118 lines
3.5 KiB
ApacheConf
118 lines
3.5 KiB
ApacheConf
########## BEGIN RECOMMENDED RULES (COMMENT OUT OR UNCOMMENT AS NEEDED) ##########
|
|
|
|
### htaccess (https://github.com/delight-im/htaccess)
|
|
### Copyright (c) delight.im (https://www.delight.im/)
|
|
### Licensed under the MIT License (https://opensource.org/licenses/MIT)
|
|
|
|
|
|
|
|
<ifModule mod_headers.c>
|
|
|
|
# Prevent clickjacking (forbids framing by third-party sites)
|
|
Header set X-Frame-Options sameorigin
|
|
|
|
# Prevent content sniffing (MIME sniffing)
|
|
Header set X-Content-Type-Options nosniff
|
|
|
|
# Attempt to enable XSS filters in browsers, if available, and block reflected XSS
|
|
Header set X-XSS-Protection "1; mode=block"
|
|
|
|
# Cache media files for a month
|
|
<FilesMatch "\.(js|css|jpg|jpeg|png|svg|webp|gif|ico|ogg|mp4|webm)$">
|
|
Header set Cache-Control max-age=2629800
|
|
</FilesMatch>
|
|
|
|
# Remove response headers that provide no value but leak information
|
|
Header unset X-Powered-By
|
|
|
|
# Disable "ETag" headers so that browsers rely on the "Cache-Control" and "Expires" headers
|
|
Header unset ETag
|
|
|
|
</ifModule>
|
|
|
|
<IfModule mod_autoindex.c>
|
|
|
|
# Turn off directory listings for folders without default documents
|
|
Options -Indexes
|
|
|
|
</IfModule>
|
|
|
|
<IfModule mod_negotiation.c>
|
|
|
|
# Disable 'MultiViews' implicit filename pattern matches
|
|
Options -MultiViews
|
|
|
|
</IfModule>
|
|
|
|
# Serve "text/plain" and "text/html" documents as UTF-8 by default
|
|
AddDefaultCharset utf-8
|
|
|
|
# Disable "ETag" headers so that browsers rely on the "Cache-Control" and "Expires" headers
|
|
FileETag None
|
|
|
|
<ifModule mod_headers.c>
|
|
|
|
# Enable HTTP Strict Transport Security (HSTS) with a duration of six months (Uncomment 1 line below)
|
|
# Header set Strict-Transport-Security max-age=15778800
|
|
|
|
</ifModule>
|
|
|
|
|
|
<ifModule mod_rewrite.c>
|
|
|
|
|
|
# Force 'www' (i.e. prefix the "bare" domain and all subdomains with 'www' through permanent redirects) (Uncomment 6 lines below)
|
|
# RewriteCond %{HTTP_HOST} !^$
|
|
# RewriteCond %{HTTP_HOST} !^www\. [NC]
|
|
# RewriteCond %{HTTPS}s ^on(s)|
|
|
# # RewriteCond %{REQUEST_SCHEME} ^http(s)|
|
|
# # RewriteCond %{SERVER_PORT}s ^443(s)|
|
|
# RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
|
|
|
# Force HTTPS (Uncomment 4 lines below)
|
|
# RewriteCond %{HTTPS} off
|
|
# # RewriteCond %{REQUEST_SCHEME} http
|
|
# # RewriteCond %{SERVER_PORT} !443
|
|
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
|
|
|
</IfModule>
|
|
|
|
# Prevent access to non-minified CSS and JS (Uncomment 3 lines below)
|
|
# <FilesMatch "(?<!.min)\.(css|js)$">
|
|
# Require all denied
|
|
# </FilesMatch>
|
|
|
|
# Show a custom error document for "404 Not Found" errors (Uncomment 1 line below)
|
|
# ErrorDocument 404 /notFound.html
|
|
|
|
# Announce contact information for security issues (Uncomment 2 lines below)
|
|
# Header set X-Vulnerability-Disclosure "https://www.example.com/security"
|
|
# Header set X-Security-Contact "security@example.com"
|
|
|
|
########## END RECOMMENDED RULES ##########
|
|
|
|
########## BEGIN CUSTOM RULES (YOUR OWN RULES GO HERE) ##########
|
|
|
|
# Add your rules here ...
|
|
|
|
########## END CUSTOM RULES ##########
|
|
|
|
|
|
#<ifModule mod_rewrite.c>
|
|
# RewriteEngine On
|
|
# RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
|
# RewriteBase /
|
|
# RewriteRule ^index\.php$ - [L]
|
|
# RewriteCond %{REQUEST_FILENAME} !-f
|
|
# RewriteCond %{REQUEST_FILENAME} !-d
|
|
# RewriteRule . /v1/payments/index.php [L]
|
|
|
|
#</IfModule>
|
|
|
|
|
|
#Header set Access-Control-Allow-Origin "*"
|
|
#Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
|
#Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
|
#Header set timing-allow-origin "*"
|
|
# content-security-policy:
|