You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: update htaccess migration guide with new conditions syntax
Refactor documentation examples to use the idiomatic `condition` and
`if`
blocks instead of `location` for path-based logic, ensuring all examples
adhere to the current Ferron configuration style.
Place these inside a `location` block to protect a single path (such as `/wp-admin` or `/administrator`).
256
+
Place these inside a `location`or `if`block to protect a single path (such as `/wp-admin` or `/administrator`).
253
257
254
258
> [!important]
255
259
> If Ferron sits behind a reverse proxy or load balancer, configure `client_ip_from_header` with a `trusted_proxy` list so the IP rules evaluate the real client IP rather than the proxy's address.
@@ -387,7 +391,11 @@ Ferron's `basic_auth` does **not** read `htpasswd` files. It expects **hashed**
387
391
example.com {
388
392
root /var/www/html
389
393
390
-
location /wp-admin {
394
+
condition WP_ADMIN {
395
+
request.uri ~ r"/wp-login\.php|/wp-admin(?:/|$)"
396
+
}
397
+
398
+
if WP_ADMIN {
391
399
basic_auth {
392
400
realm "Admin Area"
393
401
users {
@@ -401,16 +409,18 @@ example.com {
401
409
Brute-force protection is enabled by default; you can tune it:
402
410
403
411
```ferron
404
-
basic_auth {
405
-
realm "Admin Area"
406
-
users {
407
-
admin "$argon2id$v=19$m=19456,t=2,p=1$..."
408
-
}
409
-
brute_force_protection {
410
-
enabled
411
-
max_attempts 5
412
-
lockout_duration "15m"
413
-
window "5m"
412
+
example.com {
413
+
basic_auth {
414
+
realm "Admin Area"
415
+
users {
416
+
admin "$argon2id$v=19$m=19456,t=2,p=1$..."
417
+
}
418
+
brute_force_protection {
419
+
enabled
420
+
max_attempts 5
421
+
lockout_duration "15m"
422
+
window "5m"
423
+
}
414
424
}
415
425
}
416
426
```
@@ -436,7 +446,11 @@ example.com {
436
446
root /var/www/html
437
447
mime_type ".pdf" "application/octet-stream"
438
448
439
-
location /downloads {
449
+
match DOWNLOADS {
450
+
request.uri.path ~ r"^/downloads(?:/|$)"
451
+
}
452
+
453
+
if DOWNLOADS {
440
454
header +Content-Disposition "attachment"
441
455
}
442
456
}
@@ -454,15 +468,19 @@ Apache uses `mod_expires`:
454
468
</IfModule>
455
469
```
456
470
457
-
Ferron does not compute `Expires` from durations, but you can set `Cache-Control` directly and let the client derive expiry. Use `file_cache_control` for all static files and `header` for per-type overrides (matching by `location` or `match`):
471
+
Ferron does not compute `Expires` from durations, but you can set `Cache-Control` directly and let the client derive expiry. Use `file_cache_control` for static files:
0 commit comments