[BUGFIX] Linkhandler - access to data outside editors pagetree
[Packages/TYPO3.CMS.git] / _web.config
1 <?xml version="1.0" encoding="UTF-8"?>
2 <configuration>
3     <system.webServer>
4         <httpProtocol>
5             <customHeaders>
6                 <add name="X-UA-Compatible" value="IE=edge" />
7                 <add name="Cache-Control" value="Public" />
8             </customHeaders>
9         </httpProtocol>
10         <rewrite>
11             <rules>
12                 <clear />
13
14                 <rule name="TYPO3 - Block access to composer files">
15                     <match url="composer\.(?:json|lock)" ignoreCase="true" />
16                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
17                 </rule>
18                 <rule name="TYPO3 - Block access to flexform files">
19                     <match url="flexform[^.]*\.xml" ignoreCase="true" />
20                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
21                 </rule>
22                 <rule name="TYPO3 - Block access to language files">
23                     <match url="locallang[^.]*\.(?:xml|xlf)$" ignoreCase="true" />
24                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
25                 </rule>
26                 <rule name="TYPO3 - Block access to static typoscript files">
27                     <match url="ext_conf_template\.txt|ext_typoscript_constants\.txt|ext_typoscript_setup\.txt" ignoreCase="true" />
28                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
29                 </rule>
30                 <rule name="TYPO3 - Block access to miscellaneous protected files">
31                     <match url="/.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$" ignoreCase="true" />
32                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
33                 </rule>
34                 <rule name="TYPO3 - Block access to recycler and temporary directories">
35                     <match url="_(?:recycler|temp)_/" ignoreCase="false" />
36                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
37                 </rule>
38                 <rule name="TYPO3 - Block access to configuration files stored in fileadmin">
39                     <match url="fileadmin/(?:templates)/.*\.(?:txt|ts)$" ignoreCase="false" />
40                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
41                 </rule>
42                 <rule name="TYPO3 - Block access to libaries, source and temporary compiled data">
43                     <match url="^(?:vendor|typo3_src|typo3temp/var)" ignoreCase="false" />
44                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
45                 </rule>
46                 <rule name="TYPO3 - Block access to protected extension directories">
47                     <match url="(?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/" ignoreCase="false" />
48                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
49                 </rule>
50                 <rule name="TYPO3 - Static File Directories" stopProcessing="true">
51                     <match url="^/(typo3|typo3temp|typo3conf|t3lib|tslib|fileadmin|uploads|showpic\.php|favicon\.ico)$" />
52                     <action type="None" />
53                 </rule>
54                 <rule name="TYPO3 - If the file/directory does not exist => Redirect to index.php." stopProcessing="true">
55                     <match url="^.*$" ignoreCase="false" />
56                     <conditions logicalGrouping="MatchAll">
57                         <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
58                         <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
59                     </conditions>
60                     <action type="Rewrite" url="index.php" appendQueryString="true" />
61                 </rule>
62
63             </rules>
64         </rewrite>
65         <staticContent>
66             <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="8.00:00:00" />
67         </staticContent>
68     </system.webServer>
69 </configuration>