Block access to internal files and improve docs (resolves #6)

daniel-lerch · Nov 11, 2019 · 559dd8d · 559dd8d
1 parent 6d38d02
commit 559dd8d
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/.htaccess b/.htaccess
@@ -0,0 +1,19 @@
+# Prevent access to some application files
+<ifModule mod_rewrite.c>
+    RewriteEngine on
+    RewriteCond "%{REQUEST_URI}" "^\/.git" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/.docker" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/config" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/docs" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/locallang" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/src" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/templates" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/templates_c" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/vendor" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/composer" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/Dockerfile$" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/LICENSE$" [OR]
+    RewriteCond "%{REQUEST_URI}" "^\/README\.md$" [OR]
+    RewriteCond "%{REQUEST_URI}" "\.inc\.php$"
+    RewriteRule .* - [R=404]
+</ifModule>
diff --git a/README.md b/README.md
@@ -7,5 +7,8 @@ As kOOL is built on old software and never had a good architecture, it would be
 ## Installation
 The recommended deployment option is to use Docker containers. An example _Compose file_ is available in the `docs` folder.
 
+### Running in a subfolder
+It is possible to run OpenKool with a specific path base like https://domain.tld/kool. When you are using the Docker container, you have to add an `Alias` directive to the site configuration in `/etc/apache2/sites-available/000-default.conf` and mount this file outside of the container to persist your changes. In any deployment you have to prepend the `RewriteCond` patterns with your pathbase in the `.htaccess` file.
+
 ## Contributing
 Contributions are very welcome. Please open an issue to discuss your wishes before implementing them.