src/bardius/pao-academy-london/master/public_html/.htaccess - Htaccess File

src/bardius/pao-academy-london/master/public_html/.htaccess

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    #### Redirect non www to www ####
    RewriteCond %{HTTP_HOST} ^paobasketball.co.uk [NC]
    RewriteRule ^(.*)$ http://www.paobasketball.co.uk/$1 [L,R=301]

    # RewriteCond %{HTTP_HOST} ^paobasketball.com$ [OR]
    # RewriteCond %{HTTP_HOST} ^www.paobasketball.com$
    # RewriteRule (.*)$ http://www.paobasketball.co.uk/$1 [R=301,L]

    # Remove trailing slash
    RewriteRule ^(.*)/$ $1 [R=301,L]

    #### Prevent hotlinking ####
    # RewriteCond %{HTTP_REFERER} !^$
    # RewriteCond %{HTTP_REFERER} !^http://(www.)?paobasketball.co.uk/.*$ [NC]
    # RewriteRule .(gif|jpg|swf|flv|png)$ / [R=302,L]

    #### Force https for certain pages ####
    # RewriteCond %{REQUEST_METHOD} !^POST$
    # RewriteCond %{HTTPS} !=on
    # RewriteCond %{HTTP_HOST} paobasketball.co.uk [NC]
    # RewriteCond %{REQUEST_URI} map
    # RewriteRule ^(.*)$ https://www.paobasketball.co.uk/$1 [L,R=301]

    ErrorDocument 400 /400.html
    ErrorDocument 401 /401.html
    ErrorDocument 403 /403.html
    ErrorDocument 404 /404.html
    ErrorDocument 500 /500.html

    #### Security restrictions ####
    # proc/self/environ? no way!
    RewriteCond %{QUERY_STRING} proc/self/environ [OR]
    # Block out any script trying to set a mosConfig value through the URL
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
    # Block out any script trying to base64_encode crap to send via URL
    RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
    # Block out any script that includes a <script> tag in URL
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
    # Block out any script trying to set a PHP GLOBALS variable via URL
    RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
    # Block out any script trying to modify a _REQUEST variable via URL
    RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
    # Send all blocked request to homepage with 403 Forbidden error!
    RewriteRule ^(.*)$ /403.html [QSA,L]

</IfModule>

#### Disable server signature
ServerSignature Off

#### disable directory browsing
#Options All -Indexes

#### Set the timezone
# SetEnv TZ Europe/London

# Set `UTF-8` as the character encoding for all resources served with
# the media type of `text/html` or `text/plain`.
AddDefaultCharset utf-8

#### Sample Redirects
#### Redirect 301 http://www.domain.com/home http://www.domain.com/

#### Always download attachments
AddType application/octet-stream .pdf
AddType application/octet-stream .zip

#### Always treat those extensions as file types
AddType application/xml xml
AddType text/xsl xsl

# Allow the user to see the pdf in the browser
# <Files *.pdf>
#     ForceType application/pdf
#     Header set Content-Disposition inline
# </Files>

# ----------------------------------------------------------------------------------
# | Caching and performance                                                    |
# ----------------------------------------------------------------------------------

#### Gzip Files ####
<ifModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
  AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
  AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
  AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
  AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
  AddOutputFilterByType DEFLATE font/truetype font/opentype
  AddOutputFilterByType DEFLATE image/x-icon
</ifModule>

#### Cache-Control Headers ####
<ifModule mod_headers.c>
    #### HTTP ETag header ####
    FileETag None
    Header unset ETag

  <filesMatch ".(ico|jpe?g|png|gif|swf)$">
    Header set Cache-Control "public"
    Header set Connection keep-alive
  </filesMatch>
  <filesMatch ".(css)$">
    Header set Cache-Control "public"
    Header set Connection keep-alive
  </filesMatch>
  <filesMatch ".(js)$">
    Header set Cache-Control "public"
    Header set Connection keep-alive
  </filesMatch>
  <filesMatch ".(x?html?|php)$">
    Header set Cache-Control "public, must-revalidate"
    Header set Connection keep-alive
  </filesMatch>
</ifModule>

#### Expire Headers ####
<IfModule mod_expires.c>
    ExpiresActive on
    ExpiresDefault                                      "access plus 1 month"

  # CSS
    ExpiresByType text/css                              "access plus 1 year"

  # Data interchange
    ExpiresByType application/atom+xml                  "access plus 1 hour"
    ExpiresByType application/rdf+xml                   "access plus 1 hour"
    ExpiresByType application/rss+xml                   "access plus 1 hour"

    ExpiresByType application/json                      "access plus 0 seconds"
    ExpiresByType application/ld+json                   "access plus 0 seconds"
    ExpiresByType application/schema+json               "access plus 0 seconds"
    ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
    ExpiresByType application/xml                       "access plus 0 seconds"
    ExpiresByType text/xml                              "access plus 0 seconds"

  # Favicon (cannot be renamed!) and cursor images
    ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
    ExpiresByType image/x-icon                          "access plus 1 week"

  # HTML
    ExpiresByType text/html                             "access plus 0 seconds"

  # JavaScript
    ExpiresByType application/javascript                "access plus 1 year"
    ExpiresByType application/x-javascript              "access plus 1 year"
    ExpiresByType text/javascript                       "access plus 1 year"

  # Manifest files
    ExpiresByType application/manifest+json             "access plus 1 year"

    ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
    ExpiresByType text/cache-manifest                   "access plus 0 seconds"

  # Media files
    ExpiresByType audio/ogg                             "access plus 1 month"
    ExpiresByType image/bmp                             "access plus 1 month"
    ExpiresByType image/gif                             "access plus 1 month"
    ExpiresByType image/jpeg                            "access plus 1 month"
    ExpiresByType image/png                             "access plus 1 month"
    ExpiresByType image/svg+xml                         "access plus 1 month"
    ExpiresByType image/webp                            "access plus 1 month"
    ExpiresByType video/mp4                             "access plus 1 month"
    ExpiresByType video/ogg                             "access plus 1 month"
    ExpiresByType video/webm                            "access plus 1 month"

  # Web fonts

    # Embedded OpenType (EOT)
    ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
    ExpiresByType font/eot                              "access plus 1 month"

    # OpenType
    ExpiresByType font/opentype                         "access plus 1 month"

    # TrueType
    ExpiresByType application/x-font-ttf                "access plus 1 month"

    # Web Open Font Format (WOFF) 1.0
    ExpiresByType application/font-woff                 "access plus 1 month"
    ExpiresByType application/x-font-woff               "access plus 1 month"
    ExpiresByType font/woff                             "access plus 1 month"

    # Web Open Font Format (WOFF) 2.0
    ExpiresByType application/font-woff2                "access plus 1 month"

  # Other
    ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
</IfModule>

# ------------------------------------------------------------------------------
# | Filename-based cache busting                                               |
# ------------------------------------------------------------------------------

# If you're not using a build process to manage your filename version revving,
# you might want to consider enabling the following directives to route all
# requests such as `/css/style.12345.css` to `/css/style.css`.

# To understand why this is important and a better idea than `*.css?v231`, read:
# http://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/

# <IfModule mod_rewrite.c>
#     RewriteCond %{REQUEST_FILENAME} !-f
#     RewriteRule ^(.+).(d+).(css|cur|gif|ico|jpe?g|js|png|svgz?|webp)$ $1.$3 [L]
# </IfModule>

# ----------------------------------------------------------------------------------
# | Security and Extra Headers                                                     |
# ----------------------------------------------------------------------------------

<ifModule mod_headers.c>

    # Set HTTPOnly Secure cookies
    Header always edit Set-Cookie (.*) "$1; HTTPOnly"
    Header always edit Set-Cookie (.*) "$1; Secure"

    #### IE
    Header set X-UA-Compatible "IE=Edge,chrome=1"
    <FilesMatch ".(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svg|svgz|ttf|vcf|webm|webp|woff|xml|xpi)$">
        Header unset X-UA-Compatible
    </FilesMatch>

    #### P3P Header of IE issues with 3rd party coockies
    Header set P3P "policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT""

    #### Security Hardening
    # Vivid Matter - Bulletproof Header Security
    # Don't allow pages to be framed externally - Defends against CSRF
    # `SAMEORIGIN` & `ALLOW-FROM`
    Header set X-FRAME-OPTIONS "SAMEORIGIN"
    <FilesMatch ".(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcf|vtt|webapp|web[mp]|woff2?|xml|xpi)$">
        Header unset X-Frame-Options
    </FilesMatch>

    # Tell the browser to attempt the HTTPS version first
    #Header add Strict-Transport-Security "max-age=157680000"

    # Turn on IE8-IE9 XSS prevention tools
    #<IfModule mod_headers.c>
    #    Header set X-XSS-Protection "1; mode=block"
    #
    #    <FilesMatch ".(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcf|vtt|webapp|web[mp]|woff2?|xml|xpi)$">
    #        Header unset X-XSS-Protection
    #    </FilesMatch>
    #</IfModule>

    # Only allow JavaScript from the same domain to be run.
    # Don't allow inline JavaScript to run.
    #Header set X-Content-Security-Policy "allow 'self';"

    # Prevent mime based attacks
    Header set X-Content-Type-Options "nosniff"

    Header unset link
    Header unset Server
    Header unset X-Pingback

    # Disable server signature
    Header set ServerSignature "Off"
    Header set ServerTokens "Prod"

    # Control Cross-Domain Policies
    #Header set X-Permitted-Cross-Domain-Policies "master-only"

    #### Set the content language header
    Header set Content-Language en

    #### Set the Creator
    Header set Created-By "George Bardis - george@bardis.info"
</ifModule>

#### IE
<FilesMatch ".(htm|html|php)$">
    <IfModule mod_headers.c>
        BrowserMatch MSIE ie
        Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
    </IfModule>
</FilesMatch>

# ------------------------------------------------------------------------------
# | Content transformation                                                     |
# ------------------------------------------------------------------------------

# Prevent mobile network providers from modifying the website's content.
# http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.5.

# <IfModule mod_headers.c>
#     Header merge Cache-Control "no-transform"
# </IfModule>

# ------------------------------------------------------------------------------
# | Cross-domain requests                                                      |
# ------------------------------------------------------------------------------

# Allow cross-origin requests.

# http://enable-cors.org/
# http://www.w3.org/TR/cors/
# https://code.google.com/p/html5security/wiki/CrossOriginRequestSecurity

# <IfModule mod_headers.c>
#     Header set Access-Control-Allow-Origin "*"
# </IfModule>

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# By default allow cross-origin access to web fonts.
<IfModule mod_headers.c>
    <FilesMatch ".(eot|otf|tt[cf]|woff2?)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</IfModule>

# Send the CORS header for images when browsers request it.
<IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
        <FilesMatch ".(cur|gif|ico|jpe?g|png|svgz?|webp)$">
            SetEnvIf Origin ":" IS_CORS
            Header set Access-Control-Allow-Origin "*" env=IS_CORS
        </FilesMatch>
    </IfModule>
</IfModule>

# ----------------------------------------------------------------------------------
# | Spam bots blocking                                                    |
# ----------------------------------------------------------------------------------

<IfModule mod_rewrite.c>
    RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Bot mailto:craftbot@yahoo.com [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Download Demon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Express WebPictures [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
    RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
    RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image Stripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} Indy Library [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Internet Ninja [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JOC Web Spider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
    RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mass Downloader [OR]
    RewriteCond %{HTTP_USER_AGENT} ^MIDown tool [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mister PiX [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Net Vampire [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline Explorer [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline Navigator [OR]
    RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Papa Foto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
    RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Teleport Pro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web Image Collector [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebGo IS [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website eXtractor [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website Quester [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Xaldon WebSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Toata dragostea mea pentru diavola [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mozilla/5.0 SF [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Zeus
    RewriteRule ^.* - [F,L]
</IfModule>

#### scanner bots as well as malacious input blocker
<IfModule mod_rewrite.c>
    RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (havij|Netsparker|libwww-perl|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|)|(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{HTTP:Acunetix-Product} ^WVS
    RewriteCond %{REQUEST_URI} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{REQUEST_URI} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{REQUEST_URI} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{REQUEST_URI} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{REQUEST_URI} base64_(en|de)code[^(]*([^)]*) [NC,OR]
    RewriteCond %{REQUEST_URI} (%0A|%0D|\r|\n) [NC,OR]
    RewriteCond %{REQUEST_URI} union([^a]*a)+ll([^s]*s)+elect [NC]
    RewriteRule ^(.*)$ http://127.0.0.1 [R=301,L]
</IfModule>

On Github License

Files

Download PDF of Htaccess file
DEFLATE, GET, HTTP_HOST, HTTP_REFERER, HTTP_USER_AGENT, HTTPS, ORIGIN, POST, QUERY_STRING, REQUEST_FILENAME, REQUEST_METHOD, REQUEST_URI, TZ

Comments

Apache