[TASK] Provide missing example configuration for TYPO3 on Microsoft IIS 02/54102/2
authorBenjamin Kott <benjamin.kott@wfp2.com>
Sun, 2 Jul 2017 19:29:38 +0000 (21:29 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Sun, 10 Sep 2017 13:57:32 +0000 (15:57 +0200)
Releases: master, 8.7
Resolves: #81769
Change-Id: I92df0fc254b4a729298f32d1482ad2a0f39502bf
Reviewed-on: https://review.typo3.org/54102
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
INSTALL.md
_web.config [new file with mode: 0644]

index ebce437..59fa6a4 100644 (file)
@@ -171,6 +171,11 @@ cd ..
   cp typo3_src/_.htaccess .htaccess
 ```
 
+* In case you use IIS, install the URL Rewrite 2.x module and copy the web.config to your Document Root:
+```
+  cp typo3_src/_web.config web.config
+```
+
 You end up with the follow structure of files:
 
 ```
@@ -178,7 +183,8 @@ You end up with the follow structure of files:
   htdocs/typo3_src -> ../typo3_src-8.x.x/
   htdocs/typo3 -> typo3_src/typo3/
   htdocs/index.php -> typo3_src/index.php
-  htdocs/.htaccess
+  htdocs/.htaccess (only on Apache)
+  htdocs/web.config (only on IIS)
 ```
 
 This allows you to upgrade TYPO3 later by simply replacing the symlink
@@ -232,11 +238,13 @@ Please note that this is not a recommended setup!
 * Upload all files and subdirectories directly in your Document Root
   (where files that are served by your webserver are located).
 * In case your provider uses Apache, rename the file `_.htaccess` to `.htaccess`.
+* In case your provider uses IIS, rename the file `_web.config` to `web.config`.
 
 You end up with this files in your Document Root:
 
 ```
- .htaccess
+ .htaccess (only on Apache)
+ web.config (only on IIS)
  ChangeLog
  GPL.txt
  index.php
diff --git a/_web.config b/_web.config
new file mode 100644 (file)
index 0000000..c2d20f4
--- /dev/null
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <system.webServer>
+        <httpProtocol>
+            <customHeaders>
+                <add name="X-UA-Compatible" value="IE=edge" />
+                <add name="Cache-Control" value="Public" />
+            </customHeaders>
+        </httpProtocol>
+        <rewrite>
+            <rules>
+                <clear />
+
+                <rule name="TYPO3 - Block access to composer files">
+                    <match url="composer\.(?:json|lock)" ignoreCase="true" />
+                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
+                </rule>
+                <rule name="TYPO3 - Block access to flexform files">
+                    <match url="flexform[^.]*\.xml" ignoreCase="true" />
+                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
+                </rule>
+                <rule name="TYPO3 - Block access to language files">
+                    <match url="locallang[^.]*\.(?:xml|xlf)$" ignoreCase="true" />
+                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
+                </rule>
+                <rule name="TYPO3 - Block access to static typoscript files">
+                    <match url="ext_conf_template\.txt|ext_typoscript_constants\.txt|ext_typoscript_setup\.txt" ignoreCase="true" />
+                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
+                </rule>
+                <rule name="TYPO3 - Block access to miscellaneous protected files">
+                    <match url="/.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$" ignoreCase="true" />
+                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
+                </rule>
+                <rule name="TYPO3 - Block access to recycler and temporary directories">
+                    <match url="_(?:recycler|temp)_/" ignoreCase="false" />
+                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
+                </rule>
+                <rule name="TYPO3 - Block access to configuration files stored in fileadmin">
+                    <match url="fileadmin/(?:templates)/.*\.(?:txt|ts)$" ignoreCase="false" />
+                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
+                </rule>
+                <rule name="TYPO3 - Block access to libaries, source and temporary compiled data">
+                    <match url="^(?:vendor|typo3_src|typo3temp/var)" ignoreCase="false" />
+                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
+                </rule>
+                <rule name="TYPO3 - Block access to protected extension directories">
+                    <match url="(?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/" ignoreCase="false" />
+                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
+                </rule>
+                <rule name="TYPO3 - Static File Directories" stopProcessing="true">
+                    <match url="^/(typo3|typo3temp|typo3conf|t3lib|tslib|fileadmin|uploads|showpic\.php|favicon\.ico)$" />
+                    <action type="None" />
+                </rule>
+                <rule name="TYPO3 - If the file/directory does not exist => Redirect to index.php." stopProcessing="true">
+                    <match url="^.*$" ignoreCase="false" />
+                    <conditions logicalGrouping="MatchAll">
+                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
+                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
+                    </conditions>
+                    <action type="Rewrite" url="index.php" appendQueryString="true" />
+                </rule>
+
+            </rules>
+        </rewrite>
+        <staticContent>
+            <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="8.00:00:00" />
+        </staticContent>
+    </system.webServer>
+</configuration>