PHP Classes

File: .htaccess

Recommend this page to a friend!
  Classes of Marco Cesarato   PHP AIO Security Class   .htaccess   Download  
File: .htaccess
Role: Auxiliary data
Content type: text/plain
Description: Auxiliary data
Class: PHP AIO Security Class
Filter untrusted data to prevent security issues
Author: By
Last change: Update of .htaccess
Date: 4 years ago
Size: 2,522 bytes
 

Contents

Class file image Download
# htaccess # @author: Marco Cesarato <cesarato.developer@gmail.com> IndexIgnore * Options All -Indexes # Hide server informations ServerSignature Off #LimitRequestBody 10240000 # Security php settings #php_flag expose_php off #php_flag allow_url_fopen off #php_flag magic_quotes_gpc off #php_flag register_globals off #php_flag session.cookie_httponly on #php_flag session.use_only_cookies on # Headers protection/improvements <IfModule mod_headers.c> # Hide server informations Header always unset X-Powered-By Header unset X-Powered-By # XSS Protection Header set X-XSS-Protection "1; mode=block" # Clickjacking Header set X-Frame-Options "sameorigin" Header set Accept-Encoding "gzip, deflate" Header set Cache-Control "max-age=15552000, must-revalidate" Header set Referer-Policy "origin" Header set Strict-Transport-Security "max-age=16070400; includeSubDomains" Header set X-UA-Compatible "IE=edge,chrome=1" Header set X-Permitted-Cross-Domain-Policies "master-only" Header set X-Content-Type-Options "nosniff" Header set X-Download-Options "noopen" Header set Access-Control-Allow-Methods "GET, POST" # Content policy #Header set Content-Security-Policy "default-src 'self'" Header set Content-Security-Policy "default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; object-src 'self'" </IfModule> <IfModule mod_rewrite.c> # Enable URL Rewriter RewriteEngine On Options +FollowSymlinks Options +SymLinksIfOwnerMatch RewriteCond %{REQUEST_METHOD} ^(TRACE|OPTIONS) RewriteRule .* ? [F] # HTTPS #RewriteCond %{HTTPS} !on #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} # URL Rewrite # Remove comment from here if you use a url rewriter #RewriteBase / #RewriteRule ^index\.php$ - [L] #RewriteCond %{REQUEST_FILENAME} !-f #RewriteCond %{REQUEST_FILENAME} !-d #RewriteRule . index.php [L] RewriteRule .*\.git.* index.php [L] RewriteRule .*\.svn.* index.php [L] RewriteRule .*\.hg.* index.php [L] </IfModule> # File protection <Files ~ "^(config)\.php"> Order Allow,Deny Deny from all </Files> <Files ~ "^.*\.([Hh][Tt][Aa])"> Order Allow,Deny Deny from all Satisfy all </Files> # Robots file protection <Files ~ "\.pdf$"> Header set X-Robots-Tag "noindex, nofollow" </Files> <Files ~ "\.(png|jpe?g|gif|bmp|psd)$"> Header set X-Robots-Tag "noindex" </Files>