Preconfigured htaccess/fr: Difference between revisions
From Joomla! Documentation
Created page with "Note :" |
Updating to match new version of source page |
||
| (9 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
<noinclude><languages /></noinclude> | <noinclude><languages /></noinclude> | ||
Un serveur web Apache utilise un fichier <tt>htaccess</tt> dans le répertoire principal pour des configurations spécifiques du site. Joomla! propose un fichier htaccess préconfiguré (<tt>htaccess.txt</tt>). Il contient des instructions pour éviter les exploits le plus courants et la mise en œuvre des urls SEF. En outre, il fournit certains paramètres qui doivent être vérifiés en fonction de votre environnement : | |||
<ul> | <ul> | ||
<li>IndexIgnore *</li> | <li>IndexIgnore *</li> | ||
| Line 8: | Line 8: | ||
</ul> | </ul> | ||
L'activation de <tt>htaccess.txt</tt> signifie la fusion d'un fichier existant <tt>.htaccess</tt> avec le <tt>htaccess.txt</tt> et de décider des paramètres mentionnés ci-dessus. | |||
<strong>Note :</strong> | <strong>Note :</strong> | ||
Le fichier actif est paramétré dans un des fichiers <tt>httpd.conf</tt> avec : | |||
<pre>AccessFileName .htaccess</pre> | <pre>AccessFileName .htaccess</pre> | ||
Par défaut .htaccess (qui permet de le cacher sur les systèmes de fichiers Unix). Pas besoin de le changer. | |||
Pour la plateforme Windows, vous pouvez le modifier comme ceci : | |||
<pre>AccessFileName htaccess.ini</pre> | <pre>AccessFileName htaccess.ini</pre> | ||
ainsi, vous pouvez le modifier plus facilement. | |||
Ne pas utiliser le <tt>htaccess.txt</tt> ici car lors d'une mise à jour de Joomla, il sera remplacé et les modifications seront alors perdues. | |||
Contenu du <tt>htaccess.txt</tt> : | |||
<pre> | <pre> | ||
## | ## | ||
# @package Joomla | # @package Joomla | ||
# @copyright Copyright (C) 2005 - | # @copyright Copyright (C) 2005 - 2018 Open Source Matters. All rights reserved. | ||
# @license GNU General Public License version 2 or later; see LICENSE.txt | # @license GNU General Public License version 2 or later; see LICENSE.txt | ||
## | ## | ||
| Line 34: | Line 34: | ||
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE! | # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE! | ||
# | # | ||
# The line | # The line 'Options +FollowSymLinks' may cause problems with some server configurations. | ||
# It is required for the use of mod_rewrite, but it may have already been set by your | |||
# server administrator in a way that disallows changing it in this .htaccess file. | |||
# If using it causes your site to produce an error, comment it out (add # to the | |||
# beginning of line), reload your site in your browser and test your sef | # beginning of the line), reload your site in your browser and test your sef urls. If | ||
# they work, then it has been set by your server administrator and you do not need to | |||
# set it here. | |||
## | ## | ||
## No directory listings | ## No directory listings | ||
IndexIgnore * | <IfModule autoindex> | ||
IndexIgnore * | |||
</IfModule> | |||
## Can be commented out if causes errors, see notes above. | ## Can be commented out if causes errors, see notes above. | ||
| Line 54: | Line 57: | ||
## Begin - Rewrite rules to block out some common exploits. | ## Begin - Rewrite rules to block out some common exploits. | ||
# If you experience problems on your site | # If you experience problems on your site then comment out the operations listed | ||
# This attempts to block the most common type of exploit `attempts` | # below by adding a # to the beginning of the line. | ||
# This attempts to block the most common type of exploit `attempts` on Joomla! | |||
# | # | ||
# Block | # Block any script trying to base64_encode data within the URL. | ||
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] | RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] | ||
# Block | # Block any script that includes a <script> tag in URL. | ||
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] | RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] | ||
# Block | # Block any script trying to set a PHP GLOBALS variable via URL. | ||
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] | RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] | ||
# Block | # Block any script trying to modify a _REQUEST variable via URL. | ||
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) | RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) | ||
# Return 403 Forbidden header and show the content of the root | # Return 403 Forbidden header and show the content of the root home page | ||
RewriteRule .* index.php [F] | RewriteRule .* index.php [F] | ||
# | # | ||
| Line 79: | Line 83: | ||
## | ## | ||
# Uncomment following line if your webserver's URL | # Uncomment the following line if your webserver's URL | ||
# is not directly related to physical file paths. | # is not directly related to physical file paths. | ||
# Update Your Joomla! Directory (just / for root). | # Update Your Joomla! Directory (just / for root). | ||
| Line 101: | Line 105: | ||
# | # | ||
## End - Joomla! core SEF Section. | ## End - Joomla! core SEF Section. | ||
</pre> | |||
</ | <noinclude> | ||
[[Category:Joomla! Website Management{{#translation:}}]] | |||
[[Category:Installation{{#translation:}}]] | |||
</noinclude> | |||
Latest revision as of 07:04, 6 December 2018
Un serveur web Apache utilise un fichier htaccess dans le répertoire principal pour des configurations spécifiques du site. Joomla! propose un fichier htaccess préconfiguré (htaccess.txt). Il contient des instructions pour éviter les exploits le plus courants et la mise en œuvre des urls SEF. En outre, il fournit certains paramètres qui doivent être vérifiés en fonction de votre environnement :
- IndexIgnore *
- Options +FollowSymLinks
- Options -Indexes
- RewriteBase /
L'activation de htaccess.txt signifie la fusion d'un fichier existant .htaccess avec le htaccess.txt et de décider des paramètres mentionnés ci-dessus.
Note :
Le fichier actif est paramétré dans un des fichiers httpd.conf avec :
AccessFileName .htaccess
Par défaut .htaccess (qui permet de le cacher sur les systèmes de fichiers Unix). Pas besoin de le changer.
Pour la plateforme Windows, vous pouvez le modifier comme ceci :
AccessFileName htaccess.ini
ainsi, vous pouvez le modifier plus facilement.
Ne pas utiliser le htaccess.txt ici car lors d'une mise à jour de Joomla, il sera remplacé et les modifications seront alors perdues.
Contenu du htaccess.txt :
##
# @package Joomla
# @copyright Copyright (C) 2005 - 2018 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of mod_rewrite, but it may have already been set by your
# server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the
# beginning of the line), reload your site in your browser and test your sef urls. If
# they work, then it has been set by your server administrator and you do not need to
# set it here.
##
## No directory listings
<IfModule autoindex>
IndexIgnore *
</IfModule>
## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes
## Mod_rewrite in use.
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root home page
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
# RewriteBase /
## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.