Htaccess examples (security)
From Joomla! Documentation
It could be useful to add some explanations of what these settings do. Jossi 16:53, 6 March 2009 (UTC)
move olddomain redirect?[edit]
Why not move the olddomain redirect section to its own code block, or in the other useful settings code block.
Edit Requests 9 Dec 2014 15:03[edit]
Hi,
This .htaccess file only allows tmpl=system and tmpl=component. It is possible for developers and templates to provide more options as we do in Nooku Framework.
This rule also does not stop people from fingerprinting Joomla sites either as any URL can still be accessed with tmpl=component.
So I would like to request the removal of the |mpl part in the following line:
RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC]
More info and explanation can be found in the below links:
https://github.com/nikosdion/master-htaccess/issues/1 https://github.com/nikosdion/master-htaccess/pulls/2
- Hi, if you would like to put this forth you will have to create an issue on http://issues.joomla.org, and submit a PR for consideration. Please know, the examples you cited are considered not acceptable now by Nic. Thanks Tom Hutchison (talk) 08:05, 19 December 2014 (CST)
Edit Requests 8 Jun 2022 11:26[edit]
The .htaccess example contains a very, VERY old reference to Admin Tools' Joomla Update which has been superseded twice by the core Joomla! Update.
As per https://github.com/joomla/joomla-cms/pull/35388 we need to change
- Allow Admin Tools Joomla! updater to run
RewriteRule ^administrator/components/com_admintools/restore\.php$ - [L]
with
- Joomla! Update (core feature) — Joomla versions 2.5.1 through 4.0.2
RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$ - [L]
- Joomla! Update (core feature) — Joomla versions 4.0.3 and later
RewriteRule ^administrator\/components\/com_joomlaupdate\/extract\.php$ - [L]
I would do it myself but I do not have the edit rights.