55 lines
1.9 KiB
Plaintext
55 lines
1.9 KiB
Plaintext
<IfModule mod_rewrite.c>
|
|
<IfModule mod_negotiation.c>
|
|
Options -MultiViews -Indexes
|
|
</IfModule>
|
|
|
|
RewriteEngine On
|
|
|
|
# Redirect to https
|
|
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
|
|
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,N]
|
|
|
|
<IfModule mod_headers.c>
|
|
# Activate HSTS
|
|
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;"
|
|
|
|
Header always set Referrer-Policy "no-referrer"
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
Header always set X-Download-Options "noopen"
|
|
Header always set X-Frame-Options "SAMEORIGIN"
|
|
Header always set X-Permitted-Cross-Domain-Policies "none"
|
|
Header always set X-Robots-Tag "none"
|
|
Header always set X-XSS-Protection "1; mode=block"
|
|
|
|
# Assets expire after 1 month
|
|
<filesMatch ".(css|js|json|woff2?|ttf|eot|svg)$">
|
|
Header set Cache-Control "public, max-age=2628000"
|
|
</filesMatch>
|
|
</IfModule>
|
|
|
|
# Handle Authorization Header
|
|
RewriteCond %{HTTP:Authorization} .
|
|
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
|
|
|
# Redirect .well-known urls (https://en.wikipedia.org/wiki/List_of_/.well-known/_services_offered_by_webservers)
|
|
RewriteCond %{REQUEST_URI} .well-known/carddav
|
|
RewriteRule ^ /dav/ [L,R=301,N]
|
|
|
|
RewriteCond %{REQUEST_URI} .well-known/caldav
|
|
RewriteRule ^ /dav/ [L,R=301,N]
|
|
|
|
RewriteCond %{REQUEST_URI} .well-known/security.txt
|
|
RewriteRule ^ /security.txt [L,R=301,N]
|
|
|
|
# Redirect Trailing Slashes If Not A Folder...
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteCond %{REQUEST_FILENAME} !dav/*
|
|
RewriteCond %{REQUEST_URI} (.+)/$
|
|
RewriteRule ^ %1 [L,R=301]
|
|
|
|
# Handle Front Controller...
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteRule ^ index.php [L]
|
|
</IfModule>
|