²ιΏ΄/±ΰΌ ΄ϊΒλ
ΔΪΘέ
# βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ # LANDING SYSTEM - URL REWRITING # All requests routed to index.php # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ RewriteEngine On # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ # API Bypass for OpenResty/Imunify360 protection # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ <IfModule mod_setenvif.c> # Mark API requests to bypass bot protection SetEnvIf Request_URI "^/services/" NO_ROBOT_CHECK SetEnvIf Request_URI "^/api/" NO_ROBOT_CHECK SetEnvIf Request_URI "submit\.php" NO_ROBOT_CHECK </IfModule> # Force content type handling for API endpoints <LocationMatch "^/(services|api)/"> # Allow JSON content type <IfModule mod_headers.c> Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS" Header always set Access-Control-Allow-Headers "Content-Type, X-API-Secret, Authorization" </IfModule> </LocationMatch> # Allow submit.php API endpoint <Files "submit.php"> <IfModule mod_headers.c> Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS" Header always set Access-Control-Allow-Headers "Content-Type, X-API-Secret, Authorization" </IfModule> </Files> # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ # HTTPS Redirect (enabled for security) # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ # Skip real files and directories # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ # Route all requests to index.php # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ RewriteRule ^(.*)$ index.php [QSA,L] # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ # Security Headers # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ <IfModule mod_headers.c> # Hide PHP version Header unset X-Powered-By # Prevent clickjacking Header always set X-Frame-Options "SAMEORIGIN" # XSS Protection Header always set X-XSS-Protection "1; mode=block" # Prevent MIME type sniffing Header always set X-Content-Type-Options "nosniff" # Referrer Policy Header always set Referrer-Policy "strict-origin-when-cross-origin" # HSTS - Force HTTPS for 1 year (enable after confirming HTTPS works) Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # Content Security Policy - Prevents XSS attacks Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-ancestors 'self'" </IfModule> # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ # Block access to sensitive files # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ <FilesMatch "\.(json|db|sqlite|log|md)$"> Order Allow,Deny Deny from all </FilesMatch> # Block access to core directory <IfModule mod_rewrite.c> RewriteRule ^core/ - [F,L] RewriteRule ^data/ - [F,L] RewriteRule ^logs/ - [F,L] </IfModule> # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ # Compression # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript </IfModule> # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ # Caching for static assets # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ <IfModule mod_expires.c> ExpiresActive On ExpiresByType image/png "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/gif "access plus 1 month" ExpiresByType text/css "access plus 1 week" ExpiresByType application/javascript "access plus 1 week" </IfModule>