Step-1#
Create .htaccess_prepend
file (or really any file name, that will later be used in composer.json
file)
1
2
3
4
5
6
7
8
9
10
| # =======================================================================
# HTACCESS PREPENE START
<IfModule LiteSpeed>
CacheDisable public /
CacheDisable private /
</IfModule>
# HTACCESS PREPEND END
# =======================================================================
|
Step-2#
Add the following in composer.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| {
"name": "XXX",
"description": "XXX",
"type": "project",
"license": "GPL-2.0-or-later",
"homepage": "https://www.example.com"
...
...
"extra": {
"drupal-scaffold": {
+ "locations": {
+ "web-root": "./"
+ },
+ "file-mapping": {
+ "[web-root]/.htaccess": {"prepend":"./.htaccess_prepend"}
+ }
},
"installer-paths": {
"core": ["type:drupal-core"],
"libraries/{$name}":["type:drupal-library"],
...
...
...
}
|
Step-3#
Then when you run any composer related command, such as composer update
, composer install
, the composer will automatically append the .htaccess_prepend
in to the “head” of the .htaccess
:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| public_html@$ composer update
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 32 updates, 0 removals
...
Generating autoload files
Hardening vendor directory with .htaccess and web.config files.
46 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
Scaffolding files for drupal/legacy-project:
- Prepend to [web-root]/.htaccess from ./.htaccess_prepend
Cleaning installed packages.
Found 4 security vulnerability advisories affecting 2 packages.
Run "composer audit" for a full list of advisories.
public_html@$ head -n 20 .htaccess
# =======================================================================
# HTACCESS PREPENE START
<IfModule LiteSpeed>
CacheDisable public /
CacheDisable private /
</IfModule>
# HTACCESS PREPEND END
# =======================================================================
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package\.json)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
|