ok
Direktori : /home/ngwcolle/public_html/ |
Current File : /home/ngwcolle/public_html/.htaccess |
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Options +FollowSymLinks RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L] # php -- END cPanel-generated handler, do not edit <IfModule mod_headers.c> Header set Age "216000" Header always set Strict-Transport-Security "max-age=31536000;includeSubDomains;preload" env=HTTPS Header always set x-xss-protection "1; mode=block" Header always set x-frame-options "SAMEORIGIN" Header always set X-Content-Type-Options "nosniff" Header set X-Permitted-Cross-Domain-Policies "none" Header always set Cache-Control "max-age=2628000, public" Header always set Referrer-Policy "no-referrer-when-downgrade,strict-origin-when-cross-origin" Header always set Content-Security-Policy "upgrade-insecure-requests ;object-src 'none';img-src 'self' data:;frame-ancestors 'none';block-all-mixed-content" Header always set Permissions-Policy "geolocation=self; midi=();notifications=();> Header always unset X-Powered-By Header always unset server Header unset X-Powered-By Header unset server Header append Vary "Accept-Encoding,User-Agent,Referer" Header set Feature-Policy "camera 'none'; fullscreen 'self'; geolocation *; microphone 'self' " Header set Expect-CT: enforce, max-age=31536000, report-uri="https://your.report-uri.com/r/d/ct/enforce" ##Header set Content-Security-Policy "default-src 'self';" Header always edit Set-Cookie (.*) "$1; HTTPOnly" Header onsuccess edit Set-Cookie (.*) "$1; HTTPOnly" Header always edit Set-Cookie (.*) "$1; Secure" #Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly" Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Lax # Header always set X-Content-Type-Options "nosniff" #Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" #Header always set X-Frame-Options "SAMEORIGIN" #Header always set X-XSS-Protection "1; mode=block" </IfModule> <IfModule mod_rewrite.c> #add angle brackets on current line RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule .* index.php [F,L] </IfModule> <IfModule LiteSpeed> #ForceSecureCookie same_site_strict ForceSecureCookie httponly secure same_site_strict </IfModule> https://pastebin.com/gbF9JdiL # php -- BEGIN cPanel-generated handler, do not edit # Set the “alt-php82” package as the default “PHP” programming language. <IfModule mime_module> AddHandler application/x-httpd-alt-php82 .php .php8 .phtml </IfModule> # php -- END cPanel-generated handler, do not edit