forked from EC-CUBE/ec-cube3
-
Notifications
You must be signed in to change notification settings - Fork 1
/
web.config.sample
74 lines (69 loc) · 3.1 KB
/
web.config.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<!-- Don't show directory listings for URLs which map to a directory. -->
<directoryBrowse enabled="false" />
<rewrite>
<rules>
<rule name="Protect files and directories from prying eyes" stopProcessing="true">
<match url="\.(app|src)$" />
<action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." />
</rule>
<rule name="Force simple error message for requests for non-existent favicon.ico" stopProcessing="true">
<match url="favicon\.ico" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="404" subStatusCode="1" statusReason="File Not Found" statusDescription="The requested file favicon.ico was not found" />
</rule>
<!-- Rewrite URLs of the form 'x' to the form 'index.php/x'. -->
<rule name="Short URLs" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
<add input="{URL}" pattern="^(.*)\.(gif|png|jpe?g|css|ico|js|svg)$" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="index.php/{R:1}" appendQueryString="true" />
</rule>
</rules>
</rewrite>
<security>
<requestFiltering>
<denyUrlSequences>
<add sequence="composer" />
<add sequence="autoload" />
<add sequence="cli-config" />
<add sequence="COPYING" />
</denyUrlSequences>
<fileExtensions>
<add fileExtension=".ini" allowed="false" />
<add fileExtension=".lock" allowed="false" />
<add fileExtension=".dist" allowed="false" />
<add fileExtension=".git" allowed="false" />
<add fileExtension=".sh" allowed="false" />
<add fileExtension=".bak" allowed="false" />
<add fileExtension=".swp" allowed="false" />
</fileExtensions>
</requestFiltering>
</security>
<httpErrors>
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
</httpErrors>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="X-Content-Type-Options" value="nosniff"/>
</customHeaders>
</httpProtocol>
<defaultDocument>
<!-- Set the default document -->
<files>
<remove value="index.php" />
<add value="index.php" />
</files>
</defaultDocument>
</system.webServer>
</configuration>