peter/ukaiautomation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2fcb4f33ac1688534b893eaa0c41c893fd75289d
ukaiautomation/.htaccess
Peter f1c0e813e8 Many blog changes
2025-06-08 11:21:30 +01:00

50 lines
1.5 KiB
ApacheConf
Raw Blame History

# Security Rules for UK Data Services
# Protect sensitive files and configs
<FilesMatch "^\.(.*)$|\.log$|\.sql$|\.conf$|config\.php$|\.email-config\.php$|\.htaccess|\.htpasswd|\.ini|\.sh|\.inc|\.bak$">
Require all denied
</FilesMatch>
# Protect contact handlers from direct browser access (POST only)
<Files "contact-handler.php">
<LimitExcept POST>
Require all denied
</LimitExcept>
</Files>
<Files "quote-handler.php">
<LimitExcept POST>
Require all denied
</LimitExcept>
</Files>
# Security headers
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
# Basic compression (if mod_deflate is available)
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/javascript
</IfModule>
# Disable directory browsing
Options -Indexes
# Prevent access to logs and database directories
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^logs(/.*)?$ - [F,L]
RewriteRule ^database(/.*)?$ - [F,L]
RewriteRule ^\.git(/.*)?$ - [F,L]
RewriteRule ^docker(/.*)?$ - [F,L]
</IfModule>
# Disable server signature
ServerSignature Off
Reference in New Issue View Git Blame Copy Permalink