lookahead, non-catching group, lookahead … I was able to identify that but on the whole that “php” part makes it impossible for me to understand. Anyway, maybe I could do with matchers that rule out anything not possible and then allow the rest?
Something like:
- if there is no index.php OR upgrade.php, then deny (ultimate rule)
- if there is no php AND there are albums, bin, …, then deny
- if there is php somewhere AND index.php OR upgrade.php, then allow
- allow everything else because I denied all that should be denied already
Would this make sense? All matchers should go one by one as they are written in the Caddyfile so this could work.