summaryrefslogtreecommitdiff
path: root/.htaccess
blob: 1f00039e10fa6717be8f37cce67c6ff5a9edc43a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
#############################################################################
##### Flyspray .htaccess Config. To be used with Apache Server ###
##### Check for Mod-Rewrite module ############################################
#### rename this file to .htaccess to use these features
###############################################################################

AddDefaultCharset utf-8

DirectoryIndex index.php index.html

# Mod security conflicts with flyspray and you do not need it here

#for mod_security 1
<IfModule mod_security.c>
   SecFilterEngine Off
</IfModule>
#modsecurity 2
<IfModule security2_module>
   SecRuleEngine Off
</IfModule>

# php5 as  apache 1/2 module
<IfModule mod_php5.c>
php_flag register_globals Off
php_flag magic_quotes_gpc Off
php_flag session.use_trans_sid 0
php_flag session.auto_start 0
php_flag short_open_tag off
php_flag register_argc_argv Off
php_flag register_long_arrays Off
#not for now, flyspray has it's own filters.
php_value filter.default "unsafe_raw"
php_flag always_populate_raw_post_data Off
</IfModule>

# php4 as **apache 2** module
<IfModule sapi_apache2.c>
php_flag register_globals Off
php_flag magic_quotes_gpc Off
php_flag session.use_trans_sid 0
php_flag session.auto_start 0
php_flag short_open_tag off
php_flag register_argc_argv Off
php_value filter.default "unsafe_raw"
php_flag always_populate_raw_post_data Off
</IfModule>

# We only use POST GET and HEAD (implicit)
<LimitExcept POST GET>
	Order Deny,Allow
	Deny From All
</LimitExcept>

# hide possible development files
<Files ~ "^composer\.(json|lock|phar)$">
	order deny,allow
	deny from all
</Files>

# Some hostings have autocorrection of minor misspelled URLs enabled.
# We do not want that for Flyspray as it could lead to subtile unwanted behavior.
<IfModule mod_speling.c>
	CheckSpelling Off
</IfModule>

# probably mod_negotiation plays foul with mod_rewrite on this two rules:
#     RewriteRule ^index$ index.php?do=index [L,QSA]
#     RewriteRule ^index/proj([0-9]+)$ index.php?do=index&project=$1 [L,QSA]
# So try to deactivate it by -MultiViews (which is sadly not possible in every web hosting environment - gives error500)
#Options -MultiViews

<IfModule mod_rewrite.c>
RewriteEngine on

# Set RewriteBase to urlpath where Flyspray is accessible.
RewriteBase /
# Use this if Flyspray is accessible from a subdirectory of your domain.
#RewriteBase /flyspray/

# You can force TLS/SSL by uncommenting this 2 lines if you have a valid certificate for your domain
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# In the case of TLS/SSL available, set also session.cookie_secure=1
# so that the session cookie can't be sniffed by Man-in-the-Middle or same network.
# Depends on your server setup/webhosting if done in php.ini, .user.ini or somehow/somewhere else.
# Ask your web hoster if you don't know.

# used for enabling url_rewriting check in admin prefs
RewriteRule . - [E=HTTP_MOD_REWRITE:On]

RewriteRule ^.*\?do=admin&area=prefs$ index.php?do=admin&area=prefs [L,QSA]

RewriteRule ^([0-9]+)$ index.php?do=details&task_id=$1 [L,QSA]
RewriteRule ^task/([0-9]+)$ index.php?do=details&task_id=$1 [L,QSA]
RewriteRule ^task/([0-9]+)comment([0-9]+)$ index.php?do=details&task_id=$1comment$2 [L,QSA]
RewriteRule ^task/([0-9]+)/depends$ index.php?do=depends&task_id=$1 [L,QSA]
RewriteRule ^task/([0-9]+)/depends&prune=([0-9]+)$ index.php?do=depends&task_id=$1&prune=$2 [L,QSA]
RewriteRule ^task/([0-9]+)/edit$ index.php?do=details&task_id=$1&edit=yep [L,QSA]

RewriteRule ^newtask$ index.php?do=newtask [L,QSA]
RewriteRule ^newtask/proj([0-9]+)$ index.php?do=newtask&project=$1 [L,QSA]
RewriteRule ^newtask/proj([0-9]+)/supertask([0-9]+)$ index.php?do=newtask&project=$1&supertask=$2 [L,QSA]

RewriteRule ^reports/proj([0-9]+)$ index.php?do=reports&project=$1 [L,QSA]
RewriteRule ^myprofile$ index.php?do=myprofile [L,QSA]
RewriteRule ^user/([0-9]+)$ index.php?do=user&id=$1 [L,QSA]
RewriteRule ^logout$ index.php?do=authenticate&logout=1 [L,QSA]

RewriteRule ^admin/([a-zA-Z]+)$ index.php?do=admin&area=$1 [L,QSA]
RewriteRule ^pm/proj([0-9]+)/([a-zA-Z]+)$ index.php?do=pm&project=$1&area=$2 [L,QSA]

RewriteRule ^admin/editgroup/([0-9]+)$ index.php?do=admin&area=editgroup&id=$1 [L,QSA]
RewriteRule ^pm/editgroup/([0-9]+)$ index.php?do=pm&area=editgroup&id=$1 [L,QSA]
RewriteRule ^edituser/([0-9]+)$ index.php?do=admin&area=users&user_id=$1 [L,QSA]
RewriteRule ^register$ index.php?do=register [L,QSA]
RewriteRule ^lostpw$ index.php?do=lostpw [L,QSA]

# gantt and team are experimental pagetypes not within FS1.0 
RewriteRule ^gantt/proj([0-9]+)$ index.php?do=gantt&project=$1 [L,QSA]
RewriteRule ^team$ index.php?do=team [L,QSA]
RewriteRule ^team/proj([0-9]+)$ index.php?do=team&project=$1 [L,QSA]

RewriteRule ^roadmap$ index.php?do=roadmap [L,QSA]
RewriteRule ^roadmap/proj([0-9]+)$ index.php?do=roadmap&project=$1 [L,QSA]
RewriteRule ^toplevel$ index.php?do=toplevel [L,QSA]
RewriteRule ^toplevel/proj([0-9]+)$ index.php?do=toplevel&project=$1 [L,QSA]
RewriteRule ^tasklist$ index.php?do=tasklist [L,QSA]
RewriteRule ^tasklist/proj([0-9]+)$ index.php?do=tasklist&project=$1 [L,QSA]

# homepage (can be tasklist, toplevel, or roadmap; maybe gantt in future too)
RewriteRule ^index$ index.php?do=index [L,QSA]
RewriteRule ^index/proj([0-9]+)$ index.php?do=index&project=$1 [L,QSA]
RewriteRule ^newmultitasks/proj([0-9]+)$ index.php?do=newmultitasks&project=$1 [L,QSA]

RewriteRule ^proj([0-9]+)/dev([0-9]+)$ index.php?project=$1&do=index&dev=$2 [L,QSA]
RewriteRule ^proj([0-9]+)$ index.php?project=$1 [L,QSA]

</IfModule>

<IfModule mod_env.c>
#SetEnv HTTP_HTACCESS_ENABLED on
</IfModule>