Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Snippet of Security Tweaks for the .htaccess.
# Deny access to include files.
<Files ~ "\.inc$">
Order Allow,Deny
Deny from All
# Deny access to hidden files.
RedirectMatch 403 /\..*$
# Deny access to folders.
Options +ExecCGI +FollowSymLinks -MultiViews -Indexes
<IfModule mod_headers.c>
# Prevent MIME based attacks.
Header set X-Content-Type-Options "nosniff"
# Disallow iframes of your website on other sites.
Header set X-Frame-Options "sameorigin"
# Cross-Site-Scripting Protection
Header set X-XSS-Protection "1; mode=block"
<IfModule mod_rewrite.c>
RewriteEngine on
# Prevent image hotlinking.
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^(.*)://*) [NC]
RewriteCond %{HTTP_REFERER} !^(.*)://(.*)*) [NC]
RewriteRule \.(jpe?g|png|svg|gif|bmp|js|css)$ - [F,L]
# Enforce HTTPS/SSL.
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment