2007-05-22 14:35:54 +02:00
|
|
|
# You might want to set up a virtual host for the server, but it is
|
|
|
|
|
# not a requirement. You can as well reach the server under its
|
2015-10-26 12:50:50 +01:00
|
|
|
# common name under https://yourroundcubeserver.example.com/
|
2007-05-22 14:35:54 +02:00
|
|
|
#
|
|
|
|
|
# NameVirtualHost *
|
|
|
|
|
# <VirtualHost *>
|
2015-10-26 12:50:50 +01:00
|
|
|
# ServerName yourroundcubeserver.example.com
|
|
|
|
|
# DocumentRoot __ROUNDCUBEPATH__
|
2007-05-22 14:35:54 +02:00
|
|
|
|
2012-02-13 14:41:00 +01:00
|
|
|
|
2007-05-22 14:35:54 +02:00
|
|
|
<IfModule mod_alias.c>
|
2020-07-06 18:42:59 +02:00
|
|
|
Alias /roundcube "__ROUNDCUBEPATH__/public_html"
|
2016-10-05 13:21:28 +02:00
|
|
|
Alias /roundcubemail "__ROUNDCUBEPATH__/public_html"
|
2007-05-22 14:35:54 +02:00
|
|
|
</IfModule>
|
|
|
|
|
|
2012-02-13 14:41:00 +01:00
|
|
|
# AddDefaultCharset UTF-8
|
|
|
|
|
AddType text/x-component .htc
|
|
|
|
|
|
2016-10-05 13:21:28 +02:00
|
|
|
<Directory "__ROUNDCUBEPATH__/public_html">
|
2015-10-26 12:50:50 +01:00
|
|
|
<IfModule mod_version.c>
|
|
|
|
|
<IfVersion < 2.4>
|
|
|
|
|
Order allow,deny
|
|
|
|
|
Allow from all
|
|
|
|
|
</IfVersion>
|
|
|
|
|
<IfVersion >= 2.4>
|
|
|
|
|
<IfModule mod_authz_core.c>
|
|
|
|
|
Require all granted
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule mod_access_compat.c>
|
|
|
|
|
Order allow,deny
|
|
|
|
|
Allow from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfVersion>
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule !mod_version.c>
|
|
|
|
|
Order allow,deny
|
|
|
|
|
Allow from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_php5.c>
|
2020-07-06 18:42:59 +02:00
|
|
|
Include @apache_sysconfdir@/conf.d/@name@.inc
|
2018-02-21 15:29:10 +01:00
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_php7.c>
|
2020-07-06 18:42:59 +02:00
|
|
|
Include @apache_sysconfdir@/conf.d/@name@.inc
|
2015-10-26 12:50:50 +01:00
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_rewrite.c>
|
2016-10-05 13:21:28 +02:00
|
|
|
Options +SymLinksIfOwnerMatch
|
2015-10-26 12:50:50 +01:00
|
|
|
RewriteEngine On
|
|
|
|
|
RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
|
2016-01-15 13:06:27 +01:00
|
|
|
|
|
|
|
|
# security rules:
|
|
|
|
|
# - deny access to files not containing a dot or starting with a dot
|
|
|
|
|
# in all locations except installer directory
|
|
|
|
|
RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - [F]
|
|
|
|
|
# - deny access to some locations
|
2018-10-26 16:42:37 +02:00
|
|
|
RewriteRule ^/?(\.git|\.tx|\.md|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
|
2017-03-16 19:36:30 +01:00
|
|
|
# - deny access to composer binaries
|
|
|
|
|
RewriteRule ^/vendor\/bin\/.* - [F]
|
2016-01-15 13:06:27 +01:00
|
|
|
# - deny access to some documentation files
|
2018-10-26 16:42:37 +02:00
|
|
|
RewriteRule /?(README|INSTALL|LICENSE|CHANGELOG|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F]
|
2015-10-26 12:50:50 +01:00
|
|
|
# security rules
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_deflate.c>
|
|
|
|
|
SetOutputFilter DEFLATE
|
|
|
|
|
</IfModule>
|
2012-02-13 14:41:00 +01:00
|
|
|
|
2020-02-19 07:18:10 +01:00
|
|
|
# prefer to brotli over gzip if brotli is available
|
|
|
|
|
<IfModule mod_brotli.c>
|
|
|
|
|
SetOutputFilter BROTLI_COMPRESS
|
|
|
|
|
# some assets have been compressed, so no need to do it again
|
|
|
|
|
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|web[pm]|woff2?)$ no-brotli
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
2019-12-22 20:03:52 +01:00
|
|
|
<IfModule mod_filter.c>
|
|
|
|
|
AddOutputFilterByType DEFLATE application/javascript
|
|
|
|
|
AddOutputFilterByType DEFLATE application/x-javascript
|
|
|
|
|
AddOutputFilterByType DEFLATE application/xhtml+xml
|
|
|
|
|
AddOutputFilterByType DEFLATE application/xml
|
|
|
|
|
AddOutputFilterByType DEFLATE application/json
|
|
|
|
|
AddOutputFilterByType DEFLATE text/css
|
|
|
|
|
AddOutputFilterByType DEFLATE text/html
|
|
|
|
|
AddOutputFilterByType DEFLATE text/plain
|
|
|
|
|
AddOutputFilterByType DEFLATE text/x-component
|
|
|
|
|
AddOutputFilterByType DEFLATE text/xml
|
|
|
|
|
<IfModule mod_setenvif.c>
|
|
|
|
|
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
|
|
|
|
|
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
|
|
|
|
BrowserMatch ^Mozilla/4.0[678] no-gzip
|
|
|
|
|
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
2015-10-26 12:50:50 +01:00
|
|
|
<IfModule mod_headers.c>
|
2016-10-05 13:21:28 +02:00
|
|
|
# for better privacy/security ask browsers to not set the Referer
|
2018-10-26 16:42:37 +02:00
|
|
|
Header set Content-Security-Policy "referrer no-referrer"
|
|
|
|
|
# don't cache, please
|
|
|
|
|
Header merge Cache-Control public env=!NO_CACHE
|
|
|
|
|
<IfModule mod_ssl.c>
|
|
|
|
|
# HSTS - HTTP Strict Transport Security
|
|
|
|
|
Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS
|
|
|
|
|
</IfModule>
|
|
|
|
|
# X-Xss-Protection
|
|
|
|
|
# This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit).
|
|
|
|
|
Header set X-XSS-Protection "1; mode=block"
|
2015-10-26 12:50:50 +01:00
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_expires.c>
|
|
|
|
|
ExpiresActive On
|
|
|
|
|
ExpiresDefault "access plus 1 month"
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
FileETag MTime Size
|
2016-10-05 13:21:28 +02:00
|
|
|
|
|
|
|
|
<IfModule mod_autoindex.c>
|
|
|
|
|
Options -Indexes
|
|
|
|
|
</ifModule>
|
2015-10-26 12:50:50 +01:00
|
|
|
</Directory>
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Special directories
|
|
|
|
|
#
|
|
|
|
|
|
2016-10-05 13:21:28 +02:00
|
|
|
<Directory "__ROUNDCUBEPATH__">
|
|
|
|
|
Options -FollowSymLinks
|
|
|
|
|
AllowOverride None
|
2015-10-26 12:50:50 +01:00
|
|
|
<IfModule mod_version.c>
|
|
|
|
|
<IfVersion < 2.4>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfVersion>
|
|
|
|
|
<IfVersion >= 2.4>
|
|
|
|
|
<IfModule mod_authz_core.c>
|
|
|
|
|
Require all denied
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule mod_access_compat.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfVersion>
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule !mod_version.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
2012-02-13 14:41:00 +01:00
|
|
|
</Directory>
|
|
|
|
|
|
2016-10-05 13:21:28 +02:00
|
|
|
<Directory "__ROUNDCUBEPATH__/bin">
|
|
|
|
|
<IfModule mod_version.c>
|
|
|
|
|
<IfVersion < 2.4>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfVersion>
|
|
|
|
|
<IfVersion >= 2.4>
|
|
|
|
|
<IfModule mod_authz_core.c>
|
|
|
|
|
Require all denied
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule mod_access_compat.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfVersion>
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule !mod_version.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</Directory>
|
|
|
|
|
|
|
|
|
|
<Directory "__ROUNDCUBEPATH__/config">
|
2015-10-26 12:50:50 +01:00
|
|
|
Options -FollowSymLinks
|
|
|
|
|
AllowOverride None
|
|
|
|
|
<IfModule mod_version.c>
|
|
|
|
|
<IfVersion < 2.4>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfVersion>
|
|
|
|
|
<IfVersion >= 2.4>
|
|
|
|
|
<IfModule mod_authz_core.c>
|
|
|
|
|
Require all denied
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule mod_access_compat.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfVersion>
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule !mod_version.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</Directory>
|
|
|
|
|
|
2016-10-05 13:21:28 +02:00
|
|
|
<Directory "__ROUNDCUBEPATH__/logs">
|
2015-10-26 12:50:50 +01:00
|
|
|
Options -FollowSymLinks
|
|
|
|
|
AllowOverride None
|
|
|
|
|
<IfModule mod_version.c>
|
|
|
|
|
<IfVersion < 2.4>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfVersion>
|
|
|
|
|
<IfVersion >= 2.4>
|
|
|
|
|
<IfModule mod_authz_core.c>
|
|
|
|
|
Require all denied
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule mod_access_compat.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfVersion>
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule !mod_version.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</Directory>
|
|
|
|
|
|
2016-10-05 13:21:28 +02:00
|
|
|
<Directory "__ROUNDCUBEPATH__/migration">
|
2015-10-26 12:50:50 +01:00
|
|
|
Options -FollowSymLinks
|
|
|
|
|
AllowOverride None
|
|
|
|
|
<IfModule mod_version.c>
|
|
|
|
|
<IfVersion < 2.4>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfVersion>
|
|
|
|
|
<IfVersion >= 2.4>
|
|
|
|
|
<IfModule mod_authz_core.c>
|
|
|
|
|
Require all denied
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule mod_access_compat.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfVersion>
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule !mod_version.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</Directory>
|
2016-10-05 13:21:28 +02:00
|
|
|
|
|
|
|
|
<Directory "__ROUNDCUBEPATH__/migrated">
|
2015-10-26 12:50:50 +01:00
|
|
|
Options -FollowSymLinks
|
|
|
|
|
AllowOverride None
|
|
|
|
|
<IfModule mod_version.c>
|
|
|
|
|
<IfVersion < 2.4>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfVersion>
|
|
|
|
|
<IfVersion >= 2.4>
|
|
|
|
|
<IfModule mod_authz_core.c>
|
|
|
|
|
Require all denied
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule mod_access_compat.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfVersion>
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule !mod_version.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</Directory>
|
2016-10-05 13:21:28 +02:00
|
|
|
|
|
|
|
|
<Directory "__ROUNDCUBEPATH__/plugins/enigma/home">
|
2015-10-26 12:50:50 +01:00
|
|
|
<IfModule mod_version.c>
|
|
|
|
|
<IfVersion < 2.4>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfVersion>
|
|
|
|
|
<IfVersion >= 2.4>
|
|
|
|
|
<IfModule mod_authz_core.c>
|
|
|
|
|
Require all denied
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule mod_access_compat.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfVersion>
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule !mod_version.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</Directory>
|
|
|
|
|
|
2016-10-05 13:21:28 +02:00
|
|
|
<Directory "__ROUNDCUBEPATH__/program">
|
2015-10-26 12:50:50 +01:00
|
|
|
<IfModule mod_rewrite.c>
|
|
|
|
|
RewriteEngine On
|
|
|
|
|
RewriteRule !^js|.*\.gif$ - [F]
|
|
|
|
|
</IfModule>
|
|
|
|
|
</Directory>
|
|
|
|
|
|
2016-10-05 13:21:28 +02:00
|
|
|
<Directory "__ROUNDCUBEPATH__/temp">
|
2015-10-26 12:50:50 +01:00
|
|
|
Options -FollowSymLinks
|
|
|
|
|
AllowOverride None
|
|
|
|
|
<IfModule mod_version.c>
|
|
|
|
|
<IfVersion < 2.4>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfVersion>
|
|
|
|
|
<IfVersion >= 2.4>
|
|
|
|
|
<IfModule mod_authz_core.c>
|
|
|
|
|
Require all denied
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule mod_access_compat.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfVersion>
|
|
|
|
|
</IfModule>
|
|
|
|
|
<IfModule !mod_version.c>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Deny from all
|
|
|
|
|
</IfModule>
|
|
|
|
|
</Directory>
|
2007-05-22 14:35:54 +02:00
|
|
|
|
2015-10-26 12:50:50 +01:00
|
|
|
#
|
2007-05-22 14:35:54 +02:00
|
|
|
# </VirtualHost>
|
|
|
|
|
|
