# Example Apache VirtualHost # for serving tkr as a subdomain root without SSL # e.g. http://tkr.my-domain.com/ # # NOTE: Do not use in production. # This is provided for docker compose # (The included docker-compose file will mount it in the container image) ServerName localhost DocumentRoot /var/www/tkr/public # Security headers Header always set X-Frame-Options "SAMEORIGIN" Header always set X-XSS-Protection "1; mode=block" Header always set X-Content-Type-Options "nosniff" Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # Block access to sensitive directories Require all denied Require all denied Require all denied Require all denied # Block access to hidden files Require all denied # Cache CSS files Header set Cache-Control "public, max-age=3600" # Serve static CSS file Alias /css/tkr.css /var/www/tkr/public/css/tkr.css # 404 all non-css static files (images, js, fonts, etc.) # so those requests don't hit the PHP app # (this is to reduce load on the PHP app from bots and scanners) Require all denied # Enable rewrite engine Options -Indexes AllowOverride None Require all granted RewriteEngine On # Block direct PHP access RewriteCond %{THE_REQUEST} \s/[^?\s]*\.php[\s?] [NC] RewriteRule ^.*$ - [R=404,L] # Serve the one static file that exists: css/tkr.css # (Pass requests to css/custom/ through to the PHP app) RewriteCond %{REQUEST_URI} !^/css/custom/ RewriteRule ^css/tkr\.css$ css/tkr.css [L] # Everything else to front controller RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php [L] # Error and access logs ErrorLog ${APACHE_LOG_DIR}/tkr_error.log CustomLog ${APACHE_LOG_DIR}/tkr_access.log combined