You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm suggesting this be updated to the Apache config that's actually used in F3:
# Enable rewrite engine and route requests to framework
RewriteEngine On
# Some servers require you to specify the `RewriteBase` directive
# In such cases, it should be the path (relative to the document root)
# containing this .htaccess file
#
# RewriteBase /
RewriteRule ^(tmp)\/|\.ini$ - [R=404]
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L,QSA]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
The reason being that using the paired down sample apache config in the readme is missing the RewriteRule ^(tmp)\/|\.ini$ - [R=404] which could leave a server open to having .ini files accessible exposing your routes and any variables (which could potentially include database or other credentials).
The text was updated successfully, but these errors were encountered:
The readme contains a sample Apache Configuration:
See https://github.com/bcosca/fatfree#sample-apache-configuration
I'm suggesting this be updated to the Apache config that's actually used in F3:
The reason being that using the paired down sample apache config in the readme is missing the
RewriteRule ^(tmp)\/|\.ini$ - [R=404]
which could leave a server open to having .ini files accessible exposing your routes and any variables (which could potentially include database or other credentials).The text was updated successfully, but these errors were encountered: