Preconfigured htaccess
An Apache web server utilizes an htaccess file located in the main directory of a website for site-specific configuration. Origen provides a preconfigured htaccess file named htaccess.txt, which includes instructions to prevent common exploits and implement Search Engine Friendly (SEF) URLs. Additionally, it provides several settings that need to be reviewed for compatibility with your environment:
- IndexIgnore *
- Options +FollowSymLinks
- Options -Indexes
- RewriteBase /
Enabling the htaccess.txt file involves merging its contents with an existing .htaccess file and making decisions regarding the mentioned settings.
Note: Please note that the active file is determined in one of the httpd.conf files using the following directive:
AccessFileName .htaccess
By default, it is set to .htaccess, which makes the file hidden on Unix-like file systems. There is no need to modify this setting.
However, on the Windows platform, you may choose to change it to:
AccessFileName htaccess.ini
This can make it easier to edit the file. It is important not to use htaccess.txt as the active file, as it will be overwritten during Origen updates, resulting in the loss of any changes made to it.
Below is the content of the htaccess.txt file:
##
# @package Origen
# @copyright Copyright (C) 2005 - 2018 Open Source Matters. All rights reserved.
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of wdgt_rewrite, but it may have already been set by your
# server backend in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the
# beginning of the line), reload your site in your browser and test your sef urls. If
# they work, then it has been set by your server backend and you do not need to
# set it here.
##
## No directory listings
IndexIgnore *
## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes
## Wdgt_rewrite in use.
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Origen Cms
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root home page
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Origen Cms Directory (just / for root).
##
# RewriteBase /
## Begin - Origen Cms core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Origen Cms core SEF Section.