3b04a3d78c
Improve session cookie security with HttpOnly and SameSite attributes Add security headers via .htaccess Block direct access to sensitive files Restrict allowed HTTP methods Document cPanel-specific security configuration Add container hardening for ServerTokens and ServerSignature
36 lines
1 KiB
Text
36 lines
1 KiB
Text
DirectorySlash Off
|
|
|
|
# Block direct access to content source files
|
|
<FilesMatch "\.(ini|md|html|php)$">
|
|
# Allow only the entry point
|
|
<If "%{REQUEST_URI} != '/index.php'">
|
|
Require all denied
|
|
</If>
|
|
</FilesMatch>
|
|
|
|
# Security headers
|
|
<IfModule mod_headers.c>
|
|
Header set X-Content-Type-Options "nosniff"
|
|
Header set X-Frame-Options "DENY"
|
|
Header set Referrer-Policy "strict-origin-when-cross-origin"
|
|
Header set Permissions-Policy "camera=(), microphone=(), geolocation=()"
|
|
Header unset X-Powered-By
|
|
Header always unset X-Powered-By
|
|
</IfModule>
|
|
|
|
# Restrict HTTP methods to GET, POST, HEAD
|
|
<IfModule mod_rewrite.c>
|
|
RewriteEngine On
|
|
RewriteBase /
|
|
|
|
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)$ [NC]
|
|
RewriteRule .* - [F,L]
|
|
|
|
# Route /app requests to index.php
|
|
RewriteCond %{REQUEST_URI} ^/app/
|
|
RewriteRule ^(.*)$ /index.php [L,QSA]
|
|
|
|
# Don't rewrite if file exists
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteRule ^(.*)$ /index.php [L,QSA]
|
|
</IfModule>
|