# Example Apache VirtualHost # for serving tkr as a subdirectory path without SSL # e.g. http://www.my-domain.com/tkr # # NOTE: Do not use in production. # This is provided for docker compose # (The included docker-compose file will mount it in the container image) # Replace localhost with your subdomain, e.g. tkr.my-domain.com ServerName localhost DocumentRoot /var/www/html # Security headers Header always set X-Frame-Options "SAMEORIGIN" Header always set X-XSS-Protection "1; mode=block" Header always set X-Content-Type-Options "nosniff" Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # tkr Application at /tkr # NOTE: If you change the directory name, # remember to update all instances of /var/www/tkr in this file to match Alias /tkr /var/www/tkr/public # Block access to sensitive TKR directories Require all denied Require all denied Require all denied Require all denied # 404 all non-css static files in /tkr (images, js, fonts, etc.) # so those requests don't hit the PHP app # (this is to reduce load on the PHP app from bots and scanners) Require all denied # tkr application directory Options -Indexes AllowOverride None Require all granted RewriteEngine On # Block direct PHP access RewriteCond %{THE_REQUEST} \s/[^?\s]*\.php[\s?] [NC] RewriteRule ^.*$ - [R=404,L] # Serve the one static file that exists: css/tkr.css # (Pass requests to css/custom/ through to the PHP app) RewriteCond %{REQUEST_URI} !^/tkr/css/custom/ RewriteRule ^css/tkr\.css$ css/tkr.css [L] # Send everything else to the front controller RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php [L] # Error and access logs ErrorLog ${APACHE_LOG_DIR}/my-domain_error.log CustomLog ${APACHE_LOG_DIR}/my-domain_access.log combined