# HG changeset patch # User IBBoard # Date 1723379399 -3600 # Node ID b0531370e183fcf2d9c73a683939fafb62ca2681 # Parent 1d39bde7f9095251882e3605e2588adcf32b320b Avoid fully controllable rewrite prefix Apache doesn't guarantee that rewrites are URLs or paths within the prefix and will process them rather than error, so close a fully controllable rewrite prefix: https://blog.orange.tw/2024/08/confusion-attacks-en.html?m=1 diff -r 1d39bde7f909 -r b0531370e183 modules/website/files/conf.extra/no-index.conf --- a/modules/website/files/conf.extra/no-index.conf Sun Aug 11 11:18:31 2024 +0100 +++ b/modules/website/files/conf.extra/no-index.conf Sun Aug 11 13:29:59 2024 +0100 @@ -1,2 +1,2 @@ RewriteEngine On -RewriteRule ^(.*)/index.(php|htm(l?))$ $1/ [R=301,L] +RewriteRule ^(/.+)?/index.(php|htm(l?))$ $1/ [R=301,L]