Created
March 5, 2019 12:57
-
-
Save danielstrelec/b2649d456372ff6fe29fddc4ae48ef4e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# bezpecnostni hlavicky | |
<IfModule mod_headers.c> | |
Header set X-XSS-Protection "1; mode=block" | |
Header set X-Frame-Options SAMEORIGIN | |
Header set X-Content-Type-Options nosniff | |
Header set Strict-Transport-Security "max-age=15768000;" env=HTTPS | |
</IfModule> | |
# kesovaci hlavicky | |
<IfModule mod_expires.c> | |
<FilesMatch "\.(?i:gif|jpe?g|png|js|css|swf|ico|woff|svg)$"> | |
ExpiresActive on | |
ExpiresDefault "access plus 365 days" | |
</Filesmatch> | |
</IfModule> | |
# kesovani souboru | |
<IfModule mod_headers.c> | |
<FilesMatch "\.(?i:gif|jpe?g|png|js|css|swf|ico|woff|svg)$"> | |
Header set Cache-Control "max-age=31536000, public" | |
</FilesMatch> | |
</IfModule> | |
# gzip | |
<IfModule mod_deflate.c> | |
AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/javascript | |
</IfModule> | |
# zakazani vypisu adresaru | |
Options -Indexes | |
# oprava nezobrazovani SVG souboru | |
AddType image/svg+xml .svg .svgz | |
# presmerovani z HTTP na HTTPS a na verzi s www | |
#non-www to www (+https) | |
RewriteCond %{HTTP_HOST} !^www\. [NC] | |
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,QSA,NE,R=301] | |
# presmerovani http na https | |
RewriteCond %{HTTPS} !on | |
RewriteCond %{HTTP:X-Forwarded-Proto} !=https | |
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,NE,R=301] | |
# CSP hlavicka - zamezeni mixed content | |
<IfModule mod_headers.c> | |
Header set Content-Security-Policy "upgrade-insecure-requests;" | |
</IfModule> | |
# osetreni fbclid (Facebook) | |
RewriteCond %{QUERY_STRING} ^(.*?)(&?fbclid=[a-zA-Z0-9_-]+)$ | |
RewriteRule ^(.*)$ /$1?%1 [L,NE,R=301] | |
# WP - zamezeni primeho zobrazeni souboru | |
<files .htaccess> | |
Order allow,deny | |
Deny from all | |
</files> | |
<files readme.html> | |
Order allow,deny | |
Deny from all | |
</files> | |
<files license.txt> | |
Order allow,deny | |
Deny from all | |
</files> | |
<files install.php> | |
Order allow,deny | |
Deny from all | |
</files> | |
<files wp-config.php> | |
Order allow,deny | |
Deny from all | |
</files> | |
<files error_log> | |
Order allow,deny | |
Deny from all | |
</files> | |
# WP - blokovani xmlrpc.php | |
<FilesMatch "^(xmlrpc\.php)"> | |
order deny,allow | |
deny from all | |
</FilesMatch> | |
# WP - blokovani PHP skriptu v uploads | |
RewriteRule ^(.*)/uploads/(.*)\.php$ - [F] | |
# WP - zamezeni zjisteni uzivatelu | |
RewriteCond %{QUERY_STRING} author= | |
RewriteRule ^(.*)$ - [R=403,NC,L] | |
# WP - blokovani primych POSTu | |
RewriteCond %{REQUEST_METHOD} POST | |
RewriteCond %{HTTP_REFERER} ^$ | |
RewriteRule ^ - [F,L] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment