-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess
139 lines (117 loc) · 5.23 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# .htaccess v3.8.1 php-sceleto (2023-10-07) [email protected]
########################
# Show/Hide PHP errors #
########################
# php_flag display_errors on
# php_value error_reporting 30719
php_flag display_errors off
php_value error_reporting 0
# Debug mode
# SetEnv DEBUG true
##########
# Upload #
##########
php_value upload_max_filesize 100M
php_value post_max_size 0
##################################################################################
# Character encodings #
# #
# Serve all resources labeled as `text/html` or `text/plain` #
# with the media type `charset` parameter set to `UTF-8`. #
# #
# Credits: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset #
##################################################################################
AddDefaultCharset utf-8
######################################################################
# Security #
# #
# Credits: https://httpd.apache.org/docs/2.4/misc/security_tips.html #
######################################################################
<Files ".ht*">
Require all denied
</Files>
<Files *.log>
Require all denied
</Files>
# Hide a specific file
<Files .env>
Order allow,deny
Deny from all
</Files>
###################################
# Rewrite engine #
###################################
<IfModule mod_rewrite.c>
RewriteEngine On
# Exclude files and directories from rewrite rule
RewriteRule ^robots.txt public/robots.txt [L]
RewriteRule ^humans.txt public/humans.txt [L]
RewriteRule ^sitemap.xml public/sitemap.xml [L]
RewriteRule ^favicon.ico public/icons/favicon.ico [L]
RewriteRule ^(backoffice-directory)($|/) - [L]
RewriteRule ^(public/js) - [L]
# To redirect from www to non www (Rewrite www.example.com → example.com)
RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
RewriteRule ^(.*) http%{ENV:protossl}://%1/$1 [R=301,NE,L]
# Redirect HTTP to HTTPS automatically for all domains except those ending in .local
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !\.local$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# API (Web Service): Front Controller (Rewrite 1.0/abc → api/v1.0/index.php)
RewriteRule ^([0-9]).([0-9])/(.*)$ api/v$1.$2/index.php [B,NE,NC,L]
# Spefic language, page and item
# E.g. en/some-page/some-item → public/index.php?lang=en&pageName=some-page&itemName=some-item
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([a-z]{2})?\/?([^\/]+)?\/?([^\/]+)?\/? public/index.php?lang=$1&pageName=$2&itemUniqueName=$3 [L,QSA]
</IfModule>
<IfModule mod_headers.c>
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options: "nosniff"
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires 0
</IfModule>
#################
# Cache-Control #
#################
# JS and CSS files - 4 months
<filesMatch ".(js|css)$">
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
</filesMatch>
# Media files - 4 months
<filesMatch ".(ico|jpg|jpeg|png|gif|webp|svg)$">
Header set Cache-Control "max-age=10518975, public"
</filesMatch>
# Font files - 1 year
<filesMatch ".(woff2)$">
Header set Cache-Control "max-age=31556926, public"
</filesMatch>
#################################################################
# Fingerprinting Attacks #
# #
# Credits: https://htaccessbook.com/php-fingerprinting-attacks/ #
#################################################################
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} PHP[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} [NC,OR]
RewriteCond %{REQUEST_URI} =PHP[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} [NC]
RewriteRule .* - [F,L]
</IfModule>
# #############################################################
# Deny POST requests using HTTP 1.0 #
# #
# Credits: https://perishablepress.com/protect-post-requests/ #
# #############################################################
<IfModule mod_rewrite.c>
RewriteCond %{THE_REQUEST} ^POST(.*)HTTP/(0\.9|1\.0)$ [NC]
RewriteRule .* - [F,L]
</IfModule>
# ###############################################################################
# Allow POST based on referer #
# #
# Credits: https://httpd.apache.org/docs/current/mod/mod_rewrite.html #
# ###############################################################################
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteCond expr "! %{HTTP_REFERER} -strmatch '*://%{HTTP_HOST}/*'"
RewriteRule .* - [F,L]
</IfModule>