#################################################################################################
# START PROCESSWIRE HTACCESS DIRECTIVES
# @version 2.3
#################################################################################################
# -----------------------------------------------------------------------------------------------
# Don't show directory indexes, but do follow symbolic links
# Note: some cloud hosting companies don't allow +FollowSymLinks
# Uncomment +SymLinksifOwnerMatch and comment +FollowSymLinks if you have troubles
# -----------------------------------------------------------------------------------------------
Options -Indexes
Options +FollowSymLinks
# Options +SymLinksifOwnerMatch
# -----------------------------------------------------------------------------------------------
# Let ProcessWire handle 404s
# -----------------------------------------------------------------------------------------------
ErrorDocument 404 /index.php
# -----------------------------------------------------------------------------------------------
# Handle request for missing favicon.ico/robots.txt files (no ending quote for Apache 1.3)
# -----------------------------------------------------------------------------------------------
<Files favicon.ico>
ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>
<Files robots.txt>
ErrorDocument 404 "The requested file robots.txt was not found.
</Files>
# -----------------------------------------------------------------------------------------------
# Protect ProcessWire system files (part 1)
# -----------------------------------------------------------------------------------------------
<FilesMatch ".(inc|info|module|sh|sql)$|^(..*)$">
Order allow,deny
</FilesMatch>
# -----------------------------------------------------------------------------------------------
# Override a few PHP settings that can't be changed at runtime (not required)
# -----------------------------------------------------------------------------------------------
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_sybase off
php_flag register_globals off
</IfModule>
# -----------------------------------------------------------------------------------------------
# Set default directory index files
# -----------------------------------------------------------------------------------------------
DirectoryIndex index.php index.html index.htm
# -----------------------------------------------------------------------------------------------
# ProcessWire requires mod_rewrite
# -----------------------------------------------------------------------------------------------
<IfModule mod_rewrite.c>
RewriteEngine On
AddDefaultCharset UTF-8
# -----------------------------------------------------------------------------------------------
# Set an environment variable so the installer can detect that mod_rewrite is active.
# -----------------------------------------------------------------------------------------------
SetEnv HTTP_MOD_REWRITE On
# -----------------------------------------------------------------------------------------------
# Optional: Set a rewrite base if rewrites aren't working properly on your server.
# And if your site directory starts with a "~" you will most likely have to use this.
# -----------------------------------------------------------------------------------------------
# RewriteBase /
# RewriteBase /pw/
# RewriteBase /~user/
# -----------------------------------------------------------------------------------------------
# Access Restrictions: Keep web users out of dirs that begin with a period
# -----------------------------------------------------------------------------------------------
RewriteRule ^fast-cgi-fake-handler/ - [L,NC]
RewriteRule "(^|/)." - [F]
# -----------------------------------------------------------------------------------------------
# Optional: Redirect users to the 'www.' version of the site (uncomment to enable).
# For example: http://processwire.com/ would be redirected to http://www.processwire.com/
# -----------------------------------------------------------------------------------------------
# RewriteCond %{HTTP_HOST} !^www. [NC]
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# -----------------------------------------------------------------------------------------------
# Access Restrictions: Protect ProcessWire system files
# -----------------------------------------------------------------------------------------------
# Block access to any htaccess files
RewriteCond %{REQUEST_URI} (^|/).htaccess$ [NC,OR]
# Block access to protected assets directories
RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) [OR]
# Block acceess to the /site/install/ directory
RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/install($|/.*$) [OR]
# Block dirs in /site/assets/ dirs that start with a hyphen
RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets.*/-.+/.* [OR]
# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
RewriteCond %{REQUEST_URI} (^|/)(wire|site|site-[^/]+)/(config|index.config|config-dev).php$ [OR]
# Block access to any PHP-based files in /templates-admin/
RewriteCond %{REQUEST_URI} (^|/)(wire|site|site-[^/]+)/templates-admin($|/|/.*.(php|html?|tpl|inc))$ [OR]
# Block access to any PHP or markup files in /site/templates/
RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/templates($|/|/.*.(php|html?|tpl|inc))$ [OR]
# Block access to any PHP files in /site/assets/
RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets($|/|/.*.php)$ [OR]
# Block access to any PHP files in core or core module directories
RewriteCond %{REQUEST_URI} (^|/)wire/(core|modules)/.*.(php|inc|tpl|module)$ [OR]
# Block access to any PHP files in /site/modules/
RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/modules/.*.(php|inc|tpl|module)$ [OR]
# Block access to any software identifying txt files
RewriteCond %{REQUEST_URI} (^|/)(COPYRIGHT|INSTALL|README|htaccess).(txt|md)$ [OR]
# Block all http access to the default/uninstalled site-default directory
RewriteCond %{REQUEST_URI} (^|/)site-default/
# If any conditions above match, isssue a 403 forbidden
RewriteRule ^.*$ - [F,L]
# -----------------------------------------------------------------------------------------------
# Ensure that the URL follows the name-format specification required by ProcessWire
# -----------------------------------------------------------------------------------------------
RewriteCond %{REQUEST_URI} "^/~?[-_.a-zA-Z0-9/]*$"
# -----------------------------------------------------------------------------------------------
# If the request is for a file or directory that physically exists on the server,
# then don't give control to ProcessWire, and instead load the file
# -----------------------------------------------------------------------------------------------
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !(favicon.ico|robots.txt)
# -----------------------------------------------------------------------------------------------
# Optional: Don't send missing image requests to ProcessWire (uncomment below to enable).
# This might be helpful if you are launching a new site and lots of images have moved.
# It will reduce the load on the server not to have ProcessWire trying to serve those requests.
# -----------------------------------------------------------------------------------------------
# RewriteCond %{REQUEST_URI} !.(gif|jpg|png|ico)$ [NC]
# -----------------------------------------------------------------------------------------------
# Pass control to ProcessWire if all the above directives allow us to this point.
# For regular VirtualHosts (most installs)
# -----------------------------------------------------------------------------------------------
RewriteRule ^(.*)$ index.php?it=$1 [L,QSA]
# -----------------------------------------------------------------------------------------------
# If using VirtualDocumentRoot: comment out the one above and use this one instead.
# -----------------------------------------------------------------------------------------------
# RewriteRule ^(.*)$ /index.php?it=$1 [L,QSA]
</IfModule>
#################################################################################################
# END PROCESSWIRE HTACCESS DIRECTIVES
#################################################################################################