-
-
Save akroii/3574fdc6cdea2b691039b57471587350 to your computer and use it in GitHub Desktop.
Die optimale .htaccess-Datei für mehr Speed und Sicherheit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ---------------------------------------------------------------------- | |
| # | Komprimierung und Caching | | |
| # ---------------------------------------------------------------------- | |
| # Serve resources with far-future expires headers. | |
| # | |
| # (!) If you don't control versioning with filename-based | |
| # cache busting, you should consider lowering the cache times | |
| # to something like one week. | |
| # | |
| # https://httpd.apache.org/docs/current/mod/mod_expires.html | |
| <IfModule mod_expires.c> | |
| ExpiresActive on | |
| ExpiresDefault "access plus 1 month" | |
| # CSS | |
| ExpiresByType text/css "access plus 1 year" | |
| # Data interchange | |
| ExpiresByType application/atom+xml "access plus 1 hour" | |
| ExpiresByType application/rdf+xml "access plus 1 hour" | |
| ExpiresByType application/rss+xml "access plus 1 hour" | |
| ExpiresByType application/json "access plus 0 seconds" | |
| ExpiresByType application/ld+json "access plus 0 seconds" | |
| ExpiresByType application/schema+json "access plus 0 seconds" | |
| ExpiresByType application/vnd.geo+json "access plus 0 seconds" | |
| ExpiresByType application/xml "access plus 0 seconds" | |
| ExpiresByType text/xml "access plus 0 seconds" | |
| # Favicon (cannot be renamed!) and cursor images | |
| ExpiresByType image/vnd.microsoft.icon "access plus 1 week" | |
| ExpiresByType image/x-icon "access plus 1 week" | |
| # HTML | |
| ExpiresByType text/html "access plus 3600 seconds" | |
| # JavaScript | |
| ExpiresByType application/javascript "access plus 1 year" | |
| ExpiresByType application/x-javascript "access plus 1 year" | |
| ExpiresByType text/javascript "access plus 1 year" | |
| # Manifest files | |
| ExpiresByType application/manifest+json "access plus 1 week" | |
| ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" | |
| ExpiresByType text/cache-manifest "access plus 0 seconds" | |
| # Media files | |
| ExpiresByType audio/ogg "access plus 1 month" | |
| ExpiresByType image/bmp "access plus 1 month" | |
| ExpiresByType image/gif "access plus 1 month" | |
| ExpiresByType image/jpeg "access plus 1 month" | |
| ExpiresByType image/png "access plus 1 month" | |
| ExpiresByType image/svg+xml "access plus 1 month" | |
| ExpiresByType image/webp "access plus 1 month" | |
| ExpiresByType video/mp4 "access plus 1 month" | |
| ExpiresByType video/ogg "access plus 1 month" | |
| ExpiresByType video/webm "access plus 1 month" | |
| # Web fonts | |
| # Embedded OpenType (EOT) | |
| ExpiresByType application/vnd.ms-fontobject "access plus 1 month" | |
| ExpiresByType font/eot "access plus 1 month" | |
| # OpenType | |
| ExpiresByType font/opentype "access plus 1 month" | |
| # TrueType | |
| ExpiresByType application/x-font-ttf "access plus 1 month" | |
| # Web Open Font Format (WOFF) 1.0 | |
| ExpiresByType application/font-woff "access plus 1 month" | |
| ExpiresByType application/x-font-woff "access plus 1 month" | |
| ExpiresByType font/woff "access plus 1 month" | |
| # Web Open Font Format (WOFF) 2.0 | |
| ExpiresByType application/font-woff2 "access plus 1 month" | |
| # Other | |
| ExpiresByType text/x-cross-domain-policy "access plus 1 week" | |
| </IfModule> | |
| <IfModule mod_deflate.c> | |
| # Insert filters / compress text, html, javascript, css, xml: | |
| AddOutputFilterByType DEFLATE text/plain | |
| AddOutputFilterByType DEFLATE text/html | |
| AddOutputFilterByType DEFLATE text/xml | |
| AddOutputFilterByType DEFLATE text/css | |
| AddOutputFilterByType DEFLATE text/vtt | |
| AddOutputFilterByType DEFLATE text/x-component | |
| AddOutputFilterByType DEFLATE application/xml | |
| AddOutputFilterByType DEFLATE application/xhtml+xml | |
| AddOutputFilterByType DEFLATE application/rss+xml | |
| AddOutputFilterByType DEFLATE application/js | |
| AddOutputFilterByType DEFLATE application/javascript | |
| AddOutputFilterByType DEFLATE application/x-javascript | |
| AddOutputFilterByType DEFLATE application/x-httpd-php | |
| AddOutputFilterByType DEFLATE application/x-httpd-fastphp | |
| AddOutputFilterByType DEFLATE application/atom+xml | |
| AddOutputFilterByType DEFLATE application/json | |
| AddOutputFilterByType DEFLATE application/ld+json | |
| AddOutputFilterByType DEFLATE application/vnd.ms-fontobject | |
| AddOutputFilterByType DEFLATE application/x-font-ttf | |
| AddOutputFilterByType DEFLATE application/x-web-app-manifest+json | |
| AddOutputFilterByType DEFLATE font/opentype | |
| AddOutputFilterByType DEFLATE image/svg+xml | |
| AddOutputFilterByType DEFLATE image/x-icon | |
| # Exception: Images | |
| SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary | |
| # Drop problematic browsers | |
| BrowserMatch ^Mozilla/4 gzip-only-text/html | |
| BrowserMatch ^Mozilla/4\.0[678] no-gzip | |
| BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html | |
| # Make sure proxies don't deliver the wrong content | |
| Header append Vary User-Agent env=!dont-vary | |
| </IfModule> | |
| #Alternative caching using Apache's "mod_headers", if it's installed. | |
| #Caching of common files - ENABLED | |
| <IfModule mod_headers.c> | |
| <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$"> | |
| Header set Cache-Control "max-age=2592000, public" | |
| </FilesMatch> | |
| </IfModule> | |
| <IfModule mod_headers.c> | |
| <FilesMatch "\.(js|css|xml|gz)$"> | |
| Header append Vary Accept-Encoding | |
| </FilesMatch> | |
| </IfModule> | |
| # Set Keep Alive Header | |
| <IfModule mod_headers.c> | |
| Header set Connection keep-alive | |
| </IfModule> | |
| # If your server don't support ETags deactivate with "None" (and remove header) | |
| <IfModule mod_expires.c> | |
| <IfModule mod_headers.c> | |
| Header unset ETag | |
| </IfModule> | |
| FileETag None | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | 6g Firewall für Sicherheit | |
| # ---------------------------------------------------------------------- | |
| # 6G FIREWALL/BLACKLIST | |
| # @ https://perishablepress.com/6g/ | |
| # 6G:[QUERY STRINGS] | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteCond %{QUERY_STRING} (eval\() [NC,OR] | |
| RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR] | |
| RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR] | |
| RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC] | |
| RewriteRule .* - [F] | |
| </IfModule> | |
| # 6G:[REQUEST METHOD] | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC] | |
| RewriteRule .* - [F] | |
| </IfModule> | |
| # 6G:[REFERRERS] | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR] | |
| RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC] | |
| RewriteRule .* - [F] | |
| </IfModule> | |
| # 6G:[REQUEST STRINGS] | |
| <IfModule mod_alias.c> | |
| RedirectMatch 403 (?i)([a-z0-9]{2000}) | |
| RedirectMatch 403 (?i)(https?|ftp|php):/ | |
| RedirectMatch 403 (?i)(base64_encode)(.*)(\() | |
| RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\. | |
| RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&?)/?$ | |
| RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\") | |
| RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|) | |
| RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack) | |
| RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ) | |
| RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$ | |
| RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php | |
| </IfModule> | |
| # 6G:[USER AGENTS] | |
| <IfModule mod_setenvif.c> | |
| SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot | |
| SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot | |
| <limit GET POST PUT> | |
| Order Allow,Deny | |
| Allow from All | |
| Deny from env=bad_bot | |
| </limit> | |
| </IfModule> | |
| # 6G:[BAD IPS] | |
| <Limit GET HEAD OPTIONS POST PUT> | |
| Order Allow,Deny | |
| Allow from All | |
| # uncomment/edit/repeat next line to block IPs | |
| # Deny from 123.456.789 | |
| </Limit> | |
| # ---------------------------------------------------------------------- | |
| # | Zeichensatz setzen | |
| # ---------------------------------------------------------------------- | |
| AddDefaultCharset UTF-8 | |
| # ---------------------------------------------------------------------- | |
| # Wichtige WordPress-Dateien gegen den Zugriff von außen blocken | |
| # ---------------------------------------------------------------------- | |
| # Kein Zugriff auf die install.php | |
| <files install.php> | |
| Order allow,deny | |
| Deny from all | |
| </files> | |
| # Kein Zugriff auf die wp-config.php | |
| <files wp-config.php> | |
| Order allow,deny | |
| Deny from all | |
| </files> | |
| # Kein Zugriff auf die readme.html | |
| <files readme.html> | |
| Order Allow,Deny | |
| Deny from all | |
| Satisfy all | |
| </Files> | |
| # Kein Zugriff auf die liesmich.html für die DE Edition | |
| <Files liesmich.html> | |
| Order Allow,Deny | |
| Deny from all | |
| Satisfy all | |
| </Files> | |
| # Kein Zugriff auf das Error-Log | |
| <files error_log> | |
| Order allow,deny | |
| Deny from all | |
| </files> | |
| #Zugriff auf .htaccess und .htpasswd verbieten. Wenn keine .htpasswd benutzt wird, kann der Code dafür entfernt werden. | |
| <FilesMatch "(\.htaccess|\.htpasswd)"> | |
| Order deny,allow | |
| Deny from all | |
| </FilesMatch> | |
| # Den Zugriff auf den Include-Ordner verbieten | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteRule ^wp-admin/includes/ - [F,L] | |
| RewriteRule !^wp-includes/ - [S=3] | |
| RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
| RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
| RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
| </IfModule> | |
| # Schutz des Administrator-Bereichs. Wenn der .htaccess/.htpasswd Schutz genutzt werden soll, auskommentieren. | |
| #<Files wp-login.php> | |
| #AuthName "Admin-Bereich" | |
| #AuthType Basic | |
| #AuthUserFile dein/pfad/zur/.htpasswd | |
| #require valid-user | |
| #</Files> | |
| # ---------------------------------------------------------------------- | |
| # Hotlinking verbieten - WICHTIG: Füge Deine Domain hinzu, ansonsten werden keine Bilder angezeigt! | |
| # ---------------------------------------------------------------------- | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine on | |
| RewriteCond %{HTTP_REFERER} !^$ | |
| RewriteCond %{HTTP_REFERER} !^https://(www\.)?democraticpost\.de(/.*)?$ [NC] | |
| RewriteRule \.(jpg|jpeg|gif||png)$ - [F] | |
| </ifModule> | |
| # XML-RPC Schnittstelle komplett abschalten | |
| <Files xmlrpc.php> | |
| Order Deny,Allow | |
| Deny from all | |
| </Files> | |
| # ---------------------------------------------------------------------- | |
| # | WordPress Rewrite Rules | |
| # ---------------------------------------------------------------------- | |
| # BEGIN WordPress | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteRule ^index\.php$ - [L] | |
| RewriteCond %{REQUEST_FILENAME} !-f | |
| RewriteCond %{REQUEST_FILENAME} !-d | |
| RewriteRule . /index.php [L] | |
| </IfModule> | |
| # END WordPress |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment