-
Notifications
You must be signed in to change notification settings - Fork 1
/
.htaccess
70 lines (61 loc) · 2.6 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/x-json
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
</IfModule>
<FilesMatch "^\.env$">
Order allow,deny
Deny from all
</FilesMatch>
Options -Indexes
RewriteEngine On
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} !^/Resources/
RewriteRule ^.*$ index.php [NC,L]
RewriteCond %{QUERY_STRING} !version=latest
RewriteRule \.(css|js|json|jpg|jpeg|webp|png|gif|svg|bmp|tiff|jfif|ico|sfw|woff|ttf|otf)$ - [E=SET_CACHE_HEADER:1]
RewriteCond %{QUERY_STRING} version=latest
RewriteRule \.(css|js|json|jpg|jpeg|webp|png|gif|svg|bmp|tiff|jfif|ico|sfw|woff|ttf|otf)$ - [E=NO_CACHE_HEADER:1]
</IfModule>
<IfModule mod_headers.c>
Header set X-Frame-Options "DENY"
Header set Cache-Control "max-age=86000, public" env=SET_CACHE_HEADER
Header set Cache-Control "no-cache" env=NO_CACHE_HEADER
</IfModule>
<IfModule security2_module>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecRequestBodyLimit 104857600
SecRequestBodyNoFilesLimit 1048576
SecRequestBodyInMemoryLimit 1048576
SecResponseBodyLimit 524288
SecResponseBodyLimitAction ProcessPartial
IncludeOptional /etc/modsecurity/*.conf
# OWASP CRS
Include /usr/share/modsecurity-crs/*.conf
Include /usr/share/modsecurity-crs/rules/*.conf
# Custom rules
SecRule REQUEST_HEADERS:Content-Length "@gt 104857600" "phase:1,deny,status:413,msg:'Payload too large'"
</IfModule>