# Don't show directory listings for URLs which map to a directory.
Options -Indexes -MultiViews
# Follow symbolic links in this directory.
Options +FollowSymLinks
AddDefaultCharset UTF-8
<IfModule mod_php5.c>
php_flag register_globals Off
php_flag magic_quotes_gpc Off
php_flag magic_quotes_runtime Off
php_flag magic_quotes_sybase Off
php_value session.auto_start 0
php_value output_buffering 0
php_value session.use_trans_sid 0
php_value memory_limit 128M
php_value max_execution_time 18000
php_flag suhosin.session.cryptua off
php_flag zend.ze1_compatibility_mode Off
php_value short_open_tag On
php_value mbstring.func_overload 0
php_value default_charset UTF-8
</IfModule>
<IfModule mod_security.c>
# disable POST processing to not break multiple image upload
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
<IfModule mod_ssl.c>
## make HTTPS env vars available for CGI mode
SSLOptions StdEnvVars
</IfModule>
<IfModule mod_expires.c>
# Add default Expires header
ExpiresDefault "access plus 1 year"
</IfModule>
<IfModule mod_headers.c>
<FilesMatch ".(ico|pdf|flv)$">
Header set Cache-Control "max-age=29030400, public"
</FilesMatch>
<FilesMatch ".(jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
<FilesMatch ".(xml|txt|css|js)$">
Header set Cache-Control "max-age=172800, proxy-revalidate"
</FilesMatch>
<FilesMatch ".(html|htm|php)$">
Header set Cache-Control "max-age=60, private, proxy-revalidate"
</FilesMatch>
</IfModule>
<IfModule mod_rewrite.c>
### Query string exploits
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} ../ [NC,OR]
RewriteCond %{QUERY_STRING} boot.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag= [NC,OR]
RewriteCond %{QUERY_STRING} ftp: [NC,OR]
RewriteCond %{QUERY_STRING} http: [NC,OR]
RewriteCond %{QUERY_STRING} https: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*([|]|(|)|<|>|'|"|;|?|*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_URI} !^/(static|js)/
RewriteRule ^(core|application|test|var) - [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php [L]
</IfModule>