/ Published in: Apache
*UPDATE- Major Revision. Included this htaccess file into my repository called 'Server-side Boilerplate' to be used alongside the HTML5 Boilerplate. Located at https://github.com/codeclarity/Server-Side-Boilerplate*
This is a basic .htaccess file for Apache. I have commented off certain sections for Gzip and File Type Compression, Basic Template for ReWrites and Web Font control, plus Cache-Control. *Updated* Includes Auto Encode to UTF-8 and Mobile Detection.
This is a basic .htaccess file for Apache. I have commented off certain sections for Gzip and File Type Compression, Basic Template for ReWrites and Web Font control, plus Cache-Control. *Updated* Includes Auto Encode to UTF-8 and Mobile Detection.
Expand |
Embed | Plain Text
Copy this code and paste it in your HTML
# Complete .htaccess # @author Joshua Canfield (Code Clarity) # @url http://forr.st/~DCW # @license The PostgreSQL Licence (PostgreSQL) # Copyright (c) 2011-2012, Code Clarity (Joshua Canfield) <www.icodeclarity.com> # # Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a written agreement is # hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs appear in all copies. # # IN NO EVENT SHALL CODE CLARITY (Joshua Canfield) BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, # ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF $ORGANISATION HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # CODE CLARITY (Joshua Canfield) SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND # FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND CODE CLARITY (Joshua Canfield) HAS NO OBLIGATIONS TO # PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # Thanks to Code-Kickoff (http://www.codekickoff.com/), yourdomain.org, @Zywigby (Charlie Key - http://forr.st/~IG8) and others. # (If you see your code snippets, please notify me.) ## Basic Settings # (Allowing Execution of CGI Scripts, Following Symbolic Links and Not Allowing Public Viewing of Folders without an Index file) Options +execCGI +FollowSymLinks Options All -Indexes ## Basic Error Documents # (Will add more soon. I typically have all error messages filter through a PHP file and use 404.php to display the error and direct the user) ErrorDocument 404 /404.php ErrorDocument 401 /404.php ErrorDocument 403 /404.php ErrorDocument 500 /404.php ## Restrict Access to Domain/Folder by Order and Allow # (My current setup blocks known spammers that have DDoS Attacked me recently. Remove deny rules if needed) order allow,deny deny from 205.203.134.197 deny from 109.230.246.24 deny from 85.17.26.202 deny from 85.17.26.196 deny from 109.230.246.* allow from all #3 Remove ETags (To learn more visit http://developer.yahoo.com/performance/rules.html#etags) Header unset ETag FileETag None ## Use standardized UTF-8 for text/plain or text/html AddDefaultCharset utf-8 ## Force UTF-8 Character Set for specific File Types AddCharset utf-8 .html .css .js .xml .json .rss DefaultLanguage en-US ## htaccess for mod_php # SetEnv PHPRC /location/todir/containing/phpinifile ## htaccess for PHP as CGI # AddHandler php-cgi .php .htm # Action php-cgi /cgi-bin/php5.cgi ## Disallow Script Execution # Options -ExecCGI # AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi ## Redirect Mobile Browser Accessing /siteurltoredirect # RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC] # RewriteRule ^yourdomain.com$ http://mobile.yourdomain.com [R,L] ## Gzip and Compression # (Ref1) Add custom mime type, to be able to use it in the 'AddOutputFilterByType' declaration (gzip font-face files: http://www.phpied.com/gzip-your-font-face-files/) # (Ref2) Proper svg serving. Required for svg webfonts on iPad (http://twitter.com/FontSquirrel/status/14855840545) # (Ref3) Apache 1.3 uses mod_gzip while Apache 2.x uses mod_deflate (http://httpd.apache.org/docs/2.0/mod/mod_deflate.html) # (Ref4) Enable the compression (gzip) for any type of content SetOutputFilter DEFLATE Or (alternatively) define which filetypes should pass through the DEFLATE output filter (gzip compression) # (Ref5) Turn-off (or restrict) compression to files of type text/html for known problematic web browsers # (Ref6) File types not to be compressed # (Ref7) Make sure proxies don't deliver the wrong content # (Ref8) Allow access from all domains for webfonts (alternatively you could only whitelist your subdomains like "sub.domain.com") <IfModule mod_headers.c> <IfModule mod_mime.c> #Ref1 AddType application/vnd.ms-fontobject .eot AddType font/truetype .ttf AddType font/opentype .otf AddType font/woff .woff AddType image/svg+xml svg svgz #Ref2 AddEncoding gzip svgz </IfModule> <IfModule mod_deflate.c> #Ref3 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json #Ref4 <FilesMatch "\.(ttf|otf|woff|eot|svg|svgz)$" > SetOutputFilter DEFLATE </FilesMatch> BrowserMatch ^Mozilla/4 gzip-only-text/html #Ref5 BrowserMatch ^Mozilla/4\.0[678] no-gzip ## BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48 the above regex won't work. You can use the following workaround to get the desired effect: BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary #Ref6 SetEnvIfNoCase Request_URI \.(?:swf|flv|pdf)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:avi|mov)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:mp3|mp4)$ no-gzip dont-vary Header append Vary User-Agent env=!dont-vary #Ref7 </IfModule> <FilesMatch "\.(ttf|otf|eot|woff|font.css)$"> #Ref8 Header set Access-Control-Allow-Origin "*" </FilesMatch> </IfModule> ## Setup Custom Headers # Header set P3P "policyref=\"http://www.yourdomain.com/w3c/p3p.xml\"" # Header set X-Pingback "http://www.yourdomain.com/xmlrpc.php" # Header set Content-Language "en-US" # Header set Vary "Accept-Encoding" ## Force the latest IE version, in various cases when it may fall back to IE7 mode. (http://github.com/rails/rails/commit/123eb25#commitcomment-118920) # Use ChromeFrame if it's installed for a better experience for the poor IE folk <IfModule mod_setenvif.c> <IfModule mod_headers.c> BrowserMatch MSIE ie Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie </IfModule> </IfModule> ## Add values from HTTP Headers # SetEnvIfNoCase ^If-Modified-Since$ "(.+)" HTTP_IF_MODIFIED_SINCE=$1 # SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1 # SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1 # SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1 # SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1 # SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 # SetEnvIfNoCase ^Cookie$ "(.+)" HTTP_MY_COOKIE=$1 ## Allow combination of Javascript and CSS Stylesheets # ie. Inside of script.combined.js you could have # <!--#include file="jquery-1.4.2.js" --> # <!--#include file="jquery.idletimer.js" --> # and they would be included into this single file this is not in use in the boilerplate as it stands. you may choose to name your files in this way for this advantage or concatenate and minify them manually. # Disabled by default. # # <FilesMatch "\.combined\.(js|css)$"> # Options +Includes # SetOutputFilter INCLUDES # </FilesMatch> ## Setup Cache-Control and Expires by File Types <IfModule mod_expires.c> <FilesMatch "\.(gif|jpg|jpeg|png|swf|flv|pdf|ico|avi|mov|ppt|doc|mp3|wmv|wav|txt|css|js|html?|php|xml|eot|ttf|otf|woff)$"> ExpiresActive On Header unset Last-Modified Header set Expires "Fri, 21 Dec 2013 00:00:00 GMT" Header set Cache-Control "public, no-transform" ExpiresDefault "access plus 1 year" FileETag Size </FilesMatch> <FilesMatch "\.(gif|jpg|jpeg|png|swf|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|txt|eot|ttf|otf|woff)$"> Header append Cache-Control: public </FilesMatch> <FilesMatch "\.(css|js|html?|php|xml)$"> Header append Cache-Control: private </FilesMatch> </IfModule> ## Caching by Content Type using mod_expires.c <IfModule mod_expires.c> ExpiresActive On ExpiresDefault A86400 ExpiresByType image/x-icon A2592000 ExpiresByType application/x-javascript A2592000 ExpiresByType text/css A2592000 ExpiresByType image/gif A604800 ExpiresByType image/png A604800 ExpiresByType image/jpeg A604800 ExpiresByType text/plain A604800 ExpiresByType application/x-shockwave-flash A604800 ExpiresByType video/x-flv A604800 ExpiresByType application/pdf A604800 ExpiresByType text/html A900 </IfModule> ## Cache-Control by File Type <FilesMatch "\.(flv|gif|jpg|jpeg|png|ico|swf)$"> Header set Cache-Control "max-age=7257600" # 3 Months </FilesMatch> <FilesMatch "\.(js|css|pdf|txt)$"> Header set Cache-Control "max-age=604800" # 1 Week </FilesMatch> <FilesMatch "\.(html|htm)$"> Header set Cache-Control "max-age=600" # 10 Minutes </FilesMatch> <FilesMatch "\.(pl|php|cgi|spl)$"> Header unset Cache-Control Header unset Expires Header unset Last-Modified FileETag None Header unset Pragma # No Caching </FilesMatch> ## Redirect old links or pages using 301 # <IfModule mod_rewrite.c> # RewriteEngine On # RewriteBase / # RewriteRule ^somedirectory/(.*)$ http://yourdomain.com/page.php [L,R=301] # Redirect Directory to Specific Page # RewriteRule ^page.html$ http://www.yourdomain.com/newpage.php [L,R=301] # Redirect Specific Page to Specific Page # </IfModule> ## Alternative Redirection # Redirect 301 / http://www.yourdomain.com # RedirectMatch 301 /blog(.*) /$1 # RedirectMatch 302 ^/ /temporary-offline.html RedirectMatch 301 ^/(.*)$ http://www.yourdomain.com/$1 ## Protect your php.ini # (http://www.askapache.com/htaccess/htaccess.html#mod_rewrite-examples) # <FilesMatch "^php5?\.(ini|cgi)$"> # Order Deny,Allow # Deny from All # Allow from env=REDIRECT_STATUS # </FilesMatch> ## Deny Request Methods # (http://www.askapache.com/htaccess/htaccess.html#mod_rewrite-examples) # RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|OPTIONS|POST|PUT) # RewriteRule .* - [F] ## Refuse Hotlinking of Files and Images # RewriteCond %{HTTP_REFERER} !^$ # RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC] # RewriteRule \.(gif|jpg|swf|flv|png)$ http://www.yourdomain.com/feed.gif [R=302,L] ## Alternative Hotlinking Fix # RewriteCond %{HTTP_REFERER} !^$ # RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC] # RewriteCond %{HTTP_REFERER} !^http://www.askapache.com.*$ [NC] # RewriteRule \.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$ - [F,NS,L] ## Redirect Bad Bots and Spammers <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTP_USER_AGENT} ^(aesop_com_spiderman|alexibot|backweb|bandit|batchftp|bigfoot) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(black.?hole|blackwidow|blowfish|botalot|buddy|builtbottough|bullseye) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(cheesebot|cherrypicker|chinaclaw|collector|copier|copyrightcheck) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(cosmos|crescent|curl|custo|da|diibot|disco|dittospyder|dragonfly) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(drip|easydl|ebingbong|ecatch|eirgrabber|emailcollector|emailsiphon) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(emailwolf|erocrawler|exabot|eyenetie|filehound|flashget|flunky) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(frontpage|getright|getweb|go.?zilla|go-ahead-got-it|gotit|grabnet) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(grafula|harvest|hloader|hmview|httplib|httrack|humanlinks|ilsebot) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(infonavirobot|infotekies|intelliseek|interget|iria|jennybot|jetcar) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(joc|justview|jyxobot|kenjin|keyword|larbin|leechftp|lexibot|lftp|libweb) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(likse|linkscan|linkwalker|lnspiderguy|lwp|magnet|mag-net|markwatch) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(mata.?hari|memo|microsoft.?url|midown.?tool|miixpc|mirror|missigua) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(mister.?pix|moget|mozilla.?newt|nameprotect|navroad|backdoorbot|nearsite) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(net.?vampire|netants|netcraft|netmechanic|netspider|nextgensearchbot) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(attach|nicerspro|nimblecrawler|npbot|octopus|offline.?explorer) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(offline.?navigator|openfind|outfoxbot|pagegrabber|papa|pavuk) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(pcbrowser|php.?version.?tracker|pockey|propowerbot|prowebwalker) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(psbot|pump|queryn|recorder|realdownload|reaper|reget|true_robot) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(repomonkey|rma|internetseer|sitesnagger|siphon|slysearch|smartdownload) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(snake|snapbot|snoopy|sogou|spacebison|spankbot|spanner|sqworm|superbot) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(superhttp|surfbot|asterias|suzuran|szukacz|takeout|teleport) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(telesoft|the.?intraformant|thenomad|tighttwatbot|titan|urldispatcher) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(turingos|turnitinbot|urly.?warning|vacuum|vci|voideye|whacker) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(libwww-perl|widow|wisenutbot|wwwoffle|xaldon|xenu|zeus|zyborg|anonymouse) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^web(zip|emaile|enhancer|fetch|go.?is|auto|bandit|clip|copier|master|reaper|sauger|site.?quester|whack) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^.*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures).*$ [NC] RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus </IfModule> ## Block Common Exploits # *Caution* These fixes can break plugins and modules. Use with caution please. # RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC] # RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR] # RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR] # RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR] # RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR] # RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC] # RewriteRule .* - [F,NS,L] ## Forbid Proxy Servers # RewriteCond %{REQUEST_METHOD} =POST # RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR] # RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$ # RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC] # RewriteRule .* - [F,NS,L]
URL: http://forr.st/~DCW