Path : /var/www/html/main/
File Upload :
Current File : /var/www/html/main/ap.php

<?php
/*!
 * Copyright Anucha Puangpaka
 * Contact anucha.ppk@icloud.com 062-479-9836
 
 */

/*ini_set('session.cookie_secure',0);
ini_set('session.cookie_httponly',0);*/

$ap_ip = "$_SERVER[SERVER_NAME]";
$ap_domain = "$_SERVER[SERVER_NAME]";
$ap_station = "https://$_SERVER[SERVER_NAME]";
$ap_site = "$ap_station/";
$ap_folder = "main/";
$ap_fb_admins = "1221231997903513";

$ap_rewrite = "off";
$ap_webp = "on";

$token = "S2FtcGhhZW5nIFBoZXQgUmFqYWJoYXQgVW5pdmVyc2l0eQ==";

define('LINE_MESSAGE_CHANNEL_ID','');
define('LINE_MESSAGE_CHANNEL_SECRET','');
define('LINE_MESSAGE_ACCESS_TOKEN','');
define('LINE_MESSAGE_QRCODE','');
define('LINE_MESSAGE_ADD_FRIEND','');
define('LINE_MESSAGE_LIFF','');


$filesImage = array('jpg','JPG','jpeg','JPEG','png','PNG','gif','GIF','ico','ICO','webp','WEBP');
$filesfile = array('doc','DOC','docx','DOCX','pdf','PDF','xls','XLS','xlsx','XLSX','txt','TXT','csv','CSV','ppt','PPT','pptx','PPTX');
$filesMedia = array('mp4','MP4','mp3','MP3');
$filesArchive = array('zip','ZIP','rar','RAR','exe','EXE');
$filesAllowed = array_merge($filesImage,$filesfile,$filesMedia,$filesArchive);



/*
# web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>

    <rewrite>
      <rules>

				<rule name="HTTP to HTTPS redirect" stopProcessing="true">
				    <match url="(.*)" />
				    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
			        <add input="{HTTPS}" pattern="^OFF$" />
				    </conditions>
				    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
				</rule>

				<rule name="PHP Block in contents" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
          <match url="*" />
          <conditions>
          	<add input="{URL}" pattern="/contents/*.php" ignoreCase="false" />
          </conditions>
          <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
        </rule>
        <rule name="PHP Block in filemanager" patternSyntax="Wildcard" stopProcessing="true">
          <match url="*" />
          <conditions>
          	<add input="{URL}" pattern="/admin/tinymce/plugins/filemanager/thumbs/*.php" />
          </conditions>
          <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
        </rule>

				<rule name="Rewrite gal_cat" enabled="true">
				    <match url="gal_cat\/(.+)\/(.+)" />
				    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
			        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
			        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
				    </conditions>
				    <action type="Rewrite" url="index.php?gal_cat={R:1}&amp;lang={R:2}" />
				</rule>

				<rule name="Rewrite gal2_cat" enabled="true">
				    <match url="gal2_cat\/(.+)\/(.+)" />
				    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
			        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
			        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
				    </conditions>
				    <action type="Rewrite" url="index.php?gal2_cat={R:1}&amp;lang={R:2}" />
				</rule>

				<rule name="Rewrite cat" enabled="true">
				    <match url="cat\/(.+)\/(.+)" />
				    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
			        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
			        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
				    </conditions>
				    <action type="Rewrite" url="index.php?cat={R:1}&amp;lang={R:2}" />
				</rule>

				<rule name="Rewrite page_id" enabled="true">
				    <match url="page_id\/(.+)\/(.+)" />
				    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
			        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
			        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
				    </conditions>
				    <action type="Rewrite" url="index.php?page_id={R:1}&amp;lang={R:2}" />
				</rule>

				<rule name="Rewrite gal" enabled="true">
				    <match url="gal\/(.+)\/(.+)\/(.+)" />
				    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
			        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
			        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
				    </conditions>
				    <action type="Rewrite" url="index.php?gal={R:1}&amp;id={R:2}&amp;lang={R:3}" />
				</rule>

				<rule name="Rewrite gal2" enabled="true">
				    <match url="gal2\/(.+)\/(.+)\/(.+)" />
				    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
			        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
			        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
				    </conditions>
				    <action type="Rewrite" url="index.php?gal2={R:1}&amp;id={R:2}&amp;lang={R:3}" />
				</rule>

			</rules>

			<outboundRules>
        <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
          <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="on" />
          </conditions>
          <action type="Rewrite" value="max-age=31536000; includeSubDomains; preload" />
        </rule>
      </outboundRules>

    </rewrite>
    
    <security>
      <requestFiltering>
        <requestLimits maxAllowedContentLength="4294967295" maxUrl="4294967295" maxQueryString="4294967295" />
      </requestFiltering>
    </security>
		
		<httpErrors defaultResponseMode="File" errorMode="Custom" existingResponse="Replace">
			<remove statusCode="403" subStatusCode="-1" />
  		<remove statusCode="404" subStatusCode="-1" />
  		<remove statusCode="500" subStatusCode="-1" />
  		<error statusCode="403" prefixLanguageFilePath="" path="/error.php?nu=403" responseMode="ExecuteURL" />
  		<error statusCode="404" prefixLanguageFilePath="" path="/error.php?nu=404" responseMode="ExecuteURL" />
  		<error statusCode="500" prefixLanguageFilePath="" path="/error.php?nu=500" responseMode="ExecuteURL" />
		</httpErrors>
		
		<staticContent>
      <remove fileExtension=".woff" />
	    <mimeMap fileExtension=".woff" mimeType="application/font-woff" />
	    <remove fileExtension=".woff2" />
	    <mimeMap fileExtension=".woff2" mimeType="application/font-woff2" />
    </staticContent>
		
		<httpProtocol>
      <customHeaders>
      	<add name="Vary" value="Accept-Encoding" />
      	<add name="X-UA-Compatible" value="IE=Edge,chrome=1" />
      	<add name="X-XSS-Protection" value="1; mode=block" />
        <add name="X-Frame-Options" value="SAMEORIGIN" />
        <add name="X-Content-Type-Options" value="nosniff" />
        <add name="Referrer-Policy" value="strict-origin" />
        <add name="Content-Security-Policy" value="base-uri 'self', script-src 'self', object-src 'none', frame-src 'none' " />
        <add name="Feature-Policy" value="geolocation '*';notifications '*';push '*';microphone '*';camera '*';speaker '*';vibrate '*';fullscreen '*'" />
        <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains; preload" />
      </customHeaders>
	  </httpProtocol>

  </system.webServer>
</configuration>

# Option 
<add name="Content-Security-Policy" value="default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';" />

# Write Folder
/admin/tinymce/plugins/filemanager/thumbs/
/contents
/logs
/sitemap
/temp

# Write Files
robots.txt
sitemap.xml
*/
?>