Which is a good htaccess?

Hello! here the dout we have all the time, so i have think to post my htaccess and see if is of any help or it is wrong or or or!

<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
 #Order Allow,Deny
 #Deny from all
 Require all granted

<FilesMatch "\.(js|css|jpg|png|jpeg|gif|xml|json|txt|pdf|mov|avi|otf|woff|ico|swf)$">
    RequestHeader unset Cookie
    Header unset Cookie
    Header unset Set-Cookie

<IfModule pagespeed_module>
  ModPagespeed on
  ModPagespeedEnableFilters rewrite_css,combine_css
  ModPagespeedEnableFilters recompress_images
  ModPagespeedEnableFilters convert_png_to_jpeg,convert_jpeg_to_webp 
  ModPagespeedEnableFilters collapse_whitespace,remove_comments

<IfModule mod_rewrite.c>
  Options +FollowSymLinks
  RewriteEngine On
  # If we receive a forwarded http request from a proxy...
  RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]

  # ...or just a plain old http request directly from the client
  RewriteCond %{HTTP:X-Forwarded-Proto} =""
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  RewriteCond %{SERVER_PORT} 80 

# Prevent Hacks

# proc/self/environ? no way!

 RewriteCond %{QUERY_STRING} proc/self/environ [OR]

# Block out any script trying to set a mosConfig value through the URL

 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# Block out any script trying to base64_encode crap to send via URL

 RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]

# Block out any script that includes a <script> tag in URL

 RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

# Block out any script trying to set a PHP GLOBALS variable via URL

 RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]

# Block out any script trying to modify a _REQUEST variable via URL

 RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})

# Send all blocked request to homepage with 403 Forbidden error!

 RewriteRule ^(.*)$ index.php [F,L]

  # Get rid of index.php
  RewriteCond %{REQUEST_URI} /index\.php
  RewriteRule (.*) index.php?rewrite=2 [L,QSA]

  # Rewrite all directory-looking urls
  RewriteCond %{REQUEST_URI} /$
  RewriteRule (.*) index.php?rewrite=1 [L,QSA]

  # Try to route missing files
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} public\/ [OR]
  RewriteCond %{REQUEST_FILENAME} \.(jpg|gif|png|ico|flv|htm|html|php|css|js)$
  RewriteRule . - [L]

  # If the file doesnt exist, rewrite to index
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?rewrite=1 [L,QSA]


<FilesMatch "\.css$">
 SetHandler application/x-httpd-php
 Header set Content-type "text/css"

<FilesMatch "\.js$">
 SetHandler application/x-httpd-php
 Header set Content-type "application/javascript"

# sends requests /index.php/path/to/module/ to "index.php"
# AcceptPathInfo On

# @todo This may not be effective in some cases
FileETag Size
<IfModule mod_deflate.c>
<filesmatch "\.(js|css|ico|txt|htm|html|php)$">
SetOutputFilter DEFLATE
# Speed up caching
FileETag MTime Size
# Expires
ExpiresActive On
ExpiresDefault "access plus 366 days"
# Future Expires Headers
<filesmatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Expires "Sat, 29 Dec 2030 23:59:59 GMT"

<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On 
# Default directive
ExpiresDefault "access plus 1 month"

# Enable expirations
ExpiresActive On
# Default directive
ExpiresDefault "access plus 1 month"
# My favicon
ExpiresByType image/x-icon "access plus 1 year"
# Images
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType text/css "access 1 month"
# Webfonts
  ExpiresByType font/truetype             "access plus 1 month"
  ExpiresByType font/opentype             "access plus 1 month"
  ExpiresByType application/x-font-woff   "access plus 1 month"
  ExpiresByType image/svg+xml             "access plus 1 month"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

# CSS and JavaScript
  ExpiresByType text/css                  "access plus 1 year"
  ExpiresByType application/javascript    "access plus 1 year"
  ExpiresByType text/javascript           "access plus 1 year"

  <IfModule mod_headers.c>
    Header append Cache-Control "public"


RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yourdomain.tlc/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.tlc$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.tlc/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.tlc$      [NC]
RewriteCond %{HTTP_REFERER} !^https://yourdomain.tlc/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://yourdomain.tlc$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yourdomain.tlc/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yourdomain.tlc$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]


  • Where did you get that htaccess from? Did you find it online someplace?

  • I hav emake it assembly parts i have found here and there, why is it wrong? - cries

  • Btw is my htaccess the one i use for myself

  • Oh I was making sure you didn't get it from an unsafe site. I don't know if it's good or not. I just want to make sure you aren't getting advice from a site with hackers.

  • hehe no no i mad eit by myself finding here and ther epieces abotu security and about cookies expiration

  • edited September 2017

    Hm.... Try to play with your code. Because it is strange

Sign In or Register to comment.