# Remove autoindex IndexIgnore */* # Try to set PHP settings php_value upload_max_filesize 20M php_value post_max_size 20M php_value upload_max_filesize 20M php_value post_max_size 20M # Deny access to files starting with dot Order allow,deny Deny from all # Deny access to log, sql, htaccess ecc.. Order allow,deny Deny from all # Deny access to VERSION, REVISION and config file Order allow,deny Deny from all # Disable indexing of php, html, htm, pdf files Header set X-Robots-Tag: "noindex" RewriteEngine On # Tell PHP that the mod_rewrite module is ENABLED. SetEnv HTTP_MOD_REWRITE On # Deny access to protected folders RewriteRule ^backup/ - [F,L] RewriteRule ^docs/ - [F,L] RewriteRule ^include/ - [F,L] RewriteRule ^locale/ - [F,L] RewriteRule ^logs/ - [F,L] RewriteRule ^update/ - [F,L] # Deny access to svn, git, node_modules and vendor folders RewriteRule ^.git/ - [F,L] RewriteRule ^.svn/ - [F,L] RewriteRule ^node_modules/ - [F,L] RewriteRule ^vendor/ - [F,L] # Disable HTTP TRACE RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] # Prevent hacks # proc/self/environ? no way! RewriteCond %{QUERY_STRING} proc/self/environ [OR] # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] # Block out any script that includes a