-
Notifications
You must be signed in to change notification settings - Fork 15
/
mediawiki.conf
102 lines (88 loc) · 3.33 KB
/
mediawiki.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Set upload limit to 210MB to allow for larger file uploads
# NOTE: this limit is also enforced by php's limits, see /etc/php.ini
LimitRequestBody 220200960
# has to set to NoDecode so that the URLs with "/"(slash) can be accepted and applied to RewriteRule
AllowEncodedSlashes NoDecode
# for mod_remoteip to get real client IP
RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1/8
# %a uses IP from mod_remoteip
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Support for SSL, redirect HTTP to HTTPS and place in SSL stuff.
<IfModule ssl_module>
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt
SSLCertificateKeyFile /etc/apache2/ssl.key
SSLCertificateChainFile /etc/apache2/ssl.bundle.crt
</VirtualHost>
</IfModule>
ProxyPass /api/rest_v1 ${RESTBASE_URL}/localhost/v1 nocanon
ProxyPassReverse /api/rest_v1 ${RESTBASE_URL}/localhost/v1 nocanon
<Directory /var/www/html>
# Use of .htaccess files exposes a lot of security risk,
# disable them and put all the necessary configuration here instead.
AllowOverride None
RewriteEngine On
RewriteBase /
# Expose REST API at /api/rest_v1/
# "NE" is needed so that the correct URL encoding such as "%2F" (slash) being passed to backend correctly
# RewriteCond %{ENV:RESTBASE_URL} "!^restbase-is-not-specified$"
# RewriteRule ^api/rest_v1/(.*)$ %{ENV:RESTBASE_URL}/localhost/v1/$1 [P,L,NE]
# RewriteRule ^w/(.*)$ %{DOCUMENT_ROOT}/$1 [L]
# Short url for wiki pages
RewriteRule ^wiki/(.*)?$ %{DOCUMENT_ROOT}/index.php [L]
RewriteRule ^wiki$ /wiki/ [R,L]
# Redirect / to Main Page
# RewriteRule ^$ /wiki/ [R,L]
<If "! %{REQUEST_URI} =~ m#^/(api|rest)\.php#">
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^/?images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2 [L,QSA,B]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^/?images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]
</If>
</Directory>
<Directory /var/www/html/images>
# Ignore .htaccess files
AllowOverride None
# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php
# Don't run arbitrary PHP code.
php_admin_flag engine off
</Directory>
# Protect risky directory from abuse
<Directory /var/www/html/cache/>
Deny from all
</Directory>
<Directory /var/www/html/includes/>
Deny from all
</Directory>
<Directory /var/www/html/languages/>
Deny from all
</Directory>
<Directory /var/www/html/maintenance/>
Deny from all
</Directory>
<Directory /var/www/html/maintenance/archives/>
Deny from all
</Directory>
<Directory /var/www/html/serialized/>
Deny from all
</Directory>
<Directory /var/www/html/tests/>
Deny from all
</Directory>
<Directory /var/www/html/tests/qunit/>
Allow from all
</Directory>