107 lines
3.6 KiB
ApacheConf
107 lines
3.6 KiB
ApacheConf
AddDefaultCharset UTF-8
|
|
|
|
############################# REWRITE AND REDIRECTION #############################
|
|
RewriteEngine on
|
|
RewriteBase /
|
|
|
|
# Force non-www
|
|
RewriteCond %{HTTP_HOST} ^www\.
|
|
RewriteCond %{HTTPS}s ^on(s)|off
|
|
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
|
|
RewriteRule ^ %1%3%{REQUEST_URI} [L,R=301]
|
|
|
|
# Force HTTPS
|
|
#RewriteCond %{HTTPS} !on
|
|
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
|
|
|
|
# Remove Trailing Slash
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteCond %{REQUEST_URI} (.+)/$
|
|
RewriteRule ^ %1 [L,R=301]
|
|
|
|
# Router
|
|
RewriteCond %{REQUEST_FILENAME} .php$ [OR]
|
|
RewriteCond %{REQUEST_FILENAME} !-f [OR]
|
|
RewriteCond %{REQUEST_FILENAME} -d
|
|
RewriteRule ^(.*)$ index.php [L,QSA]
|
|
|
|
############################# SECURITY #############################
|
|
# Deny Access to Hidden Files and Directories
|
|
#RedirectMatch 404 /\..*$
|
|
|
|
# Deny Access to Backup and Source Files
|
|
<FilesMatch "(\.(bin|bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$">
|
|
## Apache 2.2
|
|
Order allow,deny
|
|
Deny from all
|
|
Satisfy All
|
|
|
|
## Apache 2.4
|
|
# Require all denied
|
|
</FilesMatch>
|
|
|
|
# Disable Directory Browsing
|
|
Options -Indexes
|
|
|
|
# Set secutiry headers
|
|
<IfModule mod_headers.c>
|
|
Header set Referrer-Policy "same-origin"
|
|
Header set X-Frame-Options "SAMEORIGIN"
|
|
Header set X-XSS-Protection "1; mode=block"
|
|
Header set X-Content-Type-Options "nosniff"
|
|
Header set Content-Security-Policy "frame-ancestors 'self'"
|
|
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
</IfModule>
|
|
|
|
############################# PERFORMANCE #############################
|
|
# Compress Text Files
|
|
<IfModule mod_deflate.c>
|
|
<IfModule mod_setenvif.c>
|
|
<IfModule mod_headers.c>
|
|
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
|
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
<IfModule mod_filter.c>
|
|
AddOutputFilterByType DEFLATE application/atom+xml \
|
|
application/javascript \
|
|
application/json \
|
|
application/rss+xml \
|
|
application/vnd.ms-fontobject \
|
|
application/x-font-ttf \
|
|
application/x-web-app-manifest+json \
|
|
application/xhtml+xml \
|
|
application/xml \
|
|
font/opentype \
|
|
image/svg+xml \
|
|
image/x-icon \
|
|
text/css \
|
|
text/html \
|
|
text/plain \
|
|
text/x-component \
|
|
text/xml
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
# Set Expires Headers
|
|
<IfModule mod_expires.c>
|
|
ExpiresActive on
|
|
ExpiresDefault "access plus 1 month"
|
|
ExpiresByType application/json "access plus 0 seconds"
|
|
ExpiresByType application/xml "access plus 0 seconds"
|
|
ExpiresByType text/xml "access plus 0 seconds"
|
|
ExpiresByType text/html "access plus 0 seconds"
|
|
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
|
|
ExpiresByType text/cache-manifest "access plus 0 seconds"
|
|
ExpiresByType application/rss+xml "access plus 1 hour"
|
|
</IfModule>
|
|
|
|
############################# MISCELLANEOUS #############################
|
|
# Allow Cross-Domain Fonts
|
|
<IfModule mod_headers.c>
|
|
<FilesMatch "\.(eot|otf|ttc|ttf|woff|woff2)$">
|
|
Header set Access-Control-Allow-Origin "*"
|
|
</FilesMatch>
|
|
</IfModule>
|