Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. <IfModule mod_security.c>
  2. SecFilterEngine Off
  3. SecFilterScanPOST Off
  4. </IfModule>
  5.  
  6. <IfModule mod_rewrite.c>
  7. RewriteEngine on
  8.  
  9. # Ensure the Authorization HTTP header is available to PHP
  10. RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  11.  
  12. # Uncomment the following lines if you are not using a `public` directory
  13. # to prevent sensitive resources from being exposed.
  14. # RewriteRule /\.git / [F,L]
  15. # RewriteRule ^composer\.(lock|json)$ / [F,L]
  16. # RewriteRule ^config.php$ / [F,L]
  17. # RewriteRule ^flarum$ / [F,L]
  18. # RewriteRule ^storage/(.*)?$ / [F,L]
  19. # RewriteRule ^vendor/(.*)?$ / [F,L]
  20.  
  21. # Pass requests that don't refer directly to files in the filesystem to index.php
  22. RewriteCond %{REQUEST_FILENAME} !-f
  23. RewriteCond %{REQUEST_FILENAME} !-d
  24. RewriteRule ^ index.php [QSA,L]
  25. </IfModule>
  26.  
  27. # Disable directory listings
  28. Options -Indexes
  29.  
  30. # MultiViews can mess up our rewriting scheme
  31. Options -MultiViews
  32.  
  33. # The following directives are based on best practices from H5BP Apache Server Configs
  34. # https://github.com/h5bp/server-configs-apache
  35.  
  36. # Expire rules for static content
  37. <IfModule mod_expires.c>
  38. ExpiresActive on
  39. ExpiresDefault "access plus 1 month"
  40. ExpiresByType text/css "access plus 1 year"
  41. ExpiresByType application/atom+xml "access plus 1 hour"
  42. ExpiresByType application/rdf+xml "access plus 1 hour"
  43. ExpiresByType application/rss+xml "access plus 1 hour"
  44. ExpiresByType application/json "access plus 0 seconds"
  45. ExpiresByType application/ld+json "access plus 0 seconds"
  46. ExpiresByType application/schema+json "access plus 0 seconds"
  47. ExpiresByType application/vnd.geo+json "access plus 0 seconds"
  48. ExpiresByType application/xml "access plus 0 seconds"
  49. ExpiresByType text/calendar "access plus 0 seconds"
  50. ExpiresByType text/xml "access plus 0 seconds"
  51. ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
  52. ExpiresByType image/x-icon "access plus 1 week"
  53. ExpiresByType text/html "access plus 0 seconds"
  54. ExpiresByType application/javascript "access plus 1 year"
  55. ExpiresByType application/x-javascript "access plus 1 year"
  56. ExpiresByType text/javascript "access plus 1 year"
  57. ExpiresByType application/manifest+json "access plus 1 week"
  58. ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
  59. ExpiresByType text/cache-manifest "access plus 0 seconds"
  60. ExpiresByType text/markdown "access plus 0 seconds"
  61. ExpiresByType audio/ogg "access plus 1 month"
  62. ExpiresByType image/bmp "access plus 1 month"
  63. ExpiresByType image/gif "access plus 1 month"
  64. ExpiresByType image/jpeg "access plus 1 month"
  65. ExpiresByType image/png "access plus 1 month"
  66. ExpiresByType image/svg+xml "access plus 1 month"
  67. ExpiresByType image/webp "access plus 1 month"
  68. ExpiresByType video/mp4 "access plus 1 month"
  69. ExpiresByType video/ogg "access plus 1 month"
  70. ExpiresByType video/webm "access plus 1 month"
  71. ExpiresByType application/wasm "access plus 1 year"
  72. ExpiresByType font/collection "access plus 1 month"
  73. ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
  74. ExpiresByType font/eot "access plus 1 month"
  75. ExpiresByType font/opentype "access plus 1 month"
  76. ExpiresByType font/otf "access plus 1 month"
  77. ExpiresByType application/x-font-ttf "access plus 1 month"
  78. ExpiresByType font/ttf "access plus 1 month"
  79. ExpiresByType application/font-woff "access plus 1 month"
  80. ExpiresByType application/x-font-woff "access plus 1 month"
  81. ExpiresByType font/woff "access plus 1 month"
  82. ExpiresByType application/font-woff2 "access plus 1 month"
  83. ExpiresByType font/woff2 "access plus 1 month"
  84. ExpiresByType text/x-cross-domain-policy "access plus 1 week"
  85. </IfModule>
  86.  
  87. # Gzip compression
  88. <IfModule mod_deflate.c>
  89. <IfModule mod_filter.c>
  90. AddOutputFilterByType DEFLATE "application/atom+xml" \
  91. "application/javascript" \
  92. "application/json" \
  93. "application/ld+json" \
  94. "application/manifest+json" \
  95. "application/rdf+xml" \
  96. "application/rss+xml" \
  97. "application/schema+json" \
  98. "application/vnd.geo+json" \
  99. "application/vnd.ms-fontobject" \
  100. "application/wasm" \
  101. "application/x-font-ttf" \
  102. "application/x-javascript" \
  103. "application/x-web-app-manifest+json" \
  104. "application/xhtml+xml" \
  105. "application/xml" \
  106. "font/collection" \
  107. "font/eot" \
  108. "font/opentype" \
  109. "font/otf" \
  110. "font/ttf" \
  111. "image/bmp" \
  112. "image/svg+xml" \
  113. "image/vnd.microsoft.icon" \
  114. "image/x-icon" \
  115. "text/cache-manifest" \
  116. "text/calendar" \
  117. "text/css" \
  118. "text/html" \
  119. "text/javascript" \
  120. "text/plain" \
  121. "text/markdown" \
  122. "text/vcard" \
  123. "text/vnd.rim.location.xloc" \
  124. "text/vtt" \
  125. "text/x-component" \
  126. "text/x-cross-domain-policy" \
  127. "text/xml"
  128. </IfModule>
  129. </IfModule>
  130.  
  131. # Fix for https://httpoxy.org vulnerability
  132. <IfModule mod_headers.c>
  133. RequestHeader unset Proxy
  134. </IfModule>