-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess
201 lines (177 loc) · 7.28 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
#------------------------------------------------------------------------
# * WP WEB - https://wpweb.com.br
# * Copyright (C) 2023-2024 INformigados - https://informigados.com.br
#
# Add these lines to your .htaccess to speed boost
#
# Do not overwrite/replace with your .htaccess, but ADD these lines!
#------------------------------------------------------------------------
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Redirects the main site index.php
RewriteRule ^index\.php$ - [L]
# Conditions for files and directories that exist
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Redirects all requests to index.php if above conditions are met
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# Block Access to Sensitive Files
<FilesMatch "^wp-admin/includes/.*$|^wp-includes/.*\.php$|^wp-content/.*\.php$|^.*\.md$|^.*\.txt$|^/vendor/.*$|^/node_modules/.*$">
Order deny,allow
Deny from all
# Prevents direct access to PHP and Markdown files within core directories
</FilesMatch>
# Prevent Direct Access to XML and PHP Files in Uploads Directory
<DirectoryMatch "^wp-content/uploads/">
<Files "*.php">
Order Deny,Allow
Deny from All
# Blocks direct PHP file access in uploads
</Files>
<Files "*.xml">
Order Deny,Allow
Deny from All
# Blocks direct XML file access in uploads
</Files>
</DirectoryMatch>
# Disable Directory Browsing
Options -Indexes
# Prevents users from seeing files in a directory that doesn't have an index file
# Block xmlrpc
<files xmlrpc.php>
Require all denied
</files>
# Block xmlrpc End
# Block .htaccess and .htpasswd
<FilesMatch ^(?i:\.ht.*)$>
Require all denied
</FilesMatch>
# Block .htaccess and .htpasswd End
# Block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# Block author scans End
# Block access sensitive files
<FilesMatch "^.*(((?:wp-config)\.(?:php|bak|swp))|php.ini|\.[hH][tT][aApP].*|((?:error_log|readme|license|changelog|-config|-sample)\.(?:php|md|log|txt|htm|html)))$">
Require all denied
</FilesMatch>
# Block access sensitive files End
# Enable bot protection
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} (?:virusbot|spambot|evilbot|acunetix|BLEXBot|domaincrawler\.com|LinkpadBot|MJ12bot/v|majestic12\.co\.uk|AhrefsBot|TwengaBot|SemrushBot|nikto|winhttp|Xenu\s+Link\s+Sleuth|Baiduspider|HTTrack|clshttp|harvest|extract|grab|miner|python-requests) [NC]
RewriteRule ^(.*)$ http://no.access/
# Enable bot protection End
# Protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all
# Ensures wp-config.php, which contains sensitive information, is not accessible
</files>
# Enable Brotli Compression (if supported)
<IfModule mod_brotli.c>
AddOutputFilterByType BROTLI_COMPRESS text/plain text/css application/json application/javascript application/xml text/xml image/svg+xml
# Applies Brotli compression to improve load times for supported formats
</IfModule>
# Add MIME Type
<IfModule mime_module>
AddType text/cache-manifest .appcache
AddType image/x-icon .ico
AddType image/svg+xml .svg
AddType application/x-font-ttf .ttf
AddType application/x-font-woff .woff
AddType application/x-font-woff2 .woff2
AddType application/x-font-opentype .otf
AddType application/vnd.ms-fontobject .eot
</IfModule>
<IfModule mod_headers.c>
# For proxy cache (will cache images and fonts)
<FilesMatch "\.(ico|jpe?g|png|gif|svg|swf|pdf|ttf|woff|woff2|otf|eot)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
# To avoid proxy servers to distibute incorrect contents
Header append Vary Accept-Encoding env=!dont-vary
# Security improvement
Header always append X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header always set Content-Security-Policy "upgrade-insecure-requests"
Header always set Referrer-Policy "no-referrer-when-downgrade"
Header always set Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=(), fullscreen=(self)"
# Enable Keep-Alive
#<IfModule mod_env.c>
SetEnv KeepAlive On
SetEnv KeepAliveTimeout 15
SetEnv MaxKeepAliveRequests 100
</IfModule>
#Header unset Connection
#Header set Connection keep-alive
# To ignore ETags(Configure entity tags)
Header unset ETag
# Browser Cache Setting
<IfModule mod_expires.c>
ExpiresActive On
# Expire cache (Set as 1 sec)
ExpiresDefault "access plus 1 seconds"
# For each MIME Type
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/js "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/webp "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType font/woff "access plus 1 year"
ExpiresByType font/woff2 "access plus 1 year"
ExpiresByType application/x-font-woff "access plus 1 year"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/json "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType application/font-woff "access plus 1 year"
ExpiresByType application/x-font-woff "access plus 1 year"
ExpiresByType application/font-woff2 "access plus 1 year"
ExpiresByType application/x-font-woff2 "access plus 1 year"
ExpiresByType application/x-font-ttf "access plus 1 year"
ExpiresByType application/x-font-opentype "access plus 1 year"
ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
</IfModule>
</IfModule>
FileETag None
# Gzip Compresssion
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
# For Browser versions
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch \bMSIE\s(7|8) !no-gzip !gzip-only-text/html
# To avoid re-compression for post-compressed contents such as images
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|ico|eot|woff|woff2)$ no-gzip dont-vary
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/js
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-font-woff
AddOutputFilterByType DEFLATE application/x-font-woff2
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
</IfModule>