diff --git a/patches/htaccess.patch b/patches/htaccess.patch index 4813d81845..553eeafcef 100644 --- a/patches/htaccess.patch +++ b/patches/htaccess.patch @@ -1,5 +1,5 @@ diff --git a/docroot/.htaccess b/docroot/.htaccess -index 4d19147c..80b4a625 100644 +index 4d19147c..df15a39f 100644 --- a/docroot/.htaccess +++ b/docroot/.htaccess @@ -1,3 +1,24 @@ @@ -27,18 +27,24 @@ index 4d19147c..80b4a625 100644 # # Apache/PHP/Drupal settings: # -@@ -67,6 +88,54 @@ AddEncoding gzip svgz +@@ -67,6 +88,60 @@ AddEncoding gzip svgz RewriteEngine on - + ++ # Block access via specific user-agents. ++ RewriteCond %{HTTP_USER_AGENT} CQ-API-Spyder [NC] ++ RewriteRule .* - [F,L] ++ + # Block access to php & html files. Node_modules and the vendor + # directory should never be available. Also block any WordPress urls. + RewriteCond %{REQUEST_URI} node_modules [OR,NC] + RewriteCond %{REQUEST_URI} ^/vendor [OR,NC] + RewriteCond %{REQUEST_URI} "/wp-(admin|content/plugins/|includes|cron\.php|config\.php|login\.php|signup\.php)|xmlrpc.php" [OR,NC] + RewriteCond %{THE_REQUEST} \.php[/\s?] [OR,NC] -+ RewriteCond %{THE_REQUEST} \.html[/\s?] [NC] ++ RewriteCond %{REQUEST_URI} \.html [NC] ++ # Allow access to SimpleSaml login and music.stanford.edu redirect path. + RewriteCond %{REQUEST_URI} !^/simplesaml/module.php ++ RewriteCond %{REQUEST_URI} !^/Academics/LessonSignups.html + RewriteRule .* - [F] + + # Block access to specific files/paths to all users except stanford IP's. @@ -82,7 +88,7 @@ index 4d19147c..80b4a625 100644 # Set "protossl" to "s" if we were accessed via https://. This is used later # if you enable "www." stripping or enforcement, in order to ensure that # you don't bounce between http and https. -@@ -144,6 +213,8 @@ AddEncoding gzip svgz +@@ -144,6 +219,8 @@ AddEncoding gzip svgz RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$ # Allow access to test-specific PHP files: RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php