-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.htaccess
130 lines (118 loc) · 4.92 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# /**
# * Apache Web Server Configuration - www.websec.michael-cunningham.ca
# *
# * @type - Global
# * @author - Michael Cunningham
# * @date - February 10th 2014
# * @version - 1.0
# *
# */
# --------------- <OPTIONS>
Options +FollowSymlinks
Options All -Indexes
FileETag none
# --------------- </OPTIONS>
# --------------- <URL REWRITE>
RewriteEngine On
# --- Global :: Force all users to use the non-www. equivalent of the site
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1%{REQUEST_URI} [R=301,QSA,NC]
# --- Exclude directories in the rewriting process
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^cross-site-scripting$ /xss.php [L,NC]
RewriteRule ^cross-site-scripting/example$ /xss_example.php [L,NC]
RewriteRule ^sql-injection$ /sqlinjection.php [L,NC]
RewriteRule ^sql-injection/example$ /sqlinjection_example.php [L,NC]
RewriteRule ^full-path-disclosure$ /fpd.php [L,NC]
RewriteRule ^full-path-disclosure/example$ /fpd_example.php [L,NC]
RewriteRule ^arbitrary-code-execution$ /ace.php [L,NC]
RewriteRule ^arbitrary-code-execution/example /ace_example.php [L,NC]
RewriteRule ^denial-of-service$ /dos.php [L,NC]
RewriteRule ^cross-site-request-forgery$ /csrf.php [L,NC]
RewriteRule ^data-breach$ /data_breach.php [L,NC]
RewriteRule ^malware-distribution$ /malware.php [L,NC]
RewriteRule ^local-file-inclusion$ /lfi.php [L,NC]
RewriteRule ^local-file-inclusion/example$ /lfi_example.php [L,NC]
RewriteRule ^remote-file-inclusion$ /rfi.php [L,NC]
RewriteRule ^remote-file-inclusion/example$ /rfi_example.php [L,NC]
RewriteRule ^memory-corruption$ /mc.php [L,NC]
RewriteRule ^memory-corruption/example$ /mc_example.php [L,NC]
RewriteRule ^buffer-overflow$ /bufferoverflow.php [L,NC]
RewriteRule ^buffer-overflow/example$ /bufferoverflow_example.php [L,NC]
# --- Global :: Get rid of the trailing slash...
RewriteRule ^(.+)/$ /$1 [L,R=301]
# --------------- </URL REWRITE>
# --------------- <SECURITY>
<filesMatch "\.(htaccess)$">
Order Allow,Deny
Deny from all
</filesMatch>
<IfModule mod_headers.c>
Header set X-Frame-Options DENY
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
</IfModule>
# --------------- </SECURITY>
# --------------- <PERFORMANCE AND COMPRESSION>
<IfModule mod_deflate.c>
# --- Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/font-woff
AddOutputFilterByType DEFLATE application/x-font-woff
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
# --- Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
</IfModule>
# --------------- </PERFORMANCE AND COMPRESSION>
# --------------- <CACHING>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 7 days"
</IfModule>
# --------------- </CACHING>
# --------------- <COMPATBILITY>
AddDefaultCharset UTF-8
AddType application/font-woff .woff
AddType application/x-font-woff .woff
AddType application/x-font-truetype .ttf
AddType application/x-font-ttf .ttf
<IfModule mod_headers.c>
BrowserMatch MSIE ie
Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
<FilesMatch "\.(css|eot|gif|ico|jpe?g|js|otf|svg|pdf|png|tt[cf]|txt|woff2?|xml)$">
Header unset X-UA-Compatible
</FilesMatch>
Header append Vary User-Agent
</IfModule>
# --------------- </COMPATBILITY>