-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy path.htaccess
120 lines (76 loc) · 3.34 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
### PHP-Foundation (https://github.com/delight-im/PHP-Foundation)
### Copyright (c) delight.im (https://www.delight.im/)
### Licensed under the MIT License (https://opensource.org/licenses/MIT)
########## BEGIN MAINTENANCE MODE ##########
<IfModule mod_rewrite.c>
RewriteEngine On
# Enable maintenance mode (Uncomment 1 line below)
# RewriteRule . maintenance.php [END]
</IfModule>
########## END MAINTENANCE MODE ##########
########## BEGIN PERFORMANCE AND SECURITY (https://github.com/delight-im/htaccess) ##########
<ifModule mod_headers.c>
# Prevent clickjacking (forbids framing by third-party sites)
Header set X-Frame-Options sameorigin
# Prevent content sniffing (MIME sniffing)
Header set X-Content-Type-Options nosniff
# Attempt to enable XSS filters in browsers, if available, and block reflected XSS
Header set X-XSS-Protection "1; mode=block"
# Cache media files for a month
<FilesMatch "\.(js|css|jpg|jpeg|png|svg|webp|gif|ico|ogg|mp4|webm)$">
Header set Cache-Control max-age=2629800
</FilesMatch>
# Remove response headers that provide no value but leak information
Header unset X-Powered-By
# Disable "ETag" headers so that browsers rely on the "Cache-Control" and "Expires" headers
Header unset ETag
</ifModule>
<IfModule mod_autoindex.c>
# Turn off directory listings for folders without default documents
Options -Indexes
</IfModule>
<IfModule mod_negotiation.c>
# Disable 'MultiViews' implicit filename pattern matches
Options -MultiViews
</IfModule>
# Serve "text/plain" and "text/html" documents as UTF-8 by default
AddDefaultCharset utf-8
# Disable "ETag" headers so that browsers rely on the "Cache-Control" and "Expires" headers
FileETag None
########## END PERFORMANCE AND SECURITY ##########
########## BEGIN CUSTOM (YOUR RULES GO HERE) ##########
<ifModule mod_headers.c>
# Enable HTTP Strict Transport Security (HSTS) with a duration of six months (Uncomment 1 line below)
# Header set Strict-Transport-Security max-age=15778800
</ifModule>
<ifModule mod_rewrite.c>
RewriteEngine On
# Force 'www' (i.e. prefix the "bare" domain and all subdomains with 'www' through permanent redirects) (Uncomment 4 lines below)
# RewriteCond %{HTTP_HOST} !^$
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteCond %{HTTPS}s ^on(s)|
# RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Force HTTPS (Uncomment 2 lines below)
# RewriteCond %{HTTPS} off
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# Prevent access to non-minified CSS and JS (Uncomment 3 lines below)
# <FilesMatch "(?<!.min)\.(css|js)$">
# Require all denied
# </FilesMatch>
# Announce contact information for security issues (Uncomment 2 lines below)
# Header set X-Vulnerability-Disclosure "https://www.example.com/security"
# Header set X-Security-Contact "[email protected]"
########## END CUSTOM ##########
########## BEGIN ROUTING (https://github.com/delight-im/PHP-Router) ##########
<IfModule mod_rewrite.c>
RewriteEngine On
# Don't rewrite requests for files in the 'public' directory
RewriteRule ^(public)($|/) - [L]
# For all other files first check if they exist in the 'public' directory
RewriteCond %{DOCUMENT_ROOT}/public%{REQUEST_URI} -f
RewriteRule ^ public%{REQUEST_URI} [L]
# And let 'index.php' handle everything else
RewriteRule . index.php [L]
</IfModule>
########## END ROUTING ##########