| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- # ----------------------------------------------------------------------
- # | 8G Firewall for Security - Do not change this part @Update 03/2024
- # ----------------------------------------------------------------------
- # 8G FIREWALL v1.5 20250927
- # https://perishablepress.com/8g-firewall/
- # 8G:[CORE]
- ServerSignature Off
- Options -Indexes
- RewriteEngine On
- RewriteBase /
- SetEnv TZ Australia/Hobart
- Options +SymLinksIfOwnerMatch
- <FilesMatch "(?i)\.(tpl|ini|log)$">
- Require all denied
- </FilesMatch>
- # Allow Robots.txt to pass through
- RewriteRule ^robots.txt - [L]
- RewriteCond %{REQUEST_URI} !^(/\.well-known)
- RewriteCond %{QUERY_STRING} ^route=common/home$
- RewriteCond %{REQUEST_METHOD} !^POST$
- RewriteRule ^index\.php$ http://%{HTTP_HOST}? [R=301,L]
- # ── Block all other dotfiles ───────────────────────────────────────────────
- RewriteRule (?:^|/)\. - [F,L]
- # ── www → non-www (301) ────────────────────────────────────────────────────
- RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
- RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
- # ── Pass existing files and directories directly ─────────────────────────────
- RewriteCond %{REQUEST_FILENAME} -f [OR]
- RewriteCond %{REQUEST_FILENAME} -d
- RewriteRule ^ - [L]
- # ── Pass dashboard, login, controllers and other migrated paths directly ──────
- # (prevents the modX vhost catch-all from intercepting these requests)
- RewriteRule ^(dashboard|login|controllers|api|components|layouts|config|lib|pdf-files|client-assets|vendor)(/|$) - [L]
|
