Advertisement
Guest User

htaccess

a guest
Oct 5th, 2016
357
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.60 KB | None | 0 0
  1. # ----------------------------------------------------------------------
  2. # | Komprimierung und Caching |
  3. # ----------------------------------------------------------------------
  4.  
  5. # Serve resources with far-future expires headers.
  6. #
  7. # (!) If you don't control versioning with filename-based
  8. # cache busting, you should consider lowering the cache times
  9. # to something like one week.
  10. #
  11. # https://httpd.apache.org/docs/current/mod/mod_expires.html
  12.  
  13. <IfModule mod_expires.c>
  14. ExpiresActive on
  15. ExpiresDefault "access plus 1 month"
  16.  
  17. # CSS
  18. ExpiresByType text/css "access plus 1 year"
  19.  
  20. # Data interchange
  21. ExpiresByType application/atom+xml "access plus 1 hour"
  22. ExpiresByType application/rdf+xml "access plus 1 hour"
  23. ExpiresByType application/rss+xml "access plus 1 hour"
  24.  
  25. ExpiresByType application/json "access plus 0 seconds"
  26. ExpiresByType application/ld+json "access plus 0 seconds"
  27. ExpiresByType application/schema+json "access plus 0 seconds"
  28. ExpiresByType application/vnd.geo+json "access plus 0 seconds"
  29. ExpiresByType application/xml "access plus 0 seconds"
  30. ExpiresByType text/xml "access plus 0 seconds"
  31.  
  32. # Favicon (cannot be renamed!) and cursor images
  33. ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
  34. ExpiresByType image/x-icon "access plus 1 week"
  35.  
  36. # HTML - Behält die Website eine Stunde im Cache, neues wird erst nach Ablauf einer Stunde
  37. # angezeigt. Wenn nicht gewuenscht, bei 3600 eine Null eintragen
  38. ExpiresByType text/html "access plus 0 seconds"
  39.  
  40. # JavaScript
  41. ExpiresByType application/javascript "access plus 1 year"
  42. ExpiresByType application/x-javascript "access plus 1 year"
  43. ExpiresByType text/javascript "access plus 1 year"
  44.  
  45. # Manifest files
  46. ExpiresByType application/manifest+json "access plus 1 week"
  47. ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
  48. ExpiresByType text/cache-manifest "access plus 0 seconds"
  49.  
  50. # Media files
  51. ExpiresByType audio/ogg "access plus 1 month"
  52. ExpiresByType image/bmp "access plus 1 month"
  53. ExpiresByType image/gif "access plus 1 month"
  54. ExpiresByType image/jpeg "access plus 1 month"
  55. ExpiresByType image/png "access plus 1 month"
  56. ExpiresByType image/svg+xml "access plus 1 month"
  57. ExpiresByType image/webp "access plus 1 month"
  58. ExpiresByType video/mp4 "access plus 1 month"
  59. ExpiresByType video/ogg "access plus 1 month"
  60. ExpiresByType video/webm "access plus 1 month"
  61.  
  62. # Web fonts
  63.  
  64. # Embedded OpenType (EOT)
  65. ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
  66. ExpiresByType font/eot "access plus 1 month"
  67.  
  68. # OpenType
  69. ExpiresByType font/opentype "access plus 1 month"
  70.  
  71. # TrueType
  72. ExpiresByType application/x-font-ttf "access plus 1 month"
  73.  
  74. # Web Open Font Format (WOFF) 1.0
  75. ExpiresByType application/font-woff "access plus 1 month"
  76. ExpiresByType application/x-font-woff "access plus 1 month"
  77. ExpiresByType font/woff "access plus 1 month"
  78.  
  79. # Web Open Font Format (WOFF) 2.0
  80. ExpiresByType application/font-woff2 "access plus 1 month"
  81.  
  82. # Other
  83. ExpiresByType text/x-cross-domain-policy "access plus 1 week"
  84. </IfModule>
  85.  
  86. <IfModule mod_deflate.c>
  87. # Insert filters / compress text, html, javascript, css, xml:
  88. AddOutputFilterByType DEFLATE text/plain
  89. AddOutputFilterByType DEFLATE text/html
  90. AddOutputFilterByType DEFLATE text/xml
  91. AddOutputFilterByType DEFLATE text/css
  92. AddOutputFilterByType DEFLATE text/vtt
  93. AddOutputFilterByType DEFLATE text/x-component
  94. AddOutputFilterByType DEFLATE application/xml
  95. AddOutputFilterByType DEFLATE application/xhtml+xml
  96. AddOutputFilterByType DEFLATE application/rss+xml
  97. AddOutputFilterByType DEFLATE application/js
  98. AddOutputFilterByType DEFLATE application/javascript
  99. AddOutputFilterByType DEFLATE application/x-javascript
  100. AddOutputFilterByType DEFLATE application/x-httpd-php
  101. AddOutputFilterByType DEFLATE application/x-httpd-fastphp
  102. AddOutputFilterByType DEFLATE application/atom+xml
  103. AddOutputFilterByType DEFLATE application/json
  104. AddOutputFilterByType DEFLATE application/ld+json
  105. AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  106. AddOutputFilterByType DEFLATE application/x-font-ttf
  107. AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
  108. AddOutputFilterByType DEFLATE font/opentype
  109. AddOutputFilterByType DEFLATE image/svg+xml
  110. AddOutputFilterByType DEFLATE image/x-icon
  111.  
  112. # Exception: Images
  113. SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary
  114.  
  115. # Drop problematic browsers
  116. BrowserMatch ^Mozilla/4 gzip-only-text/html
  117. BrowserMatch ^Mozilla/4\.0[678] no-gzip
  118. BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
  119.  
  120. # Make sure proxies don't deliver the wrong content
  121. Header append Vary User-Agent env=!dont-vary
  122. </IfModule>
  123.  
  124. #Alternative caching using Apache's "mod_headers", if it's installed.
  125. #Caching of common files - ENABLED
  126. <IfModule mod_headers.c>
  127. <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$">
  128. Header set Cache-Control "max-age=2592000, public"
  129. </FilesMatch>
  130. </IfModule>
  131.  
  132. <IfModule mod_headers.c>
  133. <FilesMatch "\.(js|css|xml|gz)$">
  134. Header append Vary Accept-Encoding
  135. </FilesMatch>
  136. </IfModule>
  137.  
  138. # Set Keep Alive Header
  139. <IfModule mod_headers.c>
  140. Header set Connection keep-alive
  141. </IfModule>
  142.  
  143. # If your server don't support ETags deactivate with "None" (and remove header)
  144. <IfModule mod_expires.c>
  145. <IfModule mod_headers.c>
  146. Header unset ETag
  147. </IfModule>
  148. FileETag None
  149. </IfModule>
  150.  
  151. # ----------------------------------------------------------------------
  152. # | 6g Firewall für Sicherheit - HIER NICHTS AENDERN, ANSONSTEN IST DIE WEBSITE ANGREIFBAR
  153. # ----------------------------------------------------------------------
  154.  
  155. # 6G FIREWALL/BLACKLIST
  156. # @ https://perishablepress.com/6g/
  157.  
  158. # 6G:[QUERY STRINGS]
  159. <IfModule mod_rewrite.c>
  160. RewriteEngine On
  161. RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
  162. RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
  163. RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR]
  164. RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
  165. RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
  166. RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
  167. RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
  168. RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
  169. RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
  170. RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
  171. RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC]
  172. RewriteRule .* - [F]
  173. </IfModule>
  174.  
  175. # 6G:[REQUEST METHOD]
  176. <IfModule mod_rewrite.c>
  177. RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC]
  178. RewriteRule .* - [F]
  179. </IfModule>
  180.  
  181. # 6G:[REFERRERS]
  182. <IfModule mod_rewrite.c>
  183. RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR]
  184. RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
  185. RewriteRule .* - [F]
  186. </IfModule>
  187.  
  188. # 6G:[REQUEST STRINGS]
  189. <IfModule mod_alias.c>
  190. RedirectMatch 403 (?i)([a-z0-9]{2000})
  191. RedirectMatch 403 (?i)(https?|ftp|php):/
  192. RedirectMatch 403 (?i)(base64_encode)(.*)(\()
  193. RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\.
  194. RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&amp;?)/?$
  195. RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")
  196. RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|)
  197. RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
  198. RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
  199. RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
  200. RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
  201. </IfModule>
  202.  
  203. # 6G:[USER AGENTS]
  204. <IfModule mod_setenvif.c>
  205. SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot
  206. SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
  207. <limit GET POST PUT>
  208. Order Allow,Deny
  209. Allow from All
  210. Deny from env=bad_bot
  211. </limit>
  212. </IfModule>
  213.  
  214. # 6G:[BAD IPS]
  215. <Limit GET HEAD OPTIONS POST PUT>
  216. Order Allow,Deny
  217. Allow from All
  218. # uncomment/edit/repeat next line to block IPs
  219. # Deny from 123.456.789
  220. </Limit>
  221.  
  222. # ----------------------------------------------------------------------
  223. # | Zeichensatz setzen
  224. # ----------------------------------------------------------------------
  225.  
  226. AddDefaultCharset UTF-8
  227.  
  228. # ----------------------------------------------------------------------
  229. # Wichtige WordPress-Dateien gegen den Zugriff von außen blocken
  230. # ----------------------------------------------------------------------
  231.  
  232. # Kein Zugriff auf die install.php
  233. <files install.php>
  234. Order allow,deny
  235. Deny from all
  236. </files>
  237.  
  238. # Kein Zugriff auf die wp-config.php
  239. <files wp-config.php>
  240. Order allow,deny
  241. Deny from all
  242. </files>
  243.  
  244. # Kein Zugriff auf die readme.html
  245. <files readme.html>
  246. Order Allow,Deny
  247. Deny from all
  248. Satisfy all
  249. </Files>
  250.  
  251. # Kein Zugriff auf die liesmich.html für die DE Edition
  252. <Files liesmich.html>
  253. Order Allow,Deny
  254. Deny from all
  255. Satisfy all
  256. </Files>
  257.  
  258. # Kein Zugriff auf das Error-Log
  259. <files error_log>
  260. Order allow,deny
  261. Deny from all
  262. </files>
  263.  
  264. #Zugriff auf .htaccess und .htpasswd verbieten. Wenn keine .htpasswd benutzt wird, kann der Code dafür entfernt werden.
  265. <FilesMatch "(\.htaccess|\.htpasswd)">
  266. Order deny,allow
  267. Deny from all
  268. </FilesMatch>
  269.  
  270. # Den Zugriff auf den Include-Ordner verbieten
  271. <IfModule mod_rewrite.c>
  272. RewriteEngine On
  273. RewriteBase /
  274. RewriteRule ^wp-admin/includes/ - [F,L]
  275. RewriteRule !^wp-includes/ - [S=3]
  276. RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
  277. RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
  278. RewriteRule ^wp-includes/theme-compat/ - [F,L]
  279. </IfModule>
  280.  
  281. # ----------------------------------------------------------------------
  282. # Schutz des Administrator-Bereichs. Wenn der .htaccess/.htpasswd Schutz
  283. # genutzt werden soll, auskommentieren UND PFAD ANPASSEN
  284. # ----------------------------------------------------------------------
  285.  
  286. <Files wp-login.php>
  287. AuthName "Admin-Bereich"
  288. AuthType Basic
  289. AuthUserFile /pfad/.htpasswd
  290. require valid-user
  291. </Files>
  292.  
  293. #Full Path Disclosure abschalten - unterdrueckt die Anzeige des vollstaendigen Fehlerpfads
  294. #php_flag display_errors Off
  295.  
  296. # ----------------------------------------------------------------------
  297. # Hotlinking verbieten (verhindert, dass andere Deine Bilder von Deinem Server nutzen
  298. # WICHTIG: Auskommentieren und deine Domain einfuegen
  299. # ----------------------------------------------------------------------
  300.  
  301. <IfModule mod_rewrite.c>
  302. RewriteEngine on
  303. RewriteCond %{HTTP_REFERER} !^$
  304. RewriteCond %{HTTP_REFERER} !^https://(www\.)?domain\.de(/.*)?$ [NC]
  305. RewriteRule \.(jpg|jpeg|gif||png)$ - [F]
  306. </ifModule>
  307.  
  308. # ----------------------------------------------------------------------
  309. # Das Sicherheitsrisiko XML-RPC Schnittstelle komplett abschalten
  310. # ----------------------------------------------------------------------
  311.  
  312. <Files xmlrpc.php>
  313. Order Deny,Allow
  314. Deny from all
  315. </Files>
  316.  
  317. # ----------------------------------------------------------------------
  318. # | WordPress Rewrite Rules - HIER NICHTS AENDERN, ODER WORDPRESS FUNKTIONIERT NICHT MEHR
  319. # ----------------------------------------------------------------------
  320.  
  321. # BEGIN WordPress
  322. <IfModule mod_rewrite.c>
  323. RewriteEngine On
  324. RewriteBase /
  325. RewriteRule ^index\.php$ - [L]
  326. RewriteCond %{REQUEST_FILENAME} !-f
  327. RewriteCond %{REQUEST_FILENAME} !-d
  328. RewriteRule . /index.php [L]
  329. </IfModule>
  330. # END WordPress
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement