# Remove autoindex <IfModule mod_autoindex.c> IndexIgnore */* </IfModule> # Deny access to files starting with dot <FilesMatch "^\."> Order allow,deny Deny from all </FilesMatch> # Deny access to log, sql, htaccess ecc.. <FilesMatch "\.(ini|psd|log|sh|sql|md|lock|phar)$"> Order allow,deny Deny from all </FilesMatch> # Deny access to VERSION, REVISION and config file <Files ~ "(VERSION$|REVISION$|LICENSE|(config.inc|config.example).php|(composer|package).json|gulpfile.js)"> Order allow,deny Deny from all </Files> # Disable indexing of php, html, htm, pdf files ServerSignature Off <IfModule mod_headers.c> Header set X-Robots-Tag: "noindex,nofollow" Header set X-Content-Type-Options nosniff </IfModule> <IfModule mod_rewrite.c> RewriteEngine On # Tell PHP that the mod_rewrite module is ENABLED. <IfModule mod_env.c> SetEnv HTTP_MOD_REWRITE On </IfModule> # Deny access to protected folders RewriteRule ^backup/ - [F,L] RewriteRule ^docs/ - [F,L] RewriteRule ^include/ - [F,L] RewriteRule ^locale/ - [F,L] RewriteRule ^logs/ - [F,L] RewriteRule ^update/ - [F,L] # Deny access to svn, git, node_modules and vendor folders RewriteRule ^.git/ - [F,L] RewriteRule ^.svn/ - [F,L] RewriteRule ^node_modules/ - [F,L] RewriteRule ^vendor/ - [F,L] # Disable HTTP TRACE RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] # Prevent hacks # proc/self/environ? no way! RewriteCond %{QUERY_STRING} proc/self/environ [OR] # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2}) # Block visitors referred from indicated domains SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) HTTP_SAFE_BADBOT SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spiderman) HTTP_SAFE_BADBOT Deny from env=HTTP_SAFE_BADBOT </ifModule> # Compress text, html, javascript, css, ecc... <IfModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text/.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image/.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </IfModule>