Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

All code examples must follow the Markdown rules as this site uses Markdown. If you don't know how, click here for a tutorial. Any code examples not using Markdown will be deleted.
All code examples must follow the Markdown rules as this site uses Markdown. If you don't know how, click here for a tutorial. Any code examples not using Markdown will be deleted.

Which is a good htaccess?

Hello! here the dout we have all the time, so i have think to post my htaccess and see if is of any help or it is wrong or or or!

<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
 #Order Allow,Deny
 #Deny from all
 Require all granted
</FilesMatch>

<FilesMatch "\.(js|css|jpg|png|jpeg|gif|xml|json|txt|pdf|mov|avi|otf|woff|ico|swf)$">
    RequestHeader unset Cookie
    Header unset Cookie
    Header unset Set-Cookie
</FilesMatch>

<IfModule pagespeed_module>
  ModPagespeed on
  ModPagespeedEnableFilters rewrite_css,combine_css
  ModPagespeedEnableFilters recompress_images
  ModPagespeedEnableFilters convert_png_to_jpeg,convert_jpeg_to_webp 
  ModPagespeedEnableFilters collapse_whitespace,remove_comments
</IfModule>

<IfModule mod_rewrite.c>
  Options +FollowSymLinks
  RewriteEngine On
  # If we receive a forwarded http request from a proxy...
  RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]

  # ...or just a plain old http request directly from the client
  RewriteCond %{HTTP:X-Forwarded-Proto} =""
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  RewriteCond %{SERVER_PORT} 80 

# Prevent Hacks

# proc/self/environ? no way!

 RewriteCond %{QUERY_STRING} proc/self/environ [OR]

# Block out any script trying to set a mosConfig value through the URL

 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# Block out any script trying to base64_encode crap to send via URL

 RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]

# Block out any script that includes a <script> tag in URL

 RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

# Block out any script trying to set a PHP GLOBALS variable via URL

 RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]

# Block out any script trying to modify a _REQUEST variable via URL

 RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})

# Send all blocked request to homepage with 403 Forbidden error!

 RewriteRule ^(.*)$ index.php [F,L]

  # Get rid of index.php
  RewriteCond %{REQUEST_URI} /index\.php
  RewriteRule (.*) index.php?rewrite=2 [L,QSA]

  # Rewrite all directory-looking urls
  RewriteCond %{REQUEST_URI} /$
  RewriteRule (.*) index.php?rewrite=1 [L,QSA]

  # Try to route missing files
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} public\/ [OR]
  RewriteCond %{REQUEST_FILENAME} \.(jpg|gif|png|ico|flv|htm|html|php|css|js)$
  RewriteRule . - [L]


  # If the file doesnt exist, rewrite to index
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?rewrite=1 [L,QSA]

</IfModule>

<FilesMatch "\.css$">
 SetHandler application/x-httpd-php
 Header set Content-type "text/css"
</FilesMatch>

<FilesMatch "\.js$">
 SetHandler application/x-httpd-php
 Header set Content-type "application/javascript"
</FilesMatch>

# sends requests /index.php/path/to/module/ to "index.php"
# AcceptPathInfo On

# @todo This may not be effective in some cases
FileETag Size
<IfModule mod_deflate.c>
<filesmatch "\.(js|css|ico|txt|htm|html|php)$">
SetOutputFilter DEFLATE
</filesmatch>
</ifmodule>
# Speed up caching
FileETag MTime Size
# Expires
ExpiresActive On
ExpiresDefault "access plus 366 days"
# Future Expires Headers
<filesmatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Expires "Sat, 29 Dec 2030 23:59:59 GMT"
</filesmatch>

<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On 
# Default directive
ExpiresDefault "access plus 1 month"

# Enable expirations
ExpiresActive On
# Default directive
ExpiresDefault "access plus 1 month"
# My favicon
ExpiresByType image/x-icon "access plus 1 year"
# Images
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
# CSS
ExpiresByType text/css "access 1 month"
# Webfonts
  ExpiresByType font/truetype             "access plus 1 month"
  ExpiresByType font/opentype             "access plus 1 month"
  ExpiresByType application/x-font-woff   "access plus 1 month"
  ExpiresByType image/svg+xml             "access plus 1 month"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

# CSS and JavaScript
  ExpiresByType text/css                  "access plus 1 year"
  ExpiresByType application/javascript    "access plus 1 year"
  ExpiresByType text/javascript           "access plus 1 year"

  <IfModule mod_headers.c>
    Header append Cache-Control "public"
  </IfModule>

</IfModule>

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yourdomain.tlc/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.tlc$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.tlc/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.tlc$      [NC]
RewriteCond %{HTTP_REFERER} !^https://yourdomain.tlc/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://yourdomain.tlc$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yourdomain.tlc/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yourdomain.tlc$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

Comments

  • Where did you get that htaccess from? Did you find it online someplace?

  • I hav emake it assembly parts i have found here and there, why is it wrong? - cries

  • Btw is my htaccess the one i use for myself

  • Oh I was making sure you didn't get it from an unsafe site. I don't know if it's good or not. I just want to make sure you aren't getting advice from a site with hackers.

  • hehe no no i mad eit by myself finding here and ther epieces abotu security and about cookies expiration

    data66
  • edited September 2017

    Hm.... Try to play with your code. Because it is strange

Sign In or Register to comment.