-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.htaccess
39 lines (32 loc) · 1.22 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# Prevent access to Directory Listing
Options -Indexes
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
# X-XSS-Protection, X-Frame-Options, X-Content-Type nosniff, HSTS Strict Transport Security (HSTS)
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
</IfModule>
# Session cookies HTTP & SEcure Flag
php_value session.cookie_httponly 1
php_value session.cookie_secure 1
# Rewrite everything to access to https except http
RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# To externally redirect /dir/foo.php to /dir/foo excluding POST requests
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R=302,L,NE]
## To internally redirect /dir/foo to /dir/foo.php
RewriteCond %{REQUEST_FILENAME}.php -f [NC]
RewriteRule ^ %{REQUEST_URI}.php [L]
### Website password protection
#AuthUserFile /opt/lampp/htdocs/.htpasswd
#AuthType Basic
#AuthName "Restricted Access to AG"
#Require valid-user