-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess
171 lines (140 loc) · 5.4 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
####
# NOTE: This is not a "working" htaccess file. It is an example
# file for the htaccess-minifier repository.
####
# 2020-09 Server version: Apache/2.4.46 (cPanel)
RewriteOptions inherit
# "FileETag None" doesn't work in all cases.
<IfModule mod_headers.c>
Header unset ETag
</IfModule>
FileETag None
# Prevent .htaccess files from being spidered
# or viewed via a web browser. Although it seems
# that it isn't requried to block access. Tested
# with Postman and got a 403.
#<Files ".ht*">
#Require all denied
#</Files>
# Block IP addresses and/or CIDR ranges
# Common addresses that appear in blacklists
# or have been logged attempting to hack.
<RequireAll>
Require all granted
Require not ip 3.128.0.0/9
Require not ip 5.0.0.0/8
Require not ip 18.128.0.0/9
Require not ip 27.0.0.0/8
Require not ip 34.76.29.0/25
Require not ip 46.0.0.0/8
Require not ip 50.116.64.0/18
Require not ip 209.97.0.0/16
Require not ip 211.0.0.0/8
Require not ip 217.0.0.0/8
Require not ip 218.0.0.0/8
Require not ip 220.0.0.0/8
</RequireAll>
ErrorDocument 400 /httperror400.php
ErrorDocument 401 /httperror401.php
ErrorDocument 403 /httperror403.php
ErrorDocument 404 /httperror404.php
ErrorDocument 405 /httperror405.php
# https://httpd.apache.org/docs/current/rewrite/
RewriteEngine on
# Only allow methods that are in the list
# NOTE: Upstream(i.e. sub-folder) htaccess files do not
# seem to overwrite this rule, so if they allow POST and
# it is not allowed here then this has precedence
RewriteCond %{REQUEST_METHOD} !^(GET|PUT) [NC]
# RewriteCond %{REQUEST_METHOD} !^(GET) [NC]
# RewriteCond %{REQUEST_METHOD} !^(GET|POST) [NC]
RewriteRule .* - [R=405,L]
# Block User Agents
# Edit this section as needed. But it contains some
# common agents that behave badly.
#
# block the requests from machines with missing User Agent
RewriteCond %{HTTP_USER_AGENT} ^-?$ [OR,NC]
# block the requests from machines with "baidu.com" User Agent
RewriteCond %{HTTP_USER_AGENT} baidu [OR,NC]
# Either fail with a 403 or send them somewhere else :)
# RewriteRule ^ - [F,L]
# --OR--
RewriteRule ^ "https\:\/\/www\.google\.com\/" [R=301,L]
# Block HTTP Referers
#
# block the requests from machines with "burger-imperia.com" HTTP Referer
RewriteCond %{HTTP_REFERER} burger\-imperia [OR,NC]
# block the requests from machines with "pizza-imperia.com" HTTP Referer
RewriteCond %{HTTP_REFERER} pizza\-imperia [OR,NC]
# block the requests from machines with "burger-tycoon.com" HTTP Referer
RewriteCond %{HTTP_REFERER} burger\-tycoon [OR,NC]
# block the requests from machines with "pizza-tycoon.com" HTTP Referer
RewriteCond %{HTTP_REFERER} pizza\-tycoon [OR,NC]
#last one in chain...
# block the requests from machines with dissiti.com" HTTP Referer
RewriteCond %{HTTP_REFERER} dissiti
RewriteRule ^ "https\:\/\/www\.google\.com\/" [R=301,L]
# blank lines are here on purpose
### start
# this is an exclusion block
# this is an exclusion block
# this is an exclusion block
### end
# no folder browsing!
Options All -Indexes
# enable compression for specified resource types
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
AddOutputFilterByType DEFLATE font/ttf image/webp image/jpeg image/png
</IfModule>
#####
# https://httpd.apache.org/docs/2.4/mod/mod_expires.html
# https://wp-mix.com/mod-expires-file-types/ (2017)
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 5 days"
# Favicon (cannot be renamed!) and cursor images
ExpiresByType image/vnd.microsoft.icon "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
# HTML
ExpiresByType text/html "access plus 0 seconds"
### start
# Make sure dynamic stuff stays so.
<FilesMatch "\.php$">
ExpiresByType text/html "now"
</FilesMatch>
### end
# Miscellaneous
ExpiresByType font/collection "access plus 1 year"
ExpiresByType font/otf "access plus 1 year"
ExpiresByType font/sfnt "access plus 1 year"
ExpiresByType font/ttf "access plus 1 year"
ExpiresByType font/woff "access plus 1 year"
ExpiresByType font/woff2 "access plus 1 year"
# JavaScript
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType application/x-javascript "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
# CSS
ExpiresByType text/css "access plus 1 week"
# Media files
ExpiresByType audio/ogg "access plus 1 week"
ExpiresByType image/bmp "access plus 1 week"
ExpiresByType image/gif "access plus 1 week"
ExpiresByType image/jpeg "access plus 1 week"
ExpiresByType image/png "access plus 1 week"
ExpiresByType image/svg+xml "access plus 1 week"
ExpiresByType image/webp "access plus 1 week"
ExpiresByType video/mp4 "access plus 1 week"
ExpiresByType video/ogg "access plus 1 week"
ExpiresByType video/webm "access plus 1 week"
# Markdown
ExpiresByType text/markdown "access plus 1 week"
</IfModule>
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php72” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php72 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit