Sfoglia il codice sorgente

🔀 Switch to HTTPS if HTTP request

Also copy a bunch of headers from another .htaccess
master
David Larlet 2 anni fa
parent
commit
3b17109469
1 ha cambiato i file con 57 aggiunte e 0 eliminazioni
  1. 57
    0
      theme/root/.htaccess

+ 57
- 0
theme/root/.htaccess Vedi File

@@ -0,0 +1,57 @@
AddType image/x-icon .ico
AddType font/truetype .ttf
AddType application/x-font-woff .woff
AddType application/x-font-woff2 .woff2
AddType video/mp4 .m4v
AddType video/webm .webm
AddDefaultCharset utf-8
AddHandler cgi-script .py
Options All -Indexes +ExecCGI
DirectoryIndex index.html index.xml index.py

ExpiresActive On
ExpiresDefault "access plus 2 hours"
ExpiresByType text/html "access plus 2 hours"
ExpiresByType image/ico "access plus 1 year"
ExpiresByType image/icon "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType font/truetype "access plus 1 year"
ExpiresByType application/x-font-woff "access plus 1 year"
ExpiresByType application/x-font-woff2 "access plus 1 year"

<FilesMatch "\\.(html|htm|xml)$">
Header set Cache-Control "max-age=7200, public"
</FilesMatch>
<FilesMatch "\\.(ico|jpeg|jpg|png|gif)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>
<FilesMatch "\\.(js|css)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
<FilesMatch "\\.(ttf|woff|woff2)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>

Header always set Strict-Transport-Security "max-age=31536000; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src *"
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "origin"
Header unset ETag
Header unset Server
FileETag none

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{SERVER_NAME} =media.larlet.fr
RewriteRule ^.* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Redirect 410 /wp-login.php


Loading…
Annulla
Salva