Untitled

# BEGIN Force HTTPSRewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]


RewriteCond %{HTTP_HOST} !=domain.eu
RewriteRule (.*) https://domain.eu/$1 [R=301,L]
# END Force HTTPS


# BEGIN HTTP Security Header
<ifModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set Strict-Transport-Security "max-age=15768000"
Header set Cache-Control "no-store, no-cache, must-revalidate"
Header set Content-Security-Policy "default-src https:"
Header set Connection "keep-alive"
</ifModule>
# END HTTP Security Header


# BEGIN Zugriffsschutz (verändert)
<Files wp-login.php>
  AuthName "Restricted Admin-Area"
  AuthType Basic
  AuthUserFile /lib/w/virtual/user/site/.passwd
  Require valid-user
</Files>
# END Zugriffsschutz


# WordPress SEO - XML Sitemap Rewrite Fix
RewriteEngine On
RewriteBase /
RewriteRule ^sitemap_index.xml$ /index.php?sitemap=1 [L]
RewriteRule ^locations.kml$ /index.php?sitemap=wpseo_local_kml [L]
RewriteRule ^geo_sitemap.xml$ /index.php?sitemap=geo [L]
RewriteRule ^([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 [L]
RewriteRule ^([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 [L]
# END WordPress SEO - XML Sitemap Rewrite Fix


# BEGIN SF Move Login (verändert)
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^login/?$ wp-login.php [QSA,L]
    RewriteRule ^post/?$ wp-login.php?action=postpass [QSA,L]
    RewriteRule ^logout/?$ wp-login.php?action=logout [QSA,L]
    RewriteRule ^lostpassword?$ wp-login.php?action=lostpassword [QSA,L]
    RewriteRule ^resetpass/?$ wp-login.php?action=resetpass [QSA,L]
    RewriteRule ^rregister /?$ wp-login.php?action=register [QSA,L]
</IfModule>
# END SF Move Login


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress


# BEGIN Zugriff auf Include-Dateien verhindern
<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteBase /
   RewriteRule ^wp-admin/includes/ - [F,L]
   RewriteRule !^wp-includes/ - [S=3]
   RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
   RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
   RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# END Zugriff auf Include-Dateien verhindern


# BEGIN Zugriff auf wp-config, Logdateien, .hta bzw. .htp und Liesmich verhindern
<FilesMatch "(\.htaccess|\.htpasswd|wp-config\.php|liesmich\.html|readme\.html)">
  order deny,allow
  deny from all
  satisfy all
</FilesMatch>
# END Zugriff auf wp-config, Logdateien, .hta bzw. .htp und Liesmich verhindern


# BEGIN Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
  Order allow,deny
</FilesMatch>
# END Protect files and directories from prying eyes.


# BEGIN Prevent folder browsing
 Options -Indexes
# END Prevent folder browsing


# BEGIN XML RPC deaktivieren
<Files xmlrpc.php>
  Order Deny,Allow
  Deny from all
</Files>
# END XML RPC deaktivieren


# DISABLE ETAGS
<filesMatch "\\.(ico|pdf|flv|jpe?g?|png|gif|js|css|swf|txt|mp3|avi|mpe?g?|wmv)$">
 FileETag none
</filesMatch>


# BEGIN BLOCK EVIL REQUESTS
<ifModule mod_rewrite.c>
 Options +SymLinksIfOwnerMatch
 RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
 RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
 RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
 RewriteRule .* blacklist.php [F,L]
</ifModule>
# END BLOCK EVIL REQUESTS


# BEGIN PHP Errors nicht anzeigen
# php_flag display_errors Off
# END PHP Errors nicht anzeigen


# BEGIN gzip Compression if availiable
<IfModule mod_gzip.c>
 mod_gzip_on       Yes
 mod_gzip_dechunk  Yes
 mod_gzip_item_include file      \.(html?|txt|css|js|php|pl)$
 mod_gzip_item_include handler   ^cgi-script$
 mod_gzip_item_include mime      ^text/.*
 mod_gzip_item_include mime      ^application/x-javascript.*
 mod_gzip_item_exclude mime      ^image/.*
 mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
# END gzip Compression if availiable


# BEGIN Deflate Compress text files
<ifModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript application/x-shockwave-flash
</ifModule>
# END Compress text files


# BEGIN Expire headers
<ifModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 60 seconds"
  ExpiresByType image/x-icon "access plus 1 month"
  ExpiresByType image/jpeg "access plus 1 month"
  ExpiresByType image/png "access plus 1 month"
  ExpiresByType image/gif "access plus 1 month"
  ExpiresByType application/x-shockwave-flash "access plus 1 month"
  ExpiresByType text/css "access plus 2 weeks"
  ExpiresByType text/javascript "access plus 1 week"
  ExpiresByType application/javascript "access plus 1 week"
  ExpiresByType application/x-javascript "access plus 1 week"
  ExpiresByType text/html "access plus 900 seconds"
  ExpiresByType application/xhtml+xml "access plus 900 seconds"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
  ExpiresByType application/x-font-ttf "access plus 1 month"
  ExpiresByType application/x-font-woff "access plus 1 month"
  ExpiresByType font/opentype "access plus 1 month"
  ExpiresByType image/svg+xml "access plus 1 day"
</ifModule>
# END Expire headers


# Keep alive
<ifModule mod_headers.c>
    Header set Connection keep-alive
</ifModule>


# BEGIN Cache-Control Headers
<ifModule mod_headers.c>
  <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
    Header set Cache-Control "public"
  </filesMatch>
  <filesMatch "\.(css)$">
    Header set Cache-Control "public"
  </filesMatch>
  <filesMatch "\.(js)$">
    Header set Cache-Control "private"
  </filesMatch>
  <filesMatch "\.(x?html?|php)$">
    Header set Cache-Control "private, must-revalidate"
  </filesMatch>
</ifModule>
# END Cache-Control Headers


# BEGIN Deaktivate ETags
Header unset ETag
FileETag None
# END Deaktivate ETags


# BEGIN No Hotlinking
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://domain.eu/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://domain.eu$      [NC]
RewriteCond %{HTTP_REFERER} !^https://domain.eu/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.domain.eu$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://sorry.nohotlinking [R,NC]
# END No Hotlinking


# BEGIN Better experience for IE users
<IfModule mod_headers.c>
    Header set X-UA-Compatible "IE=Edge,chrome=1"
    # mod_headers can't match by content-type, but we don't want to send this header on *everything*...
    <FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|xpi|safariextz|vcf)$" >
      Header unset X-UA-Compatible
    </FilesMatch>
</IfModule>
# END Better experience for IE users


# BEGIN Proper MIME type for all files
AddType application/javascript         js
AddType audio/ogg                      oga ogg
AddType audio/mp4                      m4a
AddType video/ogg                      ogv
AddType video/mp4                      mp4 m4v
AddType video/webm                     webm
AddType     image/svg+xml              svg svgz
AddEncoding gzip                       svgz
AddType application/vnd.ms-fontobject  eot
AddType application/x-font-ttf    ttf ttc
AddType font/opentype                  otf
AddType application/x-font-woff        woff
AddType image/x-icon                   ico
AddType image/webp                     webp
AddType text/cache-manifest            appcache manifest
AddType text/x-component               htc
AddType application/x-chrome-extension crx
AddType application/x-xpinstall        xpi
AddType application/octet-stream       safariextz
AddType text/x-vcard                   vcf
# END Proper MIME type for all files


# BEGIN Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8
AddCharset utf-8 .html .css .js .xml .json .rss .atom
# END Use UTF-8 encoding for anything served text/plain or text/html


<IfModule mod_rewrite.c>
# BEGIN Block access to "hidden" directories
  RewriteRule "(^|/)\." - [F]
# END Block access to "hidden" directories


# BEGIN Rules to prevent php execution in uploads
  RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
# END Rules to prevent php execution in uploads

# BEGIN Rules to block unneeded HTTP methods
  RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
  RewriteRule ^(.*)$ - [F]
# END Rules to block unneeded HTTP methods


# BEGIN Rules to block suspicious URIs
  RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
  RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
  RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
  RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
  RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
  RewriteCond %{QUERY_STRING} http\:  [NC,OR]
  RewriteCond %{QUERY_STRING} https\:  [NC,OR]
  RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
  RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
  RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
  RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
  RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
  RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
  RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
  RewriteCond %{QUERY_STRING} !^loggedout=true
  RewriteCond %{QUERY_STRING} !^action=jetpack-sso
  RewriteCond %{QUERY_STRING} !^action=rp
  RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
  RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
  RewriteRule ^(.*)$ - [F]
# BEGIN Rules to block suspicious URIs
</IfModule>


# BEGIN Block Semalt related referrer spam
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*youtubedownload\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*softomix\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*zazagames\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*youtubedownload\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*vapmedia\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*soundfrost\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*joingames\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*videofrost\.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*softomix\.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*feedouble\.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*backgroundpictures\.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*joinandplay\.me/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*videofrost\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*srecorder\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*softomix\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*openmediasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*openfrost\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*myprintscreen\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*musicprojectfoundation\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*feedouble\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*fbfreegifts\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*extener\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*embedle\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*semalt\.com/ [NC]
RewriteCond %{HTTP_REFERER} 7makemoneyonline\.com [NC,OR]
RewriteRule ^(.*)$ – [F,L]
# END Block Semalt related referrer spam


# BEGIN Badbots blockieren [Letzte Aktualisierung: 12.02.2015]
RewriteCond %{HTTP_USER_AGENT} ^$                                                                [OR]
RewriteCond %{HTTP_USER_AGENT} updown_tester                                                     [OR]
RewriteCond %{HTTP_USER_AGENT} (spbot|OpenLinkProfiler)                                          [OR]
RewriteCond %{HTTP_USER_AGENT} (Squider|Squider/0.01)$                                           [OR]
RewriteCond %{HTTP_USER_AGENT} (memorybot|memoryBot)                                             [OR]
RewriteCond %{HTTP_USER_AGENT} ^magpie-crawler/[0-9]                                             [OR]
RewriteCond %{HTTP_USER_AGENT} SiteExplorer/[0-9]                                                [OR]
RewriteCond %{HTTP_USER_AGENT} Spiderlytics/[0-9]                                                [OR]
RewriteCond %{HTTP_USER_AGENT} ProCogSEOBot/[0-9]                                                [OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9]                                                [OR]
RewriteCond %{HTTP_USER_AGENT} TurnitinBot/[0-9]                                                 [OR]
RewriteCond %{HTTP_USER_AGENT} meanpathbot/[0-9]                                                 [OR]
RewriteCond %{HTTP_USER_AGENT} SemrushBot/[0-9]                                                  [OR]
RewriteCond %{HTTP_USER_AGENT} Infohelfer/[0-9]                                                  [OR]
RewriteCond %{HTTP_USER_AGENT} CompSpyBot/[0-9]                                                  [OR]
RewriteCond %{HTTP_USER_AGENT} AhrefsBot/[0-9]                                                   [OR]
RewriteCond %{HTTP_USER_AGENT} CareerBot/[0-9]                                                   [OR]
RewriteCond %{HTTP_USER_AGENT} Moreover/[0-9]                                                    [OR]
RewriteCond %{HTTP_USER_AGENT} BLEXBot/[0-9]                                                     [OR]
RewriteCond %{HTTP_USER_AGENT} Ezooms/[0-9]                                                      [OR]
RewriteCond %{HTTP_USER_AGENT} Abonti/[0-9]                                                      [OR]
RewriteCond %{HTTP_USER_AGENT} DCPbot/[0-9]                                                      [OR]
RewriteCond %{HTTP_USER_AGENT} ^Java/[0-9]                                                       [OR]
RewriteCond %{HTTP_USER_AGENT} oBot/[0-9]                                                        [OR]
RewriteCond %{HTTP_USER_AGENT} ^BOT/[0-9]                                                        [OR]
RewriteCond %{HTTP_USER_AGENT} SearchmetricsBot                                                  [OR]
RewriteCond %{HTTP_USER_AGENT} OpenindexSpider                                                   [OR]
RewriteCond %{HTTP_USER_AGENT} BacklinkCrawler                                                   [OR]
RewriteCond %{HTTP_USER_AGENT} ^ssearch_bot                                                      [OR]
RewriteCond %{HTTP_USER_AGENT} UnisterBot                                                        [OR]
RewriteCond %{HTTP_USER_AGENT} 360Spider$                                                        [OR]
RewriteCond %{HTTP_USER_AGENT} HubSpot\sWebcrawler$                                              [OR]
RewriteCond %{HTTP_USER_AGENT} SISTRIX
RewriteRule ^ - [F,L]
# END Badbots blockieren