56 lines
1.7 KiB
ApacheConf
56 lines
1.7 KiB
ApacheConf
# Enable Rewrite Engine
|
|
RewriteEngine On
|
|
RewriteBase /
|
|
|
|
# Force HTTPS
|
|
RewriteCond %{HTTPS} off
|
|
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
|
|
|
# Protect sensitive files
|
|
<FilesMatch "^\.env|composer\.json|composer\.lock|package\.json|package-lock\.json|README\.md|\.gitignore">
|
|
Order allow,deny
|
|
Deny from all
|
|
</FilesMatch>
|
|
|
|
# Protect directories
|
|
<DirectoryMatch "^/.*/(?:logs|backups|cache)/|^/.git/|/.github/|/vendor/|/node_modules/">
|
|
Order allow,deny
|
|
Deny from all
|
|
</DirectoryMatch>
|
|
|
|
# Security headers
|
|
Header set X-Content-Type-Options "nosniff"
|
|
Header set X-Frame-Options "SAMEORIGIN"
|
|
Header set X-XSS-Protection "1; mode=block"
|
|
Header set Referrer-Policy "strict-origin-when-cross-origin"
|
|
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; connect-src 'self'"
|
|
|
|
# Cache control
|
|
<FilesMatch "\.(css|js|jpg|jpeg|png|gif|ico|webp)$">
|
|
Header set Cache-Control "max-age=31536000, public"
|
|
</FilesMatch>
|
|
|
|
# PHP settings
|
|
php_flag display_errors off
|
|
php_value upload_max_filesize 5M
|
|
php_value post_max_size 6M
|
|
php_value max_execution_time 30
|
|
php_value max_input_time 60
|
|
php_value memory_limit 128M
|
|
php_value error_reporting E_ALL
|
|
php_value error_log logs/php_errors.log
|
|
|
|
# Directory protection
|
|
Options -Indexes
|
|
ServerSignature Off
|
|
|
|
# Custom error pages
|
|
ErrorDocument 404 /404.html
|
|
ErrorDocument 403 /403.html
|
|
ErrorDocument 500 /500.html
|
|
|
|
# URL Rewriting Rules
|
|
RewriteRule ^product/([0-9]+)/?$ product.php?id=$1 [NC,L]
|
|
RewriteRule ^category/([^/]+)/?$ category.php?slug=$1 [NC,L]
|
|
RewriteRule ^blog/([^/]+)/?$ blog.php?slug=$1 [NC,L]
|