forked from forkcms/forkcms
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.htaccess
129 lines (109 loc) · 4.27 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# follow symlinks & disallow directory listing
# note: your hosting company might not allow these directives to be set. In that case,
# you should either find another hosting company (advised) or remove the line below.
Options +FollowSymlinks -Indexes
DirectorySlash Off
# Make sure the htaccessfile is protected
<Files .htaccess>
order allow,deny
deny from all
</Files>
# file etags (used when comparing local cached file to server file)
FileETag MTime Size
########## Begin - Common hacking tools and bandwidth hoggers block
## By SigSiu.net and @nikosdion.
# This line also disables Akeeba Remote Control 2.5 and earlier
SetEnvIf user-agent "Indy Library" stayout=1
# The following rules are for bandwidth-hogging download tools
SetEnvIf user-agent "libwww-perl" stayout=1
SetEnvIf user-agent "Download Demon" stayout=1
SetEnvIf user-agent "GetRight" stayout=1
SetEnvIf user-agent "GetWeb!" stayout=1
SetEnvIf user-agent "Go!Zilla" stayout=1
SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1
SetEnvIf user-agent "GrabNet" stayout=1
SetEnvIf user-agent "TurnitinBot" stayout=1
# This line denies access to all of the above tools
deny from env=stayout
########## End - Common hacking tools and bandwidth hoggers block
<IfModule mod_rewrite.c>
# set environment variable to let PHP know that urls are being rewritten
RewriteRule .* - [E=MOD_REWRITE:1]
# Protect against cross site tracing https://www.owasp.org/index.php/Cross_Site_Tracing
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
# nice urls
RewriteEngine On
RewriteBase /
# allow the ck connector
RewriteRule ^index\.php$ - [L]
RewriteRule src/Backend/Core/Js/ckfinder/core/connector/php/connector\.php - [L]
# forbidden folders
RewriteRule .*\.php - [F]
RewriteRule \.git - [F]
RewriteRule vendor/.* - [F]
RewriteRule bin/.* - [F]
RewriteRule src/Console/.* - [F]
RewriteRule .*\.gitignore - [F]
RewriteRule \.editorconfig - [F]
RewriteRule \.travis.yml - [F]
RewriteRule bower\.json - [F]
RewriteRule composer\.json - [F]
RewriteRule composer\.lock - [F]
RewriteRule phpunit\.xml\.dist - [F]
RewriteRule .*\.md - [F]
RewriteRule app/logs - [F]
RewriteRule app/config - [F]
RewriteRule src/Frontend/Cache/CompiledTemplates - [F]
RewriteRule src/Frontend/Cache/Search - [F]
RewriteRule src/Backend/Cache/CompiledTemplates - [F]
# redirect all trafic to https
# RewriteCond %{SERVER_PORT} 80
# RewriteCond %{HTTP_HOST} !.*\.dev [NC]
# RewriteRule ^(.*)$ https://www.<domain>.be/$1 [R=301,L]
# one url to rule them all
# RewriteCond %{HTTP_HOST} !^www\.<domain>\.be [NC]
# RewriteCond %{HTTP_HOST} !.*\.dev [NC]
# RewriteRule ^(.*)$ http://www.<domain>.be/$1 [R=301,L]
# src dir should pass via the front controller
RewriteCond %{REQUEST_URI} ^/(src|src\/)$
RewriteRule . /index.php [NC,L]
# handle urls
RewriteCond %{REQUEST_URI} !^$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [NC,L]
</IfModule>
# file caching in browser
<IfModule mod_expires.c>
ExpiresActive On
<FilesMatch "\.(?i:ico|gif|jpe?g|png|svg|svgz|js|css|swf|ttf|otf|woff|eot)$">
ExpiresDefault "access plus 1 month"
</FilesMatch>
</IfModule>
# gzip on Apache 2
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml text/javascript text/css application/x-javascript application/xhtml+xml application/javascript application/json image/svg+xml
# these browsers do not support deflate
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force
</IfModule>
# gzip on Apache 1
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_item_include mime ^application/javascript$
mod_gzip_item_include mime ^application/x-javascript$
mod_gzip_item_include mime ^application/json$
mod_gzip_item_include mime ^application/xhtml+xml$
mod_gzip_item_include mime ^application/xml$
mod_gzip_item_include mime ^text/css$
mod_gzip_item_include mime ^text/html$
mod_gzip_item_include mime ^text/javascript$
mod_gzip_item_include mime ^text/plain$
mod_gzip_item_include mime ^text/xml$
mod_gzip_item_exclude mime ^image/
# browser issues
mod_gzip_item_exclude reqheader "User-agent: Mozilla/4.0[678]"
</IfModule>