for /wp-includes/ direct access
Pipeline #31494 passed
Stage: build
Stage: test
This commit is part of merge request !54. Comments created here will be created in the context of that merge request.
Show whitespace changes
Inline Side-by-side
Showing
with 2 additions and 3 deletions
docker/htaccess
+ 2
3
View file @ cb1c745b
...@@ -29,10 +29,9 @@ RewriteRule ^resource/[^/]+/download/(.*)$ wp-includes/ms-files.php?file=2010/08 ...@@ -29,10 +29,9 @@ RewriteRule ^resource/[^/]+/download/(.*)$ wp-includes/ms-files.php?file=2010/08
# hardening of wp-includes (with the exception of ms-files.php, the WP multisite file server). # hardening of wp-includes (with the exception of ms-files.php, the WP multisite file server).
RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3] RewriteRule !^wp-includes/ - [S=2]
RewriteCond %{REQUEST_URI} !^wp-includes/ms-files.php$ RewriteCond $0 !^wp-includes/ms-files\.php$
RewriteRule ^wp-includes/.+\.php$ - [F,L] RewriteRule ^wp-includes/.+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L]
# BEGIN WPSuperCache # BEGIN WPSuperCache
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment