Diff: STRATO-apps/wordpress_03/app/.htaccess_back_691c2c6b588cf
Keine Baseline-Datei – Diff nur gegen leer.
1
-
1
+
# Block the include-only files.
2
+
<IfModule mod_rewrite.c>
3
+
RewriteEngine On
4
+
# Clickjacking Protection
5
+
Header always set X-Frame-Options "SAMEORIGIN"
6
+
7
+
# Prevent Content-Type sniffing
8
+
Header always set X-Content-Type-Options "nosniff"
9
+
10
+
# HTTPS Strict Transport Security
11
+
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
12
+
13
+
# Basic Content Security Policy
14
+
Header always set Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';"
15
+
16
+
# Referrer Policy
17
+
Header always set Referrer-Policy "strict-origin-when-cross-origin"
18
+
19
+
# XSS Protection
20
+
Header always set X-XSS-Protection "1; mode=block"
21
+
22
+
RewriteBase /
23
+
RewriteRule ^wp-admin/includes/ - [F,L]
24
+
RewriteRule !^wp-includes/ - [S=3]
25
+
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
26
+
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
27
+
RewriteRule ^wp-includes/theme-compat/ - [F,L]
28
+
</IfModule>
29
+
<Files wp-config.php>
30
+
<IfModule !mod_authz_core.c>
31
+
order allow,deny
32
+
deny from all
33
+
</IfModule>
34
+
<IfModule mod_authz_core.c>
35
+
require all denied
36
+
</IfModule>
37
+
</Files>
38
+
39
+
# BEGIN WordPress
40
+
# Die Anweisungen (Zeilen) zwischen „BEGIN WordPress“ und „END WordPress“ sind
41
+
# dynamisch generiert und sollten nur über WordPress-Filter geändert werden.
42
+
# Alle Änderungen an den Anweisungen zwischen diesen Markierungen werden überschrieben.
43
+
<IfModule mod_rewrite.c>
44
+
RewriteEngine On
45
+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
46
+
RewriteBase /
47
+
RewriteRule ^index\.php$ - [L]
48
+
RewriteCond %{REQUEST_FILENAME} !-f
49
+
RewriteCond %{REQUEST_FILENAME} !-d
50
+
RewriteRule . /index.php [L]
51
+
</IfModule>
52
+
53
+
# END WordPress