\nAllow from all\n\n\n\nAllow from all\n\n\n\nAllow from all\n\n";
$deny = "\nDeny from all\n\n\n\nDeny from all\n\n\n\nDeny from all\n\n";
// more selective allow/deny filters
$allowAny = "\n" . $allow . "Satisfy any\n\n";
$allowStaticAssets = "\n" . $allow . "Satisfy any\n\n";
$denyDirectPhp = "\n" . $deny . "\n";
$directoriesToProtect = array(
'/js' => $allowAny,
'/libs' => $denyDirectPhp . $allowStaticAssets,
'/vendor' => $denyDirectPhp . $allowStaticAssets,
'/plugins' => $denyDirectPhp . $allowStaticAssets,
'/misc/user' => $denyDirectPhp . $allowStaticAssets,
);
foreach ($directoriesToProtect as $directoryToProtect => $content) {
Filesystem::createHtAccess(PIWIK_INCLUDE_PATH . $directoryToProtect, $overwrite = true, $content);
}
}
/**
* Generate IIS web.config files to restrict access
*
* Note: for IIS 7 and above
*/
public static function createWebConfigFiles()
{
@file_put_contents(PIWIK_INCLUDE_PATH . '/web.config',
'
');
// deny direct access to .php files
$directoriesToProtect = array(
'/libs',
'/vendor',
'/plugins',
);
foreach ($directoriesToProtect as $directoryToProtect) {
@file_put_contents(PIWIK_INCLUDE_PATH . $directoryToProtect . '/web.config',
'
');
}
}
/**
* Generate default robots.txt, favicon.ico, etc to suppress
* 404 (Not Found) errors in the web server logs, if Piwik
* is installed in the web root (or top level of subdomain).
*
* @see misc/crossdomain.xml
*/
public static function createWebRootFiles()
{
$filesToCreate = array(
'/robots.txt',
'/favicon.ico',
);
foreach ($filesToCreate as $file) {
@file_put_contents(PIWIK_DOCUMENT_ROOT . $file, '');
}
}
}