silverstripe-webpack/.htaccess

Header set X-Content-Security-Policy "allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self';"
Header always append X-Frame-Options SAMEORIGIN
ServerSignature Off
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

### SILVERSTRIPE START ###
# Deny access to templates (but allow from localhost)
<Files *.ss>
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1
</Files>

# Deny access to IIS configuration
<Files web.config>
	Order deny,allow
	Deny from all
</Files>

# Deny access to YAML configuration files which might include sensitive information
<Files *.yml>
	Order allow,deny
	Deny from all
</Files>

# Route errors to static pages automatically generated by SilverStripe
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html

<IfModule mod_rewrite.c>
	SetEnv HTTP_MOD_REWRITE On
	RewriteEngine On
	RewriteBase '/'

	# Deny access to potentially sensitive files and folders
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
	RewriteRule ^vendor(/|$) - [F,L,NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
	RewriteRule silverstripe-cache(/|$) - [F,L,NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
	RewriteRule composer\.(json|lock) - [F,L,NC]

	# Process through SilverStripe if no file with the requested name exists.
	# Pass through the original path as a query parameter, and retain the existing parameters.
	RewriteCond %{REQUEST_URI} ^(.*)$
	RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
	RewriteRule .* framework/main.php?url=%1 [QSA]
</IfModule>
### SILVERSTRIPE END ###

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^\.git - [F,L,NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule \.sql$ - [F,L,NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule \.editorconfig - [F,L,NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule error_log - [F,L,NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule Envoy\.blade\.php - [F,L,NC]
Mapbox API + SilverShop improvements 2018-08-26 12:46:03 +02:00			`Header set X-Content-Security-Policy "allow 'self'; media-src ; img-src ; script-src 'self' https://ajax.googleapis.com; style-src 'self';"`
			`Header always append X-Frame-Options SAMEORIGIN`
			`ServerSignature Off`
			`<ifModule mod_gzip.c>`
			`mod_gzip_on Yes`
			`mod_gzip_dechunk Yes`
			`mod_gzip_item_include file .(html?\|txt\|css\|js\|php\|pl)$`
			`mod_gzip_item_include handler ^cgi-script$`
			`mod_gzip_item_include mime ^text/.*`
			`mod_gzip_item_include mime ^application/x-javascript.*`
			`mod_gzip_item_exclude mime ^image/.*`
			`mod_gzip_item_exclude rspheader ^Content-Encoding:.gzip.`
			`</ifModule>`
			`<IfModule mod_expires.c>`
			`ExpiresActive On`
			`ExpiresByType image/jpg "access 1 year"`
			`ExpiresByType image/jpeg "access 1 year"`
			`ExpiresByType image/gif "access 1 year"`
			`ExpiresByType image/png "access 1 year"`
			`ExpiresByType text/css "access 1 month"`
			`ExpiresByType text/html "access 1 month"`
			`ExpiresByType application/pdf "access 1 month"`
			`ExpiresByType text/x-javascript "access 1 month"`
			`ExpiresByType application/x-shockwave-flash "access 1 month"`
			`ExpiresByType image/x-icon "access 1 year"`
			`ExpiresDefault "access 1 month"`
			`</IfModule>`

			`RewriteEngine On`
			`RewriteCond %{HTTPS} off`
			`RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]`
			`RewriteCond %{HTTP_HOST} !^www\.`
			`RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]`

			`### SILVERSTRIPE START ###`
			`# Deny access to templates (but allow from localhost)`
			`<Files *.ss>`
			`Order deny,allow`
			`Deny from all`
			`Allow from 127.0.0.1`
			`</Files>`

			`# Deny access to IIS configuration`
			`<Files web.config>`
			`Order deny,allow`
			`Deny from all`
			`</Files>`

			`# Deny access to YAML configuration files which might include sensitive information`
			`<Files *.yml>`
			`Order allow,deny`
			`Deny from all`
			`</Files>`

			`# Route errors to static pages automatically generated by SilverStripe`
			`ErrorDocument 404 /assets/error-404.html`
			`ErrorDocument 500 /assets/error-500.html`

			`<IfModule mod_rewrite.c>`
			`SetEnv HTTP_MOD_REWRITE On`
			`RewriteEngine On`
			`RewriteBase '/'`

			`# Deny access to potentially sensitive files and folders`
			`RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$`
			`RewriteRule ^vendor(/\|$) - [F,L,NC]`
			`RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$`
			`RewriteRule silverstripe-cache(/\|$) - [F,L,NC]`
			`RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$`
			`RewriteRule composer\.(json\|lock) - [F,L,NC]`

			`# Process through SilverStripe if no file with the requested name exists.`
			`# Pass through the original path as a query parameter, and retain the existing parameters.`
			`RewriteCond %{REQUEST_URI} ^(.*)$`
			`RewriteCond %{REQUEST_FILENAME} !-f`
			`RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$`
			`RewriteRule .* framework/main.php?url=%1 [QSA]`
			`</IfModule>`
			`### SILVERSTRIPE END ###`

			`RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$`
			`RewriteRule ^\.git - [F,L,NC]`
			`RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$`
			`RewriteRule \.sql$ - [F,L,NC]`
			`RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$`
			`RewriteRule \.editorconfig - [F,L,NC]`
			`RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$`
			`RewriteRule error_log - [F,L,NC]`
			`RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$`
			`RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$`
			`RewriteRule Envoy\.blade\.php - [F,L,NC]`