92 lines
3.3 KiB
ApacheConf
92 lines
3.3 KiB
ApacheConf
# Prevent access to .htaccess
|
|
<Files ~ "^.*\.([Hh][Tt][Aa]|[Pp][Yy])">
|
|
Require all denied
|
|
</Files>
|
|
|
|
# Redirecting HTTP traffic to HTTPS. (Keep commented on localhost !)
|
|
# This is handled by other services, but it should still be enabled in production just to be safe.
|
|
#RewriteEngine On
|
|
#RewriteCond %{SERVER_PORT} 80
|
|
#RewriteRule ^(.*)$ https://nibblepoker.lu/$1 [R,L]
|
|
|
|
# Fixing some encoding issues on non-HTML files.
|
|
# Mostly affects the old privacy policies written in french.
|
|
AddCharset utf-8 .css .txt .js .md .ts .mjs
|
|
#<Files ~ "\.txt?$">
|
|
# Header set Content-Type "text/plain; charset=utf-8"
|
|
#</Files>
|
|
#AddDefaultCharset utf-8
|
|
|
|
# Adding MIME types
|
|
AddType text/typescript .ts
|
|
AddType text/javascript .js
|
|
AddType text/javascript .mjs
|
|
AddType application/wasm .wasm
|
|
|
|
# Correcting some default options for security and language/content redirection.
|
|
# FollowSymlinks is also on since it's required for "mod_rewrite" and the server is jailed.
|
|
Options -Indexes +FollowSymlinks -ExecCGI
|
|
ServerSignature Off
|
|
|
|
# Serving minified pages and/or pre-rendered ones first if available.
|
|
DirectoryIndex index.min.html index.min.php index.php index.html
|
|
|
|
# Custom error pages.
|
|
ErrorDocument 403 /error.php
|
|
ErrorDocument 404 /error.php
|
|
|
|
# Setting up browser's caching rules
|
|
# See:
|
|
# * https://stackoverflow.com/a/13029007
|
|
# * https://www.a2hosting.com/kb/developer-corner/apache-web-server/turning-off-caching-using-htaccess
|
|
|
|
# Default: 12 hours
|
|
##Header set Cache-Control "max-age=43200, public, must-revalidate"
|
|
|
|
# Static files: 1 Week
|
|
<FilesMatch "\.(?i:gif|jpe?g|png|ico|svg|woff2|ttf|woff|otf)$">
|
|
Header set Cache-Control "max-age=604800, public, must-revalidate"
|
|
</FilesMatch>
|
|
|
|
# Semi-static files: 1 Day
|
|
##<FilesMatch "\.(?i:css|js|mjs)$">
|
|
## Header set Cache-Control "max-age=86400, public, must-revalidate"
|
|
##</FilesMatch>
|
|
|
|
# Disabling some caching rules for debugging
|
|
#Header set Pragma "no-cache"
|
|
#Header set Expires 0
|
|
|
|
# Setting up GZIP
|
|
<ifModule mod_gzip.c>
|
|
mod_gzip_on Yes
|
|
mod_gzip_dechunk Yes
|
|
mod_gzip_item_include file \.(html?|txt|css|js|mjs|php|pl)$
|
|
mod_gzip_item_include handler ^cgi-script$
|
|
mod_gzip_item_include mime ^text/.*
|
|
mod_gzip_item_include mime ^application/x-javascript.*
|
|
mod_gzip_item_exclude mime ^image/.*
|
|
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
|
|
</ifModule>
|
|
|
|
# # # Setting some headers for security.
|
|
# # #Header always set X-Detected-Country "NK"
|
|
Header always set X-Frame-Options "deny"
|
|
# # Header always set Content-Security-Policy "default-src 'self' files.nibblepoker.lu; img-src 'self' files.nibblepoker.lu data:; object-src 'none'; child-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content"
|
|
Header always set X-XSS-Protection " 1; mode=block"
|
|
Header always set Referrer-Policy "no-referrer"
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
#Header always set Cache-Control "max-age=300, public"
|
|
Header always set Access-Control-Allow-Origin "*"
|
|
Header unset X-Powered-By
|
|
#Header always set X-Powered-By "Amiga 1200, Kickstart 3.1"
|
|
Header always set Permissions-Policy "browsing-topics=(), interest-cohort=()"
|
|
|
|
# Handling all other redirections.
|
|
RewriteEngine On
|
|
|
|
# Languages. (Does not work with a regex)
|
|
RewriteRule ^en/(.*)$ /$1 [QSA]
|
|
RewriteRule ^fr/(.*)$ /$1 [QSA]
|