#############################################################################
##### Flyspray .htaccess Config. To be used with Apache Server ###
##### Check for Mod-Rewrite module ############################################
#### rename this file to .htaccess to use these features
###############################################################################
AddDefaultCharset utf-8
DirectoryIndex index.php index.html
# Mod security conflicts with flyspray and you do not need it here
#for mod_security 1
SecFilterEngine Off
#modsecurity 2
SecRuleEngine Off
# php5 as apache 1/2 module
php_flag register_globals Off
php_flag magic_quotes_gpc Off
php_flag session.use_trans_sid 0
php_flag session.auto_start 0
php_flag short_open_tag off
php_flag register_argc_argv Off
php_flag register_long_arrays Off
#not for now, flyspray has it's own filters.
php_value filter.default "unsafe_raw"
php_flag always_populate_raw_post_data Off
# php4 as **apache 2** module
php_flag register_globals Off
php_flag magic_quotes_gpc Off
php_flag session.use_trans_sid 0
php_flag session.auto_start 0
php_flag short_open_tag off
php_flag register_argc_argv Off
php_value filter.default "unsafe_raw"
php_flag always_populate_raw_post_data Off
# We only use POST GET and HEAD (implicit)
Order Deny,Allow
Deny From All
# hide possible development files
order deny,allow
deny from all
# Some hostings have autocorrection of minor misspelled URLs enabled.
# We do not want that for Flyspray as it could lead to subtile unwanted behavior.
CheckSpelling Off
# probably mod_negotiation plays foul with mod_rewrite on this two rules:
# RewriteRule ^index$ index.php?do=index [L,QSA]
# RewriteRule ^index/proj([0-9]+)$ index.php?do=index&project=$1 [L,QSA]
# So try to deactivate it by -MultiViews (which is sadly not possible in every web hosting environment - gives error500)
#Options -MultiViews
RewriteEngine on
# Set RewriteBase to urlpath where Flyspray is accessible.
RewriteBase /
# Use this if Flyspray is accessible from a subdirectory of your domain.
#RewriteBase /flyspray/
# You can force TLS/SSL by uncommenting this 2 lines if you have a valid certificate for your domain
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# In the case of TLS/SSL available, set also session.cookie_secure=1
# so that the session cookie can't be sniffed by Man-in-the-Middle or same network.
# Depends on your server setup/webhosting if done in php.ini, .user.ini or somehow/somewhere else.
# Ask your web hoster if you don't know.
# used for enabling url_rewriting check in admin prefs
RewriteRule . - [E=HTTP_MOD_REWRITE:On]
RewriteRule ^.*\?do=admin&area=prefs$ index.php?do=admin&area=prefs [L,QSA]
RewriteRule ^([0-9]+)$ index.php?do=details&task_id=$1 [L,QSA]
RewriteRule ^task/([0-9]+)$ index.php?do=details&task_id=$1 [L,QSA]
RewriteRule ^task/([0-9]+)comment([0-9]+)$ index.php?do=details&task_id=$1comment$2 [L,QSA]
RewriteRule ^task/([0-9]+)/depends$ index.php?do=depends&task_id=$1 [L,QSA]
RewriteRule ^task/([0-9]+)/depends&prune=([0-9]+)$ index.php?do=depends&task_id=$1&prune=$2 [L,QSA]
RewriteRule ^task/([0-9]+)/edit$ index.php?do=details&task_id=$1&edit=yep [L,QSA]
RewriteRule ^newtask$ index.php?do=newtask [L,QSA]
RewriteRule ^newtask/proj([0-9]+)$ index.php?do=newtask&project=$1 [L,QSA]
RewriteRule ^newtask/proj([0-9]+)/supertask([0-9]+)$ index.php?do=newtask&project=$1&supertask=$2 [L,QSA]
RewriteRule ^reports/proj([0-9]+)$ index.php?do=reports&project=$1 [L,QSA]
RewriteRule ^myprofile$ index.php?do=myprofile [L,QSA]
RewriteRule ^user/([0-9]+)$ index.php?do=user&id=$1 [L,QSA]
RewriteRule ^logout$ index.php?do=authenticate&logout=1 [L,QSA]
RewriteRule ^admin/([a-zA-Z]+)$ index.php?do=admin&area=$1 [L,QSA]
RewriteRule ^pm/proj([0-9]+)/([a-zA-Z]+)$ index.php?do=pm&project=$1&area=$2 [L,QSA]
RewriteRule ^admin/editgroup/([0-9]+)$ index.php?do=admin&area=editgroup&id=$1 [L,QSA]
RewriteRule ^pm/editgroup/([0-9]+)$ index.php?do=pm&area=editgroup&id=$1 [L,QSA]
RewriteRule ^edituser/([0-9]+)$ index.php?do=admin&area=users&user_id=$1 [L,QSA]
RewriteRule ^register$ index.php?do=register [L,QSA]
RewriteRule ^lostpw$ index.php?do=lostpw [L,QSA]
# gantt and team are experimental pagetypes not within FS1.0
RewriteRule ^gantt/proj([0-9]+)$ index.php?do=gantt&project=$1 [L,QSA]
RewriteRule ^team$ index.php?do=team [L,QSA]
RewriteRule ^team/proj([0-9]+)$ index.php?do=team&project=$1 [L,QSA]
RewriteRule ^roadmap$ index.php?do=roadmap [L,QSA]
RewriteRule ^roadmap/proj([0-9]+)$ index.php?do=roadmap&project=$1 [L,QSA]
RewriteRule ^toplevel$ index.php?do=toplevel [L,QSA]
RewriteRule ^toplevel/proj([0-9]+)$ index.php?do=toplevel&project=$1 [L,QSA]
RewriteRule ^tasklist$ index.php?do=tasklist [L,QSA]
RewriteRule ^tasklist/proj([0-9]+)$ index.php?do=tasklist&project=$1 [L,QSA]
# homepage (can be tasklist, toplevel, or roadmap; maybe gantt in future too)
RewriteRule ^index$ index.php?do=index [L,QSA]
RewriteRule ^index/proj([0-9]+)$ index.php?do=index&project=$1 [L,QSA]
RewriteRule ^newmultitasks/proj([0-9]+)$ index.php?do=newmultitasks&project=$1 [L,QSA]
RewriteRule ^proj([0-9]+)/dev([0-9]+)$ index.php?project=$1&do=index&dev=$2 [L,QSA]
RewriteRule ^proj([0-9]+)$ index.php?project=$1 [L,QSA]
#SetEnv HTTP_HTACCESS_ENABLED on