2011-04-07 15:30:58 +00:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<configuration>
|
2014-08-25 15:50:58 +00:00
|
|
|
<location path=".">
|
2011-04-07 15:30:58 +00:00
|
|
|
<system.webServer>
|
2014-08-25 15:50:58 +00:00
|
|
|
<directoryBrowse enabled="false" />
|
2011-04-07 15:30:58 +00:00
|
|
|
<rewrite>
|
|
|
|
<rules>
|
2020-05-31 19:22:31 +00:00
|
|
|
<rule name="Joomla! Common Exploits Prevention" stopProcessing="true">
|
2011-04-07 15:30:58 +00:00
|
|
|
<match url="^(.*)$" ignoreCase="false" />
|
|
|
|
<conditions logicalGrouping="MatchAny">
|
|
|
|
<add input="{QUERY_STRING}" pattern="base64_encode[^(]*\([^)]*\)" ignoreCase="false" />
|
|
|
|
<add input="{QUERY_STRING}" pattern="(>|%3C)([^s]*s)+cript.*(<|%3E)" />
|
|
|
|
<add input="{QUERY_STRING}" pattern="GLOBALS(=|\[|\%[0-9A-Z]{0,2})" ignoreCase="false" />
|
|
|
|
<add input="{QUERY_STRING}" pattern="_REQUEST(=|\[|\%[0-9A-Z]{0,2})" ignoreCase="false" />
|
|
|
|
</conditions>
|
|
|
|
<action type="CustomResponse" url="index.php" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
|
|
|
|
</rule>
|
2020-05-31 19:22:31 +00:00
|
|
|
<rule name="Joomla! API Application SEF URLs">
|
|
|
|
<match url="^api/(.*)" ignoreCase="false" />
|
|
|
|
<conditions logicalGrouping="MatchAll">
|
|
|
|
<add input="{URL}" pattern="^/api/index.php" ignoreCase="true" negate="true" />
|
|
|
|
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
|
|
|
|
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
|
|
|
|
</conditions>
|
|
|
|
<action type="Rewrite" url="api/index.php" />
|
|
|
|
</rule>
|
|
|
|
<rule name="Joomla! Public Frontend SEF URLs">
|
2011-04-07 15:30:58 +00:00
|
|
|
<match url="(.*)" ignoreCase="false" />
|
|
|
|
<conditions logicalGrouping="MatchAll">
|
2012-01-10 18:15:25 +00:00
|
|
|
<add input="{URL}" pattern="^/index.php" ignoreCase="true" negate="true" />
|
|
|
|
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
|
|
|
|
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
|
2011-04-07 15:30:58 +00:00
|
|
|
</conditions>
|
|
|
|
<action type="Rewrite" url="index.php" />
|
|
|
|
</rule>
|
|
|
|
</rules>
|
|
|
|
</rewrite>
|
2019-02-11 15:46:38 +00:00
|
|
|
<httpProtocol>
|
|
|
|
<customHeaders>
|
|
|
|
<add name="X-Content-Type-Options" value="nosniff" />
|
2020-03-19 16:22:26 +00:00
|
|
|
<!-- Protect against certain cross-origin requests. More information can be found here: -->
|
|
|
|
<!-- https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP) -->
|
2020-05-30 13:30:46 +00:00
|
|
|
<!-- https://web.dev/why-coop-coep/ -->
|
2020-03-19 16:22:26 +00:00
|
|
|
<!-- <add name="Cross-Origin-Resource-Policy" value="same-origin" /> -->
|
2020-05-30 13:30:46 +00:00
|
|
|
<!-- <add name="Cross-Origin-Embedder-Policy" value="require-corp" /> -->
|
2019-02-11 15:46:38 +00:00
|
|
|
</customHeaders>
|
|
|
|
</httpProtocol>
|
2011-04-07 15:30:58 +00:00
|
|
|
</system.webServer>
|
2015-03-11 20:25:51 +00:00
|
|
|
</location>
|
2011-04-07 15:30:58 +00:00
|
|
|
</configuration>
|