Skip to content
Snippets Groups Projects
Commit 7525d1a7 authored by catch's avatar catch
Browse files

Issue #1733476 by greggles, BMDan: Fixed Make default htaccess rules protocol... 

Issue #1733476 by greggles, BMDan: Fixed Make default htaccess rules protocol sensitive to avoid man-in-the-middle-attacks if users don't fully customize the rule.
parent e62125d6
No related branches found
No related tags found
2 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
Hide whitespace changes
Inline Side-by-side
Showing
with 10 additions and 2 deletions
.htaccess
+ 10
2
View file @ 7525d1a7
...@@ -56,6 +56,13 @@ DirectoryIndex index.php index.html index.htm ...@@ -56,6 +56,13 @@ DirectoryIndex index.php index.html index.htm
<IfModule mod_rewrite.c> <IfModule mod_rewrite.c>
RewriteEngine on RewriteEngine on
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Block access to "hidden" directories whose names begin with a period. This # Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or # includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well # Git to store control files. Files whose names begin with a period, as well
...@@ -78,14 +85,15 @@ DirectoryIndex index.php index.html index.htm ...@@ -78,14 +85,15 @@ DirectoryIndex index.php index.html index.htm
# To redirect all users to access the site WITH the 'www.' prefix, # To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...) # (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following: # uncomment the following:
# RewriteCond %{HTTP_HOST} .
# RewriteCond %{HTTP_HOST} !^www\. [NC] # RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# #
# To redirect all users to access the site WITHOUT the 'www.' prefix, # To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...) # (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following: # uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301] # RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a # Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly. # VirtualDocumentRoot and the rewrite rules are not working properly.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment