# ---------------------------------
# | Block IP Addresses
# ---------------------------------
order allow,deny
deny from 11.22.33.44
deny from 22.33.44.
# OPERA VPN
deny from 77.111.244.
deny from 77.111.245.
deny from 77.111.246.
deny from 77.111.247.
# CENSYS SCANNER
deny from 74.120.14.
deny from 162.142.125.
deny from 167.248.133.
deny from 192.35.168.
allow from all
# ---------------------------------
# | Block & Redirect IP Addresses
# ---------------------------------
RewriteCond %{REMOTE_ADDR} ^11\.22\.33\.44 [OR]
RewriteCond %{REMOTE_ADDR} ^22\.33\.44\.55 [OR]
RewriteCond %{REMOTE_ADDR} ^33\.44\.55\.66
RewriteRule ^/* https://www.google.com [R=301,L]
# ---------------------------------
# | Block & Redirect referring URLs
# ---------------------------------
RewriteCond %{HTTP_REFERER} .*somedodgywebsite.com.*$ [OR]
RewriteCond %{HTTP_REFERER} .*someotherdodgywebsite.com.*$
RewriteRule ^(.*)$ https://google.com [R=301,L]
# ---------------------------------
# | 301 Redirects
# ---------------------------------
#RewriteCond %{ENV:REDIRECT_STATUS} !^401$
#RewriteRule ^old_url.html$ http://www.example.com/new_url.html [R=301,L]
# ---------------------------------
# | Security Headers - Scan at https://securityheaders.com
# | Use with caution, errors can break your store!
# | https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
# | https://content-security-policy.com/examples/
# | https://report-uri.com/home/generate
# ---------------------------------
Header set Connection keep-alive
Header always unset X-Powered-By
Header unset ETag
Header unset Last-Modified
# These need to be tailored for your individual site...
#Header set X-XSS-Protection "1; mode=block"
#Header set X-Content-Type-Options nosniff
#Header always append X-Frame-Options SAMEORIGIN
#Header set Referrer-Policy "same-origin"
#Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
#Header set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"
#Header add Content-Security-Policy "default-src 'self';"
#Header set Permissions-Policy: geolocation=(self "https://www.example.com"), microphone=()
FileETag None
# ---------------------------------
# | Disable Directory Indexes
# ---------------------------------
Options -MultiViews
# ---------------------------------
# | Optional force HTTPS
# ---------------------------------
#
#RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#
# ---------------------------------
# | Optional suppress or force .www to prevent duplicate content
# | WARNING: Use only one option below, not both!
# ---------------------------------
# OPTION 1) SUPPRESS WWW.
#
#RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
#RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]
#
# OPTION 2) FORCE WWW.
#
#RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTP_HOST} !^www\. [NC]
#RewriteCond %{SERVER_ADDR} !=127.0.0.1
#RewriteCond %{SERVER_ADDR} !=::1
#RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#
# ---------------------------------
# | Block access to sensitive folders
# ---------------------------------
#RedirectMatch permanent ^.*/.pgp/.*$ https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/patch.*$ https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/sql/.*$ https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/schemes/.*$ https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/skin_backup/.*$ https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/Smarty.*$ https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/upgrade/.*$ https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/var/.*$ https://www.example.com/error_message.php
# ---------------------------------
# | Block access to sensitive file types
# ---------------------------------
#RedirectMatch permanent ^.*.(ini|tpl|sql|log|conf|bak)$ https://www.example.com/error_message.php
# ---------------------------------
# | Block access to sensitive files
# ---------------------------------
#RedirectMatch permanent ^.*/COPYRIGHT https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/CHANGELOG https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/INSTALL.*$ https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/NEW.*$ https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/README https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/UPGRADE.*$ https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/VERSION https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/include/version.php https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/config.php https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/top.inc.php https://www.example.com/error_message.php
#RedirectMatch permanent ^.*/install.php$ https://www.example.com/error_message.php
# ---------------------------------
# | Enable Compression
# ---------------------------------
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
AddType text/css .css
AddType text/x-component .htc
AddType application/x-javascript .js
AddType application/javascript .js2
AddType text/javascript .js3
AddType text/x-js .js4
AddType text/html .html .htm
AddType text/richtext .rtf .rtx
AddType image/svg+xml .svg
AddType text/plain .txt
AddType text/xsd .xsd
AddType text/xsl .xsl
AddType text/xml .xml
AddType video/asf .asf .asx .wax .wmv .wmx
AddType video/avi .avi
AddType image/bmp .bmp
AddType application/java .class
AddType video/divx .divx
AddType application/msword .doc .docx
AddType application/vnd.ms-fontobject .eot
AddType application/x-msdownload .exe
AddType image/gif .gif
AddType application/x-gzip .gz .gzip
AddType image/x-icon .ico
AddType image/jpeg .jpg .jpeg .jpe
AddType image/webp .webp
AddType application/json .json
AddType application/vnd.ms-access .mdb
AddType audio/midi .mid .midi
AddType video/quicktime .mov .qt
AddType audio/mpeg .mp3 .m4a
AddType video/mp4 .mp4 .m4v
AddType video/mpeg .mpeg .mpg .mpe
AddType video/webm .webm
AddType application/vnd.ms-project .mpp
AddType application/x-font-otf .otf
AddType application/vnd.ms-opentype ._otf
AddType application/vnd.oasis.opendocument.database .odb
AddType application/vnd.oasis.opendocument.chart .odc
AddType application/vnd.oasis.opendocument.formula .odf
AddType application/vnd.oasis.opendocument.graphics .odg
AddType application/vnd.oasis.opendocument.presentation .odp
AddType application/vnd.oasis.opendocument.spreadsheet .ods
AddType application/vnd.oasis.opendocument.text .odt
AddType audio/ogg .ogg
AddType application/pdf .pdf
AddType image/png .png
AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
AddType audio/x-realaudio .ra .ram
AddType image/svg+xml .svg .svgz
AddType application/x-shockwave-flash .swf
AddType application/x-tar .tar
AddType image/tiff .tif .tiff
AddType application/x-font-ttf .ttf .ttc
AddType application/vnd.ms-opentype ._ttf
AddType audio/wav .wav
AddType audio/wma .wma
AddType application/vnd.ms-write .wri
AddType application/font-woff .woff
AddType application/font-woff2 .woff2
AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
AddType application/zip .zip
# ---------------------------------
# | Leverage Browser Caching
# ---------------------------------
ExpiresActive On
ExpiresDefault "access plus 1 week"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType application/rdf+xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/json "access plus 30 seconds"
ExpiresByType application/ld+json "access plus 0 seconds"
ExpiresByType application/schema+json "access plus 0 seconds"
ExpiresByType application/vnd.geo+json "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType image/vnd.microsoft.icon "access plus 1 month"
ExpiresByType text/html "access plus 1 minute"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 months"
ExpiresByType application/x-javascript "access plus 1 months"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/svg "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType image/bmp "access plus 1 month"
ExpiresByType image/webp "access plus 1 month"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
ExpiresByType text/plain "access plus 1 month"
ExpiresByType text/x-component "access plus 1 month"
ExpiresByType application/manifest+json "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType font/eot "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/font-woff2 "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType font/woff "access plus 1 month"