Details
-
Improvement
-
Resolution: Unresolved
-
Medium
-
None
-
1.13.5, 2.5.9, 3.0.0-beta6
-
None
-
None
Description
Currently we reject app.php requests via code snippet in web/app.php (added in EZP-30716) but this should be moved to different place. Modifying front controller is highly discouraged as this is incompatible with Flex if we ever make use of it.
Better approach is making Event Listener on kernel.request event which would block such requests.
Also this fix should be applied to our vhost.template files so the logic is unified across all places.