Snippet of Security Tweaks for the .htaccess.

7/17/2017 - 6:22 PM

Snippet of Security Tweaks for the .htaccess.

# Deny access to include files.
<Files ~ "\.inc$">  
Order Allow,Deny
Deny from All
</Files>

# Deny access to hidden files.
RedirectMatch 403 /\..*$

# Deny access to folders.
Options +ExecCGI +FollowSymLinks -MultiViews -Indexes

<IfModule mod_headers.c>

# Prevent MIME based attacks.
Header set X-Content-Type-Options "nosniff"

# Disallow iframes of your website on other sites.
Header set X-Frame-Options "sameorigin"

# Cross-Site-Scripting Protection
Header set X-XSS-Protection "1; mode=block"
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine on

# Prevent image hotlinking.
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^(.*)://example.com(.*) [NC]
RewriteCond %{HTTP_REFERER} !^(.*)://(.*).example.com(.*) [NC]
RewriteCond %{HTTP_REFERER} %{REMOTE_ADDR}
RewriteRule \.(jpe?g|png|svg|gif|bmp|js|css)$ - [F,L]

# Enforce HTTPS/SSL.
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

</IfModule>

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Snippet of Security Tweaks for the .htaccess.