-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess
30 lines (23 loc) · 908 Bytes
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
RewriteEngine On
Header edit Set-Cookie ^(PHPSESSID.*)$ "$1; HttpOnly"
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?page=$1 [L]
Options All -Indexes
ServerSignature Off
Options +SymLinksIfOwnerMatch
AddDefaultCharset UTF-8
<IfModule mod_headers.c>
Header always append X-Frame-Options SAMEORIGIN
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
</IfModule>
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]