/**
* Generate Apache .htaccess files to restrict access
*/
public static function createHtAccessFiles()
{
// deny access to these folders
$directoriesToProtect = array('/config', '/core', '/lang', '/tmp');
foreach ($directoriesToProtect as $directoryToProtect) {
Filesystem::createHtAccess(PIWIK_INCLUDE_PATH . $directoryToProtect, $overwrite = true);
}
// Allow/Deny lives in different modules depending on the Apache version
$allow = "<IfModule mod_access.c>\nAllow from all\n</IfModule>\n<IfModule !mod_access_compat>\n<IfModule mod_authz_host.c>\nAllow from all\n</IfModule>\n</IfModule>\n<IfModule mod_access_compat>\nAllow from all\n</IfModule>\n";
$deny = "<IfModule mod_access.c>\nDeny from all\n</IfModule>\n<IfModule !mod_access_compat>\n<IfModule mod_authz_host.c>\nDeny from all\n</IfModule>\n</IfModule>\n<IfModule mod_access_compat>\nDeny from all\n</IfModule>\n";
// more selective allow/deny filters
$allowAny = "<Files \"*\">\n" . $allow . "Satisfy any\n</Files>\n";
$allowStaticAssets = "<Files ~ \"\\.(test\\.php|gif|ico|jpg|png|svg|js|css|swf)\$\">\n" . $allow . "Satisfy any\n</Files>\n";
$denyDirectPhp = "<Files ~ \"\\.(php|php4|php5|inc|tpl|in|twig)\$\">\n" . $deny . "</Files>\n";
$directoriesToProtect = array('/js' => $allowAny, '/libs' => $denyDirectPhp . $allowStaticAssets, '/vendor' => $denyDirectPhp . $allowStaticAssets, '/plugins' => $denyDirectPhp . $allowStaticAssets, '/misc/user' => $denyDirectPhp . $allowStaticAssets);
foreach ($directoriesToProtect as $directoryToProtect => $content) {
Filesystem::createHtAccess(PIWIK_INCLUDE_PATH . $directoryToProtect, $overwrite = true, $content);
}
}
