38 lines
1.1 KiB
ApacheConf
38 lines
1.1 KiB
ApacheConf
Options -Indexes
|
|
Options -MultiViews
|
|
|
|
# ── Security headers ──
|
|
<IfModule mod_headers.c>
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
Header always set X-Frame-Options "SAMEORIGIN"
|
|
Header always set X-XSS-Protection "1; mode=block"
|
|
Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
|
</IfModule>
|
|
|
|
# ── Block direct access to sensitive files ──
|
|
<FilesMatch "^(config\.php|database\.sql|\.env)$">
|
|
Order allow,deny
|
|
Deny from all
|
|
</FilesMatch>
|
|
|
|
# ── Allow uploads folder but block PHP execution inside it ──
|
|
<IfModule mod_rewrite.c>
|
|
RewriteEngine On
|
|
|
|
# Block PHP execution in uploads folder
|
|
RewriteRule ^uploads/.*\.php$ - [F,L]
|
|
|
|
# Route all API requests through index if needed
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteRule ^api/([^/]+)/?$ api/$1.php [L,QSA]
|
|
</IfModule>
|
|
|
|
# ── Cache static assets ──
|
|
<IfModule mod_expires.c>
|
|
ExpiresActive On
|
|
ExpiresByType image/jpeg "access plus 1 month"
|
|
ExpiresByType image/png "access plus 1 month"
|
|
ExpiresByType image/webp "access plus 1 month"
|
|
</IfModule>
|