.htaccess

# Security Rules for UK Data Services

# Protect sensitive files and configs
<FilesMatch "^\.(.*)$|\.log$|\.sql$|\.conf$|config\.php$|\.email-config\.php$|\.htaccess|\.htpasswd|\.ini|\.sh|\.inc|\.bak$">
    Require all denied
</FilesMatch>

# Protect contact handlers from direct browser access (POST only)
<Files "contact-handler.php">
    <LimitExcept POST>
        Require all denied
    </LimitExcept>
</Files>

<Files "quote-handler.php">
    <LimitExcept POST>
        Require all denied
    </LimitExcept>
</Files>

# Security headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# Basic compression (if mod_deflate is available)
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/javascript
</IfModule>

# Disable directory browsing
Options -Indexes

# Prevent access to logs and database directories
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^logs(/.*)?$ - [F,L]
    RewriteRule ^database(/.*)?$ - [F,L]
    RewriteRule ^\.git(/.*)?$ - [F,L]
    RewriteRule ^docker(/.*)?$ - [F,L]
</IfModule>

# Disable server signature
ServerSignature Off
Many blog changes 2025-06-08 11:21:30 +01:00			`# Security Rules for UK Data Services`

			`# Protect sensitive files and configs`
			`<FilesMatch "^\.(.*)$\|\.log$\|\.sql$\|\.conf$\|config\.php$\|\.email-config\.php$\|\.htaccess\|\.htpasswd\|\.ini\|\.sh\|\.inc\|\.bak$">`
			`Require all denied`
			`</FilesMatch>`

			`# Protect contact handlers from direct browser access (POST only)`
			`<Files "contact-handler.php">`
			`<LimitExcept POST>`
			`Require all denied`
			`</LimitExcept>`
			`</Files>`

			`<Files "quote-handler.php">`
			`<LimitExcept POST>`
			`Require all denied`
			`</LimitExcept>`
			`</Files>`

			`# Security headers`
			`<IfModule mod_headers.c>`
			`Header always set X-Content-Type-Options "nosniff"`
			`Header always set X-Frame-Options "SAMEORIGIN"`
			`Header always set X-XSS-Protection "1; mode=block"`
			`Header always set Referrer-Policy "strict-origin-when-cross-origin"`
			`</IfModule>`

			`# Basic compression (if mod_deflate is available)`
			`<IfModule mod_deflate.c>`
			`AddOutputFilterByType DEFLATE text/plain`
			`AddOutputFilterByType DEFLATE text/html`
			`AddOutputFilterByType DEFLATE text/css`
			`AddOutputFilterByType DEFLATE application/javascript`
			`</IfModule>`

			`# Disable directory browsing`
			`Options -Indexes`

			`# Prevent access to logs and database directories`
			`<IfModule mod_rewrite.c>`
			`RewriteEngine On`
			`RewriteRule ^logs(/.*)?$ - [F,L]`
			`RewriteRule ^database(/.*)?$ - [F,L]`
			`RewriteRule ^\.git(/.*)?$ - [F,L]`
			`RewriteRule ^docker(/.*)?$ - [F,L]`
			`</IfModule>`

			`# Disable server signature`
Secure contact form and email configuration - Add email header injection prevention - Implement referer checking for form submissions - Create .htaccess security rules for handlers - Add secure email configuration file - Include UTF-8 database backup - Restrict access to sensitive files 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-06-08 03:42:09 +00:00			`ServerSignature Off`