<IfModule mod_rewrite.c>RewriteEngineOnRewriteBase/#### Redirect non www to www ##### RewriteCond %{HTTP_HOST} ^domain.com [NC]# RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]#### Prevent hotlinking ##### RewriteCond %{HTTP_REFERER} !^$# RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.com/.*$ [NC]# RewriteRule .(gif|jpg|swf|flv|png)$ / [R=302,L]#### Force https for certain pages ##### RewriteCond %{HTTPS} !=on# RewriteRule ^(signup|contact-us)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]# ErrorDocument 500 /500.html#### Security restrictions ##### proc/self/environ? no way!RewriteCond%{QUERY_STRING} proc/self/environ [OR]# Block out any script trying to set a mosConfig value through the URLRewriteCond%{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D)[OR]# Block out any script trying to base64_encode crap to send via URLRewriteCond%{QUERY_STRING} base64_encode.*(.*)[OR]# Block out any script that includes a <script> tag in URLRewriteCond%{QUERY_STRING}(<|%3C).*script.*(>|%3E)[NC,OR]# Block out any script trying to set a PHP GLOBALS variable via URLRewriteCond%{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2})[OR]# Block out any script trying to modify a _REQUEST variable via URLRewriteCond%{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})# Send all blocked request to homepage with 403 Forbidden error!RewriteRule^(.*)$ app.php [F,L]RewriteCond%{REQUEST_URI}^/admin(/.*|)$ [NC]RewriteCond%{REQUEST_FILENAME}!-f
RewriteRule^(.*)$ app_admin.php [QSA,L]RewriteCond%{REQUEST_URI}!^/admin(/.*|)$ [NC]RewriteCond%{REQUEST_FILENAME}!-f
RewriteRule^(.*)$ app.php [QSA,L]</IfModule>#### Disable server signatureServerSignatureOff#### disable directory browsingOptionsAll-Indexes#### Set the timezone# SetEnv TZ Europe/London#### Sample Redirects#### Redirect 301 http://www.domain.com/home http://www.domain.com/#### Always download attachmentsAddType application/octet-stream .pdf
AddType application/octet-stream .zip
##### Optimize ######### HTTP ETag header #####FileETag None#### Gzip Files ####<ifModule mod_deflate.c>AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
AddOutputFilterByType DEFLATE font/truetype font/opentype
</ifModule>#### Cache-Control Headers ####<ifModule mod_headers.c><filesMatch ".(ico|jpe?g|png|gif|swf)$">Header set Cache-Control"public"</filesMatch><filesMatch ".(css)$">Header set Cache-Control"public"</filesMatch><filesMatch ".(js)$">Header set Cache-Control"private"</filesMatch><filesMatch ".(x?html?|php)$">#Header set Cache-Control "private, must-revalidate"</filesMatch></ifModule>#### HTTP ETag header ##### FileETag None#### Expire Headers ####<IfModule mod_expires.c><FilesMatch".(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svg|svgz|ttf|vcf|webm|webp|woff|xml|xpi)$">Header unset X-UA-Compatible
</FilesMatch>ExpiresActiveOn#ExpiresDefault A600ExpiresByType image/x-icon A2592000
ExpiresByType application/x-javascript A604800
ExpiresByType text/css A604800
ExpiresByType image/gif A2592000
ExpiresByType image/png A2592000
ExpiresByType image/jpeg A2592000
ExpiresByType text/plain A86400
ExpiresByType application/x-shockwave-flash A2592000
ExpiresByType video/x-flv A2592000
ExpiresByType application/pdf A2592000
#ExpiresByType text/html A3600</IfModule>#### Set headers<ifModule mod_headers.c>#### IEHeader set X-UA-Compatible "IE=Edge,chrome=1"#### P3P Header of IE issues with 3rd party coockiesHeader set P3P:"cp=The Greek Spots"#### Security Hardening# Vivid Matter - Bulletproof Header Security# Don't allow pages to be framed externally - Defends against CSRFHeader set X-FRAME-OPTIONS "SAMEORIGIN"# Tell the browser to attempt the HTTPS version first#Header add Strict-Transport-Security "max-age=157680000"# Turn on IE8-IE9 XSS prevention tools#Header set X-XSS-Protection "1; mode=block"# Only allow JavaScript from the same domain to be run.# Don't allow inline JavaScript to run.#Header set X-Content-Security-Policy "allow 'self';"# Prevent mime based attacksHeader add X-Content-Type-Options "nosniff"Header unset link
Header unset ServerHeader unset X-Pingback
# Disable server signatureHeader set ServerSignature"Off"Header set ServerTokens"Prod"# Control Cross-Domain Policies#Header set X-Permitted-Cross-Domain-Policies "master-only"#### Set the content language headerHeader set Content-Language en
#### Set the CreatorHeader set Created-By"George Bardis - george@bardis.info"Header set Version"1.0.0"</ifModule>############# End - Optimize for YSlow#### bad bot protection<IfModule mod_rewrite.c>RewriteCond%{HTTP_USER_AGENT}^BlackWidow[OR]RewriteCond%{HTTP_USER_AGENT}^Bot mailto:craftbot@yahoo.com [OR]RewriteCond%{HTTP_USER_AGENT}^ChinaClaw[OR]RewriteCond%{HTTP_USER_AGENT}^Custo[OR]RewriteCond%{HTTP_USER_AGENT}^DISCo[OR]RewriteCond%{HTTP_USER_AGENT}^DownloadDemon[OR]RewriteCond%{HTTP_USER_AGENT}^eCatch [OR]RewriteCond%{HTTP_USER_AGENT}^EirGrabber[OR]RewriteCond%{HTTP_USER_AGENT}^EmailSiphon[OR]RewriteCond%{HTTP_USER_AGENT}^EmailWolf[OR]RewriteCond%{HTTP_USER_AGENT}^ExpressWebPictures[OR]RewriteCond%{HTTP_USER_AGENT}^ExtractorPro[OR]RewriteCond%{HTTP_USER_AGENT}^EyeNetIE[OR]RewriteCond%{HTTP_USER_AGENT}^FlashGet[OR]RewriteCond%{HTTP_USER_AGENT}^GetRight[OR]RewriteCond%{HTTP_USER_AGENT}^GetWeb![OR]RewriteCond%{HTTP_USER_AGENT}^Go!Zilla[OR]RewriteCond%{HTTP_USER_AGENT}^Go-Ahead-Got-It[OR]RewriteCond%{HTTP_USER_AGENT}^GrabNet[OR]RewriteCond%{HTTP_USER_AGENT}^Grafula[OR]RewriteCond%{HTTP_USER_AGENT}^HMView[OR]RewriteCond%{HTTP_USER_AGENT}HTTrack[NC,OR]RewriteCond%{HTTP_USER_AGENT}^ImageStripper[OR]RewriteCond%{HTTP_USER_AGENT}^ImageSucker[OR]RewriteCond%{HTTP_USER_AGENT}IndyLibrary[NC,OR]RewriteCond%{HTTP_USER_AGENT}^InterGET[OR]RewriteCond%{HTTP_USER_AGENT}^InternetNinja[OR]RewriteCond%{HTTP_USER_AGENT}^JetCar[OR]RewriteCond%{HTTP_USER_AGENT}^JOC WebSpider[OR]RewriteCond%{HTTP_USER_AGENT}^larbin [OR]RewriteCond%{HTTP_USER_AGENT}^LeechFTP[OR]RewriteCond%{HTTP_USER_AGENT}^MassDownloader[OR]RewriteCond%{HTTP_USER_AGENT}^MIDown tool [OR]RewriteCond%{HTTP_USER_AGENT}^MisterPiX[OR]RewriteCond%{HTTP_USER_AGENT}^Navroad[OR]RewriteCond%{HTTP_USER_AGENT}^NearSite[OR]RewriteCond%{HTTP_USER_AGENT}^NetAnts[OR]RewriteCond%{HTTP_USER_AGENT}^NetSpider[OR]RewriteCond%{HTTP_USER_AGENT}^NetVampire[OR]RewriteCond%{HTTP_USER_AGENT}^NetZIP[OR]RewriteCond%{HTTP_USER_AGENT}^Octopus[OR]RewriteCond%{HTTP_USER_AGENT}^OfflineExplorer[OR]RewriteCond%{HTTP_USER_AGENT}^OfflineNavigator[OR]RewriteCond%{HTTP_USER_AGENT}^PageGrabber[OR]RewriteCond%{HTTP_USER_AGENT}^PapaFoto[OR]RewriteCond%{HTTP_USER_AGENT}^pavuk [OR]RewriteCond%{HTTP_USER_AGENT}^pcBrowser [OR]RewriteCond%{HTTP_USER_AGENT}^RealDownload[OR]RewriteCond%{HTTP_USER_AGENT}^ReGet[OR]RewriteCond%{HTTP_USER_AGENT}^SiteSnagger[OR]RewriteCond%{HTTP_USER_AGENT}^SmartDownload[OR]RewriteCond%{HTTP_USER_AGENT}^SuperBot[OR]RewriteCond%{HTTP_USER_AGENT}^SuperHTTP[OR]RewriteCond%{HTTP_USER_AGENT}^Surfbot[OR]RewriteCond%{HTTP_USER_AGENT}^tAkeOut [OR]RewriteCond%{HTTP_USER_AGENT}^WWW-Mechanize [OR]RewriteCond%{HTTP_USER_AGENT}^TeleportPro[OR]RewriteCond%{HTTP_USER_AGENT}^VoidEYE[OR]RewriteCond%{HTTP_USER_AGENT}^WebImageCollector[OR]RewriteCond%{HTTP_USER_AGENT}^WebSucker[OR]RewriteCond%{HTTP_USER_AGENT}^WebAuto[OR]RewriteCond%{HTTP_USER_AGENT}^WebCopier[OR]RewriteCond%{HTTP_USER_AGENT}^WebFetch[OR]RewriteCond%{HTTP_USER_AGENT}^WebGo IS [OR]RewriteCond%{HTTP_USER_AGENT}^WebLeacher[OR]RewriteCond%{HTTP_USER_AGENT}^WebReaper[OR]RewriteCond%{HTTP_USER_AGENT}^WebSauger[OR]RewriteCond%{HTTP_USER_AGENT}^Website eXtractor [OR]RewriteCond%{HTTP_USER_AGENT}^WebsiteQuester[OR]RewriteCond%{HTTP_USER_AGENT}^WebStripper[OR]RewriteCond%{HTTP_USER_AGENT}^WebWhacker[OR]RewriteCond%{HTTP_USER_AGENT}^WebZIP[OR]RewriteCond%{HTTP_USER_AGENT}^Widow[OR]RewriteCond%{HTTP_USER_AGENT}^WWWOFFLE [OR]RewriteCond%{HTTP_USER_AGENT}^XaldonWebSpider[OR]RewriteCond%{HTTP_USER_AGENT}^Toata dragostea mea pentru diavola [OR]RewriteCond%{HTTP_USER_AGENT}^Mozilla/5.0 SF [OR]RewriteCond%{HTTP_USER_AGENT}^ZeusRewriteRule^.*-[F,L]</IfModule>#### scanner bots as well as malacious input blocker<IfModule mod_rewrite.c>RewriteCond%{HTTP_USER_AGENT}^w3af.sourceforge.net [NC,OR]RewriteCond%{HTTP_USER_AGENT} dirbuster [NC,OR]RewriteCond%{HTTP_USER_AGENT} nikto [NC,OR]RewriteCond%{HTTP_USER_AGENT} sqlmap [NC,OR]RewriteCond%{HTTP_USER_AGENT} fimap [NC,OR]RewriteCond%{HTTP_USER_AGENT} nessus [NC,OR]RewriteCond%{HTTP_USER_AGENT} whatweb [NC,OR]RewriteCond%{HTTP_USER_AGENT}Openvas[NC,OR]RewriteCond%{HTTP_USER_AGENT} jbrofuzz [NC,OR]RewriteCond%{HTTP_USER_AGENT} libwhisker [NC,OR]RewriteCond%{HTTP_USER_AGENT} webshag [NC,OR]RewriteCond%{HTTP_USER_AGENT}(havij|Netsparker|libwww-perl|python|nikto|curl|scan|java|winhttp|clshttp|loader)[NC,OR]RewriteCond%{HTTP_USER_AGENT}(%0A|%0D|%27|%3C|%3E|%00)[NC,OR]RewriteCond%{HTTP_USER_AGENT}(;|<|>|'|"|)|(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner)[NC,OR]RewriteCond%{HTTP:Acunetix-Product}^WVS
RewriteCond%{REQUEST_URI}(<|%3C)([^s]*s)+cript.*(>|%3E)[NC,OR]RewriteCond%{REQUEST_URI}(<|%3C)([^e]*e)+mbed.*(>|%3E)[NC,OR]RewriteCond%{REQUEST_URI}(<|%3C)([^o]*o)+bject.*(>|%3E)[NC,OR]RewriteCond%{REQUEST_URI}(<|%3C)([^i]*i)+frame.*(>|%3E)[NC,OR]RewriteCond%{REQUEST_URI} base64_(en|de)code[^(]*([^)]*)[NC,OR]RewriteCond%{REQUEST_URI}(%0A|%0D|\r|\n)[NC,OR]RewriteCond%{REQUEST_URI} union([^a]*a)+ll([^s]*s)+elect [NC]RewriteRule^(.*)$ http://127.0.0.1[R=301,L]</IfModule>