# ---------------------------------------------------------------------- # | 8G Firewall for Security - Do not change this part @Update 03/2024 # ---------------------------------------------------------------------- # 8G FIREWALL v1.5 20250927 # https://perishablepress.com/8g-firewall/ # 8G:[CORE] ServerSignature Off Options -Indexes RewriteEngine On RewriteBase / SetEnv TZ Australia/Hobart Options +SymLinksIfOwnerMatch # ── Allow .well-known for SSL/ACME challenges ────────────────────────────── RewriteRule ^\.well-known/ - [L] Require all denied # Allow Robots.txt to pass through RewriteRule ^robots.txt - [L] RewriteCond %{REQUEST_METHOD} !^POST$ RewriteRule ^index\.php$ / [R=301,L] Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header set Referrer-Policy "no-referrer" Header set X-Robots-Tag "index, follow" # ── Block all other dotfiles ─────────────────────────────────────────────── #RewriteRule (?:^|/)\. - [F,L] # ── www → non-www (301) ──────────────────────────────────────────────────── #RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] #RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L] # ── Pass existing .php files directly (prevent vhost modX routing) ───────── RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css) RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]