## Apache Web server configuration file for i-doit
##
## This file requires:
##
## - Apache HTTPD >= 2.4 with enabled modules:
##   - rewrite
##   - expires
##   - headers
##   - authz_core
## - "AllowOverride All" within the "<Directory>" directive in your
##   "<VirtualHost>" directive
##
## For performance and security reasons we recommend to put these settings
## directly into your VirtualHost configuration and explicitly set
## "AllowOverride None". After each i-doit update you must repeat this.
##
## See the i-doit Knowledge Base for more details:
## <https://kb.i-doit.com/>

## Disable directory indexes:
Options -Indexes +SymLinksIfOwnerMatch

<IfModule mod_authz_core.c>
    ## Deny access to meta files:
    <Files "*.yml">
        Require all denied
    </Files>

    ## Deny access to hidden files:
    <FilesMatch "^\.">
        Require all denied
    </FilesMatch>

    ## Deny access to bash scripts:
    <FilesMatch "^(controller|.*\.sh)$">
        Require all denied
    </FilesMatch>

    ## Deny access to all PHP files…
    <Files "*.php">
        Require all denied
    </Files>

    ## …except some PHP files in root directory:
    <FilesMatch "^(index.php|controller\.php|proxy\.php)$">
        Require all granted
    </FilesMatch>

    ## …except some PHP files in src/:
    <Files "jsonrpc.php">
        Require all granted
    </Files>

    ## …except some PHP files in src/tools/php/:
    <FilesMatch "^(rt\.php|barcode_window\.php|barcode\.php)$">
        Require all granted
    </FilesMatch>

    ## …except some PHP files in src/tools/php/qr/:
    <FilesMatch "^(qr\.php|qr_img\.php)$">
        Require all granted
    </FilesMatch>

    ## …except some PHP files in src/tools/js/:
    <FilesMatch "^js\.php$">
        Require all granted
    </FilesMatch>
</IfModule>

## Deny access to some directories:
<IfModule mod_alias.c>
    RedirectMatch 403 ^/imports/.*$
    RedirectMatch 403 ^/log/.*$
    RedirectMatch 403 ^/temp/.*(?<!\.(css|xsl))$
    RedirectMatch 403 ^/upload/files/.*$
    RedirectMatch 403 ^/vendor/.*$
</IfModule>

## Cache static files:
<IfModule mod_expires.c>
    ExpiresActive On
    # A2592000 = 30 days
    ExpiresByType image/gif A2592000
    ExpiresByType image/png A2592000
    ExpiresByType image/jpg A2592000
    ExpiresByType image/jpeg A2592000
    ExpiresByType image/ico A2592000
    ExpiresByType text/css A2592000
    ExpiresByType text/javascript A2592000
    ExpiresByType image/x-icon "access 1 year"
    ExpiresDefault "access 2 week"

    <IfModule mod_headers.c>
        Header append Cache-Control "public"
    </IfModule>
</IfModule>

## Pretty URLs:
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule favicon\.ico$ images/favicon.ico [L]
    RewriteCond %{REQUEST_FILENAME} !-l
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule .* index.php [L,QSA]
</IfModule>
