diff --git a/httpdocs/public/.htaccess b/httpdocs/public/.htaccess index a5ee474..10d5150 100644 --- a/httpdocs/public/.htaccess +++ b/httpdocs/public/.htaccess @@ -1,22 +1,5 @@ -# Enable rewrite engine RewriteEngine On -# Set a rewrite condition for non-API requests -RewriteCond %{REQUEST_URI} !^/api/ [NC] -RewriteRule .* - [E=NEED_AUTH:1] - -# Basic Authentication -AuthType Basic -AuthName "Passwortgeschützter Bereich" -AuthUserFile /var/www/vhosts/futbase.digital/httpdocs/public/.htpasswd -Require valid-user - -# Skip auth for API routes -Satisfy any -Order Allow,Deny -Allow from all -Deny from env=NEED_AUTH - # Use the front controller as index file. It serves as a fallback solution when # every other rewrite/redirect fails (e.g. in an aliased environment without # mod_rewrite). Additionally, this reduces the matching process for the @@ -37,8 +20,6 @@ DirectoryIndex index.php - RewriteEngine On - # Determine the RewriteBase automatically and set it as environment variable. # If you are using Apache aliases to do mass virtual hosting or installed the # project in a subdirectory, the base path will be prepended to allow proper @@ -53,6 +34,30 @@ DirectoryIndex index.php RewriteCond %{HTTP:Authorization} . RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + # ERSTE PRIORITÄT: Statische HTML-Dateien (außer index.html) direkt ausliefern + RewriteCond %{REQUEST_URI} \.(html)$ [NC] + RewriteCond %{REQUEST_URI} !^/index\.html$ [NC] + RewriteCond %{REQUEST_FILENAME} -f + RewriteRule ^ - [L] + + # Authentication nur für Nicht-API und Nicht-statische-HTML-Requests + RewriteCond %{REQUEST_URI} !^/api/ [NC] + RewriteCond %{REQUEST_URI} !\.(html)$ [NC,OR] + RewriteCond %{REQUEST_URI} ^/index\.html$ [NC] + RewriteRule .* - [E=NEED_AUTH:1] + + # Basic Authentication + AuthType Basic + AuthName "Passwortgeschützter Bereich" + AuthUserFile /var/www/vhosts/futbase.digital/httpdocs/public/.htpasswd + Require valid-user + + # Skip auth for API routes + Satisfy any + Order Allow,Deny + Allow from all + Deny from env=NEED_AUTH + # Redirect to URI without front controller to prevent duplicate content # (with and without `/index.php`). Only do this redirect on the initial # rewrite by Apache and not on subsequent cycles. Otherwise we would get an