From 7efba694ba30f3081790854908d4a93c58eb8ca6 Mon Sep 17 00:00:00 2001
From: Kartik Visweswaran <kartikv2@gmail.com>
Date: Mon, 30 Jun 2014 01:24:18 +0530
Subject: [PATCH] Update to v1.1.0

---
 CHANGE.md                           |  4 ++-
 environments/dev/backend/.htaccess  | 47 +++++++++++++++++++++++++++++
 environments/prod/backend/.htaccess | 47 +++++++++++++++++++++++++++++
 3 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 environments/dev/backend/.htaccess
 create mode 100644 environments/prod/backend/.htaccess

diff --git a/CHANGE.md b/CHANGE.md
index 49bdc17..d423e3e 100644
--- a/CHANGE.md
+++ b/CHANGE.md
@@ -1,6 +1,8 @@
 v1.1.0
 ------
-2014-06-30: Version 1.1.0. Based on latest yii2-advanced-app until 30-Jun-2014.
+2014-06-30: Version 1.1.0. 
+- Based on latest yii2-advanced-app until 30-Jun-2014.
+- Included .htaccess for backend.
 
 
 v1.0.0
diff --git a/environments/dev/backend/.htaccess b/environments/dev/backend/.htaccess
new file mode 100644
index 0000000..731141c
--- /dev/null
+++ b/environments/dev/backend/.htaccess
@@ -0,0 +1,47 @@
+# ----------------------------------------------------------------------
+# Adds some security for the Apache server configuration for use with
+# yii2-app-practical template.
+# @author Kartik Visweswaran <kartikv2@gmail.com>
+# @see http://demos.krajee.com/app-practical
+# ----------------------------------------------------------------------
+
+# "-Indexes" will have Apache block users from browsing folders without a default document
+# Usually you should leave this activated, because you shouldn't allow everybody to surf through
+# every folder on your server (which includes rather private places like CMS system folders).
+<IfModule mod_autoindex.c>
+  Options -Indexes
+</IfModule>
+
+
+# Block access to "hidden" directories whose names begin with a period. This
+# includes directories used by version control systems such as Subversion or Git.
+<IfModule mod_rewrite.c>
+  RewriteCond %{SCRIPT_FILENAME} -d
+  RewriteCond %{SCRIPT_FILENAME} -f
+  RewriteRule "(^|/)\." - [F]
+</IfModule>
+
+
+# Block access to backup and source files
+# This files may be left by some text/html editors and
+# pose a great security danger, when someone can access them
+<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
+  Order allow,deny
+  Deny from all
+  Satisfy All
+</FilesMatch>
+
+# Increase cookie security
+<IfModule php5_module>
+  php_value session.cookie_httponly true
+</IfModule>
+
+# Settings to hide index.php and ensure pretty urls
+RewriteEngine on
+
+# if a directory or a file exists, use it directly
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+
+# otherwise forward it to index.php
+RewriteRule . index.php
\ No newline at end of file
diff --git a/environments/prod/backend/.htaccess b/environments/prod/backend/.htaccess
new file mode 100644
index 0000000..731141c
--- /dev/null
+++ b/environments/prod/backend/.htaccess
@@ -0,0 +1,47 @@
+# ----------------------------------------------------------------------
+# Adds some security for the Apache server configuration for use with
+# yii2-app-practical template.
+# @author Kartik Visweswaran <kartikv2@gmail.com>
+# @see http://demos.krajee.com/app-practical
+# ----------------------------------------------------------------------
+
+# "-Indexes" will have Apache block users from browsing folders without a default document
+# Usually you should leave this activated, because you shouldn't allow everybody to surf through
+# every folder on your server (which includes rather private places like CMS system folders).
+<IfModule mod_autoindex.c>
+  Options -Indexes
+</IfModule>
+
+
+# Block access to "hidden" directories whose names begin with a period. This
+# includes directories used by version control systems such as Subversion or Git.
+<IfModule mod_rewrite.c>
+  RewriteCond %{SCRIPT_FILENAME} -d
+  RewriteCond %{SCRIPT_FILENAME} -f
+  RewriteRule "(^|/)\." - [F]
+</IfModule>
+
+
+# Block access to backup and source files
+# This files may be left by some text/html editors and
+# pose a great security danger, when someone can access them
+<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
+  Order allow,deny
+  Deny from all
+  Satisfy All
+</FilesMatch>
+
+# Increase cookie security
+<IfModule php5_module>
+  php_value session.cookie_httponly true
+</IfModule>
+
+# Settings to hide index.php and ensure pretty urls
+RewriteEngine on
+
+# if a directory or a file exists, use it directly
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+
+# otherwise forward it to index.php
+RewriteRule . index.php
\ No newline at end of file