example_2.4.htaccess 2.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
  1. # Turn on URL rewriting
  2. RewriteEngine On
  3. ###Hides server version on Apache
  4. ###http://www.ducea.com/2006/06/15/apache-tips-tricks-hide-apache-software-version/
  5. #ServerTokens ProductOnly
  6. #ServerSignature Off
  7. ###Forces https
  8. <IfModule mod_rewrite.c>
  9. #RewriteCond %{SERVER_PORT} !^443
  10. #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  11. ###Set certificate pinning
  12. ###https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
  13. <IfModule mod_headers.c>
  14. #Header set Public-Key-Pins "max-age=500; includeSubDomains; pin-sha256=\"\"; report-uri=\"report-uri\"";
  15. </IfModule>
  16. ###Sets HSTS (Strict-Transport-Security)
  17. ###https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
  18. <IfModule mod_headers.c>
  19. #Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
  20. </IfModule>
  21. </IfModule>
  22. <IfModule mod_headers.c>
  23. ###Disable displaying webpage in Iframes -> prevents Clickjacking
  24. ###https://www.owasp.org/index.php/Clickjacking
  25. #Header set X-Frame-Options SAMEORIGIN
  26. ###Block requests with incorrect MIME-types
  27. ###https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Content-Type-Options
  28. #Header set X-Content-Type-Options "nosniff"
  29. ###Set IE-8 XSS Filter on
  30. ###https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection
  31. #Header set X-XSS-Protection "1; mode=block"
  32. ###Disable Flash cross-domain requests
  33. ###https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Permitted-Cross-Domain-Policies
  34. #Header set X-Permitted-Cross-Domain-Policies "none"
  35. </IfModule>
  36. # Installation directory
  37. RewriteBase /
  38. # Protect hidden files from being viewed
  39. <Files .*>
  40. Require all denied
  41. </Files>
  42. # Allow any files or directories that exist to be displayed directly
  43. RewriteCond %{REQUEST_FILENAME} !-f
  44. RewriteCond %{REQUEST_FILENAME} !-d
  45. # Rewrite all other URLs to index.php/URL
  46. # godaddy hack no input file specified
  47. RewriteRule .* index.php [PT,QSA,L]