47 lines
1.3 KiB
ApacheConf
47 lines
1.3 KiB
ApacheConf
# Enable rewrite engine
|
|
RewriteEngine On
|
|
|
|
# Force HTTPS (handled by Pangolin/Cloudflare, but just in case)
|
|
# RewriteCond %{HTTPS} off
|
|
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
|
|
|
# Remove trailing slashes (except for directories)
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteRule ^(.*)/$ /$1 [L,R=301]
|
|
|
|
# Security headers
|
|
<IfModule mod_headers.c>
|
|
Header set X-Content-Type-Options "nosniff"
|
|
Header set X-Frame-Options "SAMEORIGIN"
|
|
Header set X-XSS-Protection "1; mode=block"
|
|
Header set Referrer-Policy "strict-origin-when-cross-origin"
|
|
</IfModule>
|
|
|
|
# Prevent directory listing
|
|
Options -Indexes
|
|
|
|
# Block access to hidden files
|
|
<FilesMatch "^\.">
|
|
Require all denied
|
|
</FilesMatch>
|
|
|
|
# Cache static assets
|
|
<IfModule mod_expires.c>
|
|
ExpiresActive On
|
|
ExpiresByType text/css "access plus 1 month"
|
|
ExpiresByType application/javascript "access plus 1 month"
|
|
ExpiresByType image/jpeg "access plus 1 year"
|
|
ExpiresByType image/png "access plus 1 year"
|
|
ExpiresByType image/svg+xml "access plus 1 year"
|
|
ExpiresByType image/webp "access plus 1 year"
|
|
ExpiresByType font/woff2 "access plus 1 year"
|
|
</IfModule>
|
|
|
|
# Gzip compression
|
|
<IfModule mod_deflate.c>
|
|
AddOutputFilterByType DEFLATE text/html text/css application/javascript text/plain application/json image/svg+xml
|
|
</IfModule>
|
|
|
|
# Custom error pages
|
|
ErrorDocument 404 /404.php
|