|
1 2 3 4 5 6 |
*** Make sure your server enable reading htaccess in specific conf file, change "AllowOverride None" to "AllowOverride All" run "sudo a2enmod rewrite" run "sudo service apache2 restart"/"sudo systemctl restart apache2" |
|
1 2 3 4 5 6 |
RewriteEngine On RewriteBase / ## direct all http to https RewriteCond %{HTTP:X-Forwarded-Proto} =http RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent] |
|
1 2 3 4 5 |
RewriteEngine On ## rewrite query string to path RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^/?test/(.*?)/?$ /test.php?name=$1 [L] |
|
1 2 3 4 5 6 |
RewriteEngine On ## Block the file access RedirectMatch 403 ^/image/file$ RedirectMatch 403 ^/file.jpg$ RedirectMatch 403 ^/image/file.jpg$ |
|
1 2 3 4 5 |
RewriteEngine On ## Redirect weird URL to index ## e.g. www.abcdefg.com/folder/test.php/12345 RewriteRule ^(.*).php/(.*) /index.php [R=301,L] |
|
1 2 3 4 5 6 7 8 9 10 11 12 |
RewriteEngine On ## Normal Security Policy Header always append X-Frame-Options SAMEORIGIN // DENY | SAMEORIGIN | https://www.yourdomain.com Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options "nosniff" Header unset X-Forwarded-Host Header always set Content-Security-Policy "upgrade-insecure-requests;" Header set Access-Control-Allow-Origin "*" // * | https://www.yourdomain.com Header set Access-Control-Allow-Methods: "POST, GET" // PUT, POST, GET, OPTIONS, DELETE Header set Access-Control-Allow-Headers: "Oring, X-Requested-With, Content-Type, Authorization" // Oring, X-Requested-With, Content-Type, Accept, Authorization |