From 0b3b0051327df1ac6871a97026a7bfaf8fc91628 Mon Sep 17 00:00:00 2001
From: Vasvi Sharma <vasvi.sharma@cern.ch>
Date: Wed, 20 Nov 2024 11:25:30 +0100
Subject: [PATCH] add configuration to deny serving of all files except php and
 static files

---
 .../php/httpd-cnf/99-wordpress-security.conf          | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/root/usr/share/container-scripts/php/httpd-cnf/99-wordpress-security.conf b/root/usr/share/container-scripts/php/httpd-cnf/99-wordpress-security.conf
index d93cb0e..416f6f0 100644
--- a/root/usr/share/container-scripts/php/httpd-cnf/99-wordpress-security.conf
+++ b/root/usr/share/container-scripts/php/httpd-cnf/99-wordpress-security.conf
@@ -19,3 +19,14 @@
     deny from all
 </Files>
 
+#Limit type of files that are served from wp-content
+<Directory "/opt/app-root/src/wp-content">
+    <FilesMatch "\.(php|html|htm|css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot|otf|pdf|doc|docx|xls|xlsx|ppt|pptx)$">
+        SetHandler default-handler
+    </FilesMatch>
+
+    <FilesMatch ".*">
+        Require all denied
+    </FilesMatch>
+</Directory>
+
-- 
GitLab