Last active
June 7, 2020 17:06
-
-
Save lucasff/6bf5398167564ba2a775 to your computer and use it in GitHub Desktop.
CakePHP security optimized .htaccess
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <IfModule mod_gzip.c> | |
| mod_gzip_on Yes | |
| mod_gzip_dechunk Yes | |
| mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ | |
| mod_gzip_item_include handler ^cgi-script$ | |
| mod_gzip_item_include mime ^text/.* | |
| mod_gzip_item_include mime ^application/x-javascript.* | |
| mod_gzip_item_exclude mime ^image/.* | |
| mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* | |
| </IfModule> | |
| <IfModule mod_expires.c> | |
| # Optimize caching - see http://yhoo.it/ahEkX9 for more information. | |
| ExpiresActive On | |
| ExpiresByType image/gif "access plus 1 month" | |
| ExpiresByType image/png "access plus 1 month" | |
| ExpiresByType image/jpg "access plus 1 month" | |
| ExpiresByType image/jpeg "access plus 1 month" | |
| ExpiresByType image/x-icon "access plus 1 month" | |
| ExpiresByType text/css "access plus 1 year" | |
| ExpiresByType application/javascript "access plus 1 year" | |
| ExpiresByType application/x-javascript "access plus 1 year" | |
| </IfModule> | |
| <IfModule mod_headers.c> | |
| <FilesMatch "\\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$"> | |
| Header set Cache-Control "max-age=2592000, public" | |
| </FilesMatch> | |
| <FilesMatch "\\.(css)$"> | |
| Header set Cache-Control "max-age=604800, public" | |
| </FilesMatch> | |
| <FilesMatch "\\.(js)$"> | |
| Header set Cache-Control "max-age=216000, private" | |
| </FilesMatch> | |
| <FilesMatch "\\.(xml|txt)$"> | |
| Header set Cache-Control "max-age=216000, public, must-revalidate" | |
| </FilesMatch> | |
| <FilesMatch "\\.(html|htm|php)$"> | |
| Header set Cache-Control "max-age=1, private, must-revalidate" | |
| </FilesMatch> | |
| </IfModule> | |
| Options -Indexes | |
| AddDefaultCharset UTF-8 | |
| DefaultLanguage pt-BR | |
| ## Security ## | |
| <Files ~ "^\.ht"> | |
| Order allow,deny | |
| Deny from all | |
| Satisfy all | |
| </Files> | |
| <Files ~ "\.(log|sql)$"> | |
| order deny,allow | |
| deny from all | |
| </Files> | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine on | |
| ## Default domain ## | |
| RewriteCond %{HTTP_HOST} !^www\.(.+)$ [NC] | |
| RewriteRule ^(.*)$ http://www\.%{HTTP_HOST}/$1 [R=301,L] | |
| ## Security ## | |
| # proc/self/environ? no way! | |
| RewriteCond %{QUERY_STRING} proc/self/environ [OR] | |
| # Block out any script trying to set a mosConfig value through the URL | |
| RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] | |
| # Block out any script trying to base64_encode crap to send via URL | |
| RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] | |
| # Block out any script that includes a <script> tag in URL | |
| RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] | |
| # Block out any script trying to set a PHP GLOBALS variable via URL | |
| RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR] | |
| # Block out any script trying to modify a _REQUEST variable via URL | |
| RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2}) | |
| # Send all blocked request to homepage with 403 Forbidden error! | |
| RewriteRule ^(.*)$ index.php [F,L] | |
| RewriteRule ^$ webroot/ [L] | |
| RewriteRule (.*) webroot/$1 [L] | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi thankyou.. but i tried to replace with htaccess with my in /app/.htaccess but it seems same issue with my css and js files doesnt have expire time..
Also i replaced "access plus 1 month" with time string A2592000
I wanna use this htaccess in my api which i am using to renders html with css js and save data