Home Explore Help
Sign In
SMusatov
/
koseven
mirror of https://github.com/koseven/koseven.git
1
0
Fork 0
Files
Branch: devel
Branches Tags
koseven
/
public
/
example.htaccess

example.htaccess 2.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. # Turn on URL rewriting
    2. 

  2. RewriteEngine On
    3. 

  3. 

  4. ###Hides server version on Apache
    5. 

  5. ###http://www.ducea.com/2006/06/15/apache-tips-tricks-hide-apache-software-version/
    6. 

  6. #ServerTokens ProductOnly
    7. 

  7. #ServerSignature Off
    8. 

  8. 

  9. ###Forces https
    10. 

  10. <IfModule mod_rewrite.c>
    11. 

  11.     #RewriteCond %{SERVER_PORT} !^443
    12. 

  12.     #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    13. 

  13. 

  14.     ###Set certificate pinning
    15. 

  15.     ###https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
    16. 

  16.     <IfModule mod_headers.c>
    17. 

  17.         #Header set Public-Key-Pins "max-age=500; includeSubDomains; pin-sha256=\"\"; report-uri=\"report-uri\"";
    18. 

  18.     </IfModule>
    19. 

  19. 

  20.     ###Sets HSTS (Strict-Transport-Security)
    21. 

  21.     ###https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
    22. 

  22.     <IfModule mod_headers.c>
    23. 

  23.         #Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
    24. 

  24.     </IfModule>
    25. 

  25. </IfModule>
    26. 

  26. 

  27. <IfModule mod_headers.c>
    28. 

  28.     ###Disable displaying webpage in Iframes -> prevents Clickjacking
    29. 

  29.     ###https://www.owasp.org/index.php/Clickjacking
    30. 

  30.     #Header set X-Frame-Options SAMEORIGIN
    31. 

  31. 

  32.     ###Block requests with incorrect MIME-types
    33. 

  33.     ###https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Content-Type-Options
    34. 

  34.     #Header set X-Content-Type-Options "nosniff"
    35. 

  35. 

  36.     ###Set IE-8 XSS Filter on
    37. 

  37.     ###https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection
    38. 

  38.     #Header set X-XSS-Protection "1; mode=block"
    39. 

  39. 

  40.     ###Disable Flash cross-domain requests
    41. 

  41.     ###https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Permitted-Cross-Domain-Policies
    42. 

  42.     #Header set X-Permitted-Cross-Domain-Policies "none"
    43. 

  43. </IfModule>
    44. 

  44. 

  45. # Installation directory
    46. 

  46. RewriteBase /
    47. 

  47. 

  48. # Protect hidden files from being viewed
    49. 

  49. <Files .*>
    50. 

  50. 	Order Deny,Allow
    51. 

  51. 	Deny From All
    52. 

  52. </Files>
    53. 

  53. 

  54. # Allow any files or directories that exist to be displayed directly
    55. 

  55. RewriteCond %{REQUEST_FILENAME} !-f
    56. 

  56. RewriteCond %{REQUEST_FILENAME} !-d
    57. 

  57. 

  58. # Rewrite all other URLs to index.php/URL
    59. 

  59. # godaddy hack no input file specified
    60. 

  60. RewriteRule .* index.php [PT,QSA,L]
    61.