-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.htaccess
More file actions
42 lines (33 loc) · 1.47 KB
/
.htaccess
File metadata and controls
42 lines (33 loc) · 1.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Block direct access to sensitive files and directories
<FilesMatch "(^\.|composer\.|Dockerfile|Makefile|package\.json|phpunit\.xml)">
Require all denied
</FilesMatch>
# Specifically deny access to common backend/dev files
<FilesMatch "\.(log|sql|json|env|sh|bak|swp|txt|yml|yaml)$">
Require all denied
</FilesMatch>
# Block common malicious user agents and referrers
SetEnvIfNoCase User-Agent "(.shodan|zgrab|nmap|nikto|hydra|acunetix|nessus)" bad_bot
Deny from env=bad_bot
# Prevent directory listings
Options -Indexes
# Enforce secure HTTP headers
<IfModule mod_headers.c>
# Strict-Transport-Security (HSTS) - Forcing HTTPS
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
# X-Frame-Options - Prevents Clickjacking
Header always set X-Frame-Options "SAMEORIGIN"
# X-Content-Type-Options - Prevents MIME-sniffing
Header always set X-Content-Type-Options "nosniff"
# Referrer-Policy - Controls referrer information
Header always set Referrer-Policy "no-referrer-when-downgrade"
# Permissions-Policy - Controls browser features (e.g., camera, microphone)
# Add or remove features as needed for your site
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
</IfModule>
# Redirect HTTP to HTTPS for all requests
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>