Files
alrahma_sunday_school/public/.htaccess
T
2026-02-10 22:11:06 -05:00

45 lines
1.1 KiB
ApacheConf

# Disable directory browsing
Options -Indexes
# Block TRACE method
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
# Deny access to hidden files
RedirectMatch 403 /\..*$
# Protect .git
RedirectMatch 404 /\.git
# Block common sensitive file types
<FilesMatch "\.(env|ini|log|sql|bak|swp|inc|sh|conf|config|phpinfo\.php)$">
Order allow,deny
Deny from all
</FilesMatch>
# Security Headers
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "geolocation=(), microphone=()"
Header always set Content-Security-Policy "default-src 'self';"
</IfModule>
# Disable Apache signature
ServerSignature Off
# Clean URLs
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
ErrorDocument 404 index.php
</IfModule>