| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
- # ----------------------------------------------------------------------
- # | 8G Firewall for Security - Do not change this part @Update 03/2024
- # ----------------------------------------------------------------------
- # 8G FIREWALL v1.5 20250927
- # https://perishablepress.com/8g-firewall/
- # 8G:[CORE]
- ServerSignature Off
- Options -Indexes
- RewriteEngine On
- RewriteBase /
- SetEnv TZ Australia/Hobart
- Options +SymLinksIfOwnerMatch
- # ── Allow .well-known for SSL/ACME challenges ──────────────────────────────
- RewriteRule ^\.well-known/ - [L]
- <FilesMatch "(?i)\.(tpl|ini|log)$">
- Require all denied
- </FilesMatch>
- # Allow Robots.txt to pass through
- RewriteRule ^robots.txt - [L]
- RewriteCond %{REQUEST_METHOD} !^POST$
- RewriteRule ^index\.php$ / [R=301,L]
- Header set X-Frame-Options "SAMEORIGIN"
- Header set X-Content-Type-Options "nosniff"
- Header set Referrer-Policy "no-referrer"
- Header set X-Robots-Tag "index, follow"
- # ── Block all other dotfiles ───────────────────────────────────────────────
- #RewriteRule (?:^|/)\. - [F,L]
- # ── www → non-www (301) ────────────────────────────────────────────────────
- #RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
- #RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
- # ── Pass existing .php files directly (prevent vhost modX routing) ─────────
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
- RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
|
