Fix EZP-27285: Prevent access to website with direct usage of index.p…

…hp in URL
ezpublishlegacy · Jul 26, 2017 · 516e504 · 516e504
1 parent 8d6ff00
commit 516e504
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/doc/apache2/vhost.template b/doc/apache2/vhost.template
@@ -138,6 +138,9 @@
         #RewriteCond %{ENV:ENVIRONMENT} "dev"
         #RewriteRule .* /index_dev.php [L]
 
+        # Prevent access to website with direct usage of app.php in URL
+        RewriteRule ^/(.+/)?index\.php - [R=404,L]
+
         RewriteRule .* /index.php
     </IfModule>
 

diff --git a/doc/nginx/etc/nginx/ez_params.d/ez_rewrite_params b/doc/nginx/etc/nginx/ez_params.d/ez_rewrite_params
@@ -35,5 +35,10 @@ rewrite "^/w3c/p3p\.xml" "/w3c/p3p.xml" break;
 # Following rule is needed to correctly display assets from eZ Publish5 / Symfony bundles
 rewrite "^/bundles/(.*)" "/bundles/$1" break;
 
+# Prevent access to website with direct usage of index.php in URL
+if ($request_uri ~ "^/(.+/)?index\.php") {
+    return 404;
+}
+
 rewrite "^(.*)$" "/index.php$1" last;