innhold/content/.htaccess.base

DirectorySlash Off

# Block direct access to content source files
<FilesMatch "\.(ini|md|html|php)$">
    # Allow only the entry point
    <If "%{REQUEST_URI} != '/index.php'">
        Require all denied
    </If>
</FilesMatch>

# Security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "DENY"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
    Header set Permissions-Policy "camera=(), microphone=(), geolocation=()"
    Header unset X-Powered-By
    Header always unset X-Powered-By
</IfModule>

# Restrict HTTP methods to GET, POST, HEAD
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)$ [NC]
    RewriteRule .* - [F,L]

    # Route /app requests to index.php
    RewriteCond %{REQUEST_URI} ^/app/
    RewriteRule ^(.*)$ /index.php [L,QSA]

    # Don't rewrite if file exists
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ /index.php [L,QSA]
</IfModule>
Add base URL rewrite rules and secure petition data files Add base URL rewrite rules for app routing Secure petition data files with access restrictions 2026-01-16 22:02:14 +01:00			`DirectorySlash Off`

Add security hardening for shared hosting environments Improve session cookie security with HttpOnly and SameSite attributes Add security headers via .htaccess Block direct access to sensitive files Restrict allowed HTTP methods Document cPanel-specific security configuration Add container hardening for ServerTokens and ServerSignature 2026-02-10 23:02:57 +01:00			`# Block direct access to content source files`
			`<FilesMatch "\.(ini\|md\|html\|php)$">`
			`# Allow only the entry point`
			`<If "%{REQUEST_URI} != '/index.php'">`
			`Require all denied`
			`</If>`
			`</FilesMatch>`

			`# Security headers`
			`<IfModule mod_headers.c>`
			`Header set X-Content-Type-Options "nosniff"`
			`Header set X-Frame-Options "DENY"`
			`Header set Referrer-Policy "strict-origin-when-cross-origin"`
			`Header set Permissions-Policy "camera=(), microphone=(), geolocation=()"`
			`Header unset X-Powered-By`
			`Header always unset X-Powered-By`
			`</IfModule>`

			`# Restrict HTTP methods to GET, POST, HEAD`
Add base URL rewrite rules and secure petition data files Add base URL rewrite rules for app routing Secure petition data files with access restrictions 2026-01-16 22:02:14 +01:00			`<IfModule mod_rewrite.c>`
			`RewriteEngine On`
			`RewriteBase /`

Add security hardening for shared hosting environments Improve session cookie security with HttpOnly and SameSite attributes Add security headers via .htaccess Block direct access to sensitive files Restrict allowed HTTP methods Document cPanel-specific security configuration Add container hardening for ServerTokens and ServerSignature 2026-02-10 23:02:57 +01:00			`RewriteCond %{REQUEST_METHOD} !^(GET\|POST\|HEAD)$ [NC]`
			`RewriteRule .* - [F,L]`

Add base URL rewrite rules and secure petition data files Add base URL rewrite rules for app routing Secure petition data files with access restrictions 2026-01-16 22:02:14 +01:00			`# Route /app requests to index.php`
			`RewriteCond %{REQUEST_URI} ^/app/`
			`RewriteRule ^(.*)$ /index.php [L,QSA]`

			`# Don't rewrite if file exists`
			`RewriteCond %{REQUEST_FILENAME} !-f`
			`RewriteRule ^(.*)$ /index.php [L,QSA]`
			`</IfModule>`