|
|
@@ -22,23 +22,88 @@ RewriteRule . /wp/index.php [L]
|
|
|
RewriteRule ^(wp-includes/.*)$ /wp/$1 [L]
|
|
|
</IfModule>
|
|
|
|
|
|
+# Block xmlrpc.php
|
|
|
+<Files xmlrpc.php>
|
|
|
+order allow,deny
|
|
|
+deny from all
|
|
|
+</Files>
|
|
|
+
|
|
|
+<IfModule mod_rewrite.c>
|
|
|
+ RewriteCond %{SCRIPT_FILENAME} -d [OR]
|
|
|
+ RewriteCond %{SCRIPT_FILENAME} -f
|
|
|
+ RewriteRule "(^|/)\." - [F]
|
|
|
+</IfModule>
|
|
|
+
|
|
|
#### Force SSL ####
|
|
|
#RewriteEngine On
|
|
|
#RewriteCond %{HTTPS} !=on
|
|
|
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
|
|
#</IfModule>
|
|
|
|
|
|
+<IfModule mod_autoindex.c>
|
|
|
+ Options -Indexes
|
|
|
+</IfModule>
|
|
|
+
|
|
|
<IfModule mod_headers.c>
|
|
|
- <FilesMatch "\.(eot|otf|tt[cf]|woff)$">
|
|
|
- Header set Access-Control-Allow-Origin "*"
|
|
|
- </FilesMatch>
|
|
|
+ Header set X-Content-Type-Options "nosniff"
|
|
|
</IfModule>
|
|
|
|
|
|
<IfModule mod_headers.c>
|
|
|
- Header set X-UA-Compatible "IE=edge"
|
|
|
- <FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
|
|
|
- Header unset X-UA-Compatible
|
|
|
+ Header set X-XSS-Protection "1; mode=block"
|
|
|
+ <FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
|
|
|
+ Header unset X-XSS-Protection
|
|
|
+ </FilesMatch>
|
|
|
+</IfModule>
|
|
|
+
|
|
|
+<IfModule mod_headers.c>
|
|
|
+ Header unset ETag
|
|
|
+</IfModule>
|
|
|
+FileETag None
|
|
|
+
|
|
|
+<IfModule mod_headers.c>
|
|
|
+ <FilesMatch "\.(eot|otf|tt[cf]|woff)$">
|
|
|
+ Header set Access-Control-Allow-Origin "*"
|
|
|
+ </FilesMatch>
|
|
|
+</IfModule>
|
|
|
+
|
|
|
+<IfModule mod_headers.c>
|
|
|
+ Header set X-Frame-Options "DENY"
|
|
|
+ <FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
|
|
|
+ Header unset X-Frame-Options
|
|
|
+ </FilesMatch>
|
|
|
+</IfModule>
|
|
|
+
|
|
|
+<IfModule mod_setenvif.c>
|
|
|
+ <IfModule mod_headers.c>
|
|
|
+ <FilesMatch "\.(cur|gif|ico|jpe?g|png|svgz?|webp)$">
|
|
|
+ SetEnvIf Origin ":" IS_CORS
|
|
|
+ Header set Access-Control-Allow-Origin "*" env=IS_CORS
|
|
|
</FilesMatch>
|
|
|
+ </IfModule>
|
|
|
+</IfModule>
|
|
|
+
|
|
|
+<FilesMatch "(^#.*#|\.(bak|config|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$">
|
|
|
+ <IfModule !mod_authz_core.c>
|
|
|
+ Order allow,deny
|
|
|
+ Deny from all
|
|
|
+ Satisfy All
|
|
|
+ </IfModule>
|
|
|
+ <IfModule mod_authz_core.c>
|
|
|
+ Require all denied
|
|
|
+ </IfModule>
|
|
|
+</FilesMatch>
|
|
|
+
|
|
|
+<IfModule mod_headers.c>
|
|
|
+ <FilesMatch "\.(js|css|xml|gz)$">
|
|
|
+ Header append Vary: Accept-Encoding
|
|
|
+ </FilesMatch>
|
|
|
+</IfModule>
|
|
|
+
|
|
|
+<IfModule mod_headers.c>
|
|
|
+ Header set X-UA-Compatible "IE=edge"
|
|
|
+ <FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
|
|
|
+ Header unset X-UA-Compatible
|
|
|
+ </FilesMatch>
|
|
|
</IfModule>
|
|
|
Header set Cache-Control "max-age=7200, must-revalidate"
|
|
|
|
|
|
@@ -72,117 +137,66 @@ Header set Cache-Control "max-age=7200, must-revalidate"
|
|
|
</IfModule>
|
|
|
|
|
|
<IfModule mod_expires.c>
|
|
|
- ExpiresActive on
|
|
|
- ExpiresDefault "access plus 1 month"
|
|
|
- ExpiresByType text/html "access plus 0 seconds"
|
|
|
- ExpiresByType text/css "access plus 1 year"
|
|
|
- ExpiresByType image/jpeg "access plus 1 year"
|
|
|
- ExpiresByType image/png "access plus 1 year"
|
|
|
- ExpiresByType application/javascript "access plus 1 year"
|
|
|
- ExpiresByType text/javascript "access plus 1 year"
|
|
|
- ExpiresByType text/javascript A2592000
|
|
|
-
|
|
|
- ExpiresByType image/x-icon "access plus 1 week"
|
|
|
- ExpiresByType text/x-component "access plus 1 month"
|
|
|
- ExpiresByType audio/ogg "access plus 1 month"
|
|
|
- ExpiresByType image/gif "access plus 1 month"
|
|
|
- ExpiresByType video/mp4 "access plus 1 month"
|
|
|
- ExpiresByType video/ogg "access plus 1 month"
|
|
|
- ExpiresByType video/webm "access plus 1 month"
|
|
|
- ExpiresByType application/font-woff "access plus 1 month"
|
|
|
- ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
|
|
|
- ExpiresByType application/x-font-ttf "access plus 1 month"
|
|
|
- ExpiresByType font/opentype "access plus 1 month"
|
|
|
- ExpiresByType image/svg+xml "access plus 1 month"
|
|
|
-
|
|
|
- ExpiresByType text/xml "access plus 0 seconds"
|
|
|
- ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
|
|
|
- ExpiresByType text/cache-manifest "access plus 0 seconds"
|
|
|
- ExpiresByType application/json "access plus 0 seconds"
|
|
|
- ExpiresByType application/ld+json "access plus 0 seconds"
|
|
|
- ExpiresByType application/xml "access plus 0 seconds"
|
|
|
- ExpiresByType application/atom+xml "access plus 1 hour"
|
|
|
- ExpiresByType application/rss+xml "access plus 1 hour"
|
|
|
+ExpiresActive on
|
|
|
+ExpiresDefault "access plus 1 month"
|
|
|
+ExpiresByType text/html "access plus 0 seconds"
|
|
|
+ExpiresByType text/css "access plus 1 year"
|
|
|
+ExpiresByType image/jpeg "access plus 1 year"
|
|
|
+ExpiresByType image/png "access plus 1 year"
|
|
|
+ExpiresByType application/javascript "access plus 1 year"
|
|
|
+ExpiresByType text/javascript "access plus 1 year"
|
|
|
+ExpiresByType text/javascript A2592000
|
|
|
+
|
|
|
+ExpiresByType image/x-icon "access plus 1 week"
|
|
|
+ExpiresByType text/x-component "access plus 1 month"
|
|
|
+ExpiresByType audio/ogg "access plus 1 month"
|
|
|
+ExpiresByType image/gif "access plus 1 month"
|
|
|
+ExpiresByType video/mp4 "access plus 1 month"
|
|
|
+ExpiresByType video/ogg "access plus 1 month"
|
|
|
+ExpiresByType video/webm "access plus 1 month"
|
|
|
+ExpiresByType application/font-woff "access plus 1 month"
|
|
|
+ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
|
|
|
+ExpiresByType application/x-font-ttf "access plus 1 month"
|
|
|
+ExpiresByType font/opentype "access plus 1 month"
|
|
|
+ExpiresByType image/svg+xml "access plus 1 month"
|
|
|
+
|
|
|
+ExpiresByType text/xml "access plus 0 seconds"
|
|
|
+ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
|
|
|
+ExpiresByType text/cache-manifest "access plus 0 seconds"
|
|
|
+ExpiresByType application/json "access plus 0 seconds"
|
|
|
+ExpiresByType application/ld+json "access plus 0 seconds"
|
|
|
+ExpiresByType application/xml "access plus 0 seconds"
|
|
|
+ExpiresByType application/atom+xml "access plus 1 hour"
|
|
|
+ExpiresByType application/rss+xml "access plus 1 hour"
|
|
|
</IfModule>
|
|
|
|
|
|
<IfModule mod_deflate.c>
|
|
|
- <IfModule mod_setenvif.c>
|
|
|
- <IfModule mod_headers.c>
|
|
|
- SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
|
|
- RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
|
|
- </IfModule>
|
|
|
- </IfModule>
|
|
|
- <IfModule mod_filter.c>
|
|
|
- AddOutputFilterByType DEFLATE application/atom+xml \
|
|
|
- application/javascript \
|
|
|
- application/json \
|
|
|
- application/ld+json \
|
|
|
- application/rss+xml \
|
|
|
- application/vnd.ms-fontobject \
|
|
|
- application/x-font-ttf \
|
|
|
- application/x-web-app-manifest+json \
|
|
|
- application/xhtml+xml \
|
|
|
- application/xml \
|
|
|
- font/opentype \
|
|
|
- image/svg+xml \
|
|
|
- image/x-icon \
|
|
|
- text/css \
|
|
|
- text/html \
|
|
|
- text/plain \
|
|
|
- text/x-component \
|
|
|
- text/xml
|
|
|
- </IfModule>
|
|
|
-</IfModule>
|
|
|
-
|
|
|
-<IfModule mod_headers.c>
|
|
|
- Header unset ETag
|
|
|
-</IfModule>
|
|
|
-FileETag None
|
|
|
-
|
|
|
-<IfModule mod_setenvif.c>
|
|
|
+ <IfModule mod_setenvif.c>
|
|
|
<IfModule mod_headers.c>
|
|
|
- <FilesMatch "\.(cur|gif|ico|jpe?g|png|svgz?|webp)$">
|
|
|
- SetEnvIf Origin ":" IS_CORS
|
|
|
- Header set Access-Control-Allow-Origin "*" env=IS_CORS
|
|
|
- </FilesMatch>
|
|
|
+ SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
|
|
+ RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
|
|
</IfModule>
|
|
|
+ </IfModule>
|
|
|
+ <IfModule mod_filter.c>
|
|
|
+ AddOutputFilterByType DEFLATE application/atom+xml \
|
|
|
+ application/javascript \
|
|
|
+ application/json \
|
|
|
+ application/ld+json \
|
|
|
+ application/rss+xml \
|
|
|
+ application/vnd.ms-fontobject \
|
|
|
+ application/x-font-ttf \
|
|
|
+ application/x-web-app-manifest+json \
|
|
|
+ application/xhtml+xml \
|
|
|
+ application/xml \
|
|
|
+ font/opentype \
|
|
|
+ image/svg+xml \
|
|
|
+ image/x-icon \
|
|
|
+ text/css \
|
|
|
+ text/html \
|
|
|
+ text/plain \
|
|
|
+ text/x-component \
|
|
|
+ text/xml
|
|
|
+ </IfModule>
|
|
|
</IfModule>
|
|
|
|
|
|
-<IfModule mod_headers.c>
|
|
|
- Header set X-Frame-Options "DENY"
|
|
|
- <FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
|
|
|
- Header unset X-Frame-Options
|
|
|
- </FilesMatch>
|
|
|
-</IfModule>
|
|
|
-
|
|
|
-<IfModule mod_autoindex.c>
|
|
|
- Options -Indexes
|
|
|
-</IfModule>
|
|
|
|
|
|
-<IfModule mod_rewrite.c>
|
|
|
- RewriteCond %{SCRIPT_FILENAME} -d [OR]
|
|
|
- RewriteCond %{SCRIPT_FILENAME} -f
|
|
|
- RewriteRule "(^|/)\." - [F]
|
|
|
-</IfModule>
|
|
|
-
|
|
|
-<FilesMatch "(^#.*#|\.(bak|config|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$">
|
|
|
- <IfModule !mod_authz_core.c>
|
|
|
- Order allow,deny
|
|
|
- Deny from all
|
|
|
- Satisfy All
|
|
|
- </IfModule>
|
|
|
- <IfModule mod_authz_core.c>
|
|
|
- Require all denied
|
|
|
- </IfModule>
|
|
|
-</FilesMatch>
|
|
|
-
|
|
|
-<IfModule mod_headers.c>
|
|
|
- Header set X-Content-Type-Options "nosniff"
|
|
|
-</IfModule>
|
|
|
-
|
|
|
-<IfModule mod_headers.c>
|
|
|
- Header set X-XSS-Protection "1; mode=block"
|
|
|
- <FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
|
|
|
- Header unset X-XSS-Protection
|
|
|
- </FilesMatch>
|
|
|
-</IfModule>
|
