Browse Source
🔀 Switch to HTTPS if HTTP request
Also copy a bunch of headers from another .htaccessmaster
1 changed files with 57 additions and 0 deletions
+ 57
- 0
theme/root/.htaccess
View File
| AddType image/x-icon .ico | |||||
| AddType font/truetype .ttf | |||||
| AddType application/x-font-woff .woff | |||||
| AddType application/x-font-woff2 .woff2 | |||||
| AddType video/mp4 .m4v | |||||
| AddType video/webm .webm | |||||
| AddDefaultCharset utf-8 | |||||
| AddHandler cgi-script .py | |||||
| Options All -Indexes +ExecCGI | |||||
| DirectoryIndex index.html index.xml index.py | |||||
| ExpiresActive On | |||||
| ExpiresDefault "access plus 2 hours" | |||||
| ExpiresByType text/html "access plus 2 hours" | |||||
| ExpiresByType image/ico "access plus 1 year" | |||||
| ExpiresByType image/icon "access plus 1 year" | |||||
| ExpiresByType image/x-icon "access plus 1 year" | |||||
| ExpiresByType image/jpg "access plus 1 year" | |||||
| ExpiresByType image/jpeg "access plus 1 year" | |||||
| ExpiresByType image/png "access plus 1 year" | |||||
| ExpiresByType image/gif "access plus 1 year" | |||||
| ExpiresByType text/css "access plus 1 month" | |||||
| ExpiresByType application/javascript "access plus 1 month" | |||||
| ExpiresByType font/truetype "access plus 1 year" | |||||
| ExpiresByType application/x-font-woff "access plus 1 year" | |||||
| ExpiresByType application/x-font-woff2 "access plus 1 year" | |||||
| <FilesMatch "\\.(html|htm|xml)$"> | |||||
| Header set Cache-Control "max-age=7200, public" | |||||
| </FilesMatch> | |||||
| <FilesMatch "\\.(ico|jpeg|jpg|png|gif)$"> | |||||
| Header set Cache-Control "max-age=31536000, public" | |||||
| </FilesMatch> | |||||
| <FilesMatch "\\.(js|css)$"> | |||||
| Header set Cache-Control "max-age=2592000, public" | |||||
| </FilesMatch> | |||||
| <FilesMatch "\\.(ttf|woff|woff2)$"> | |||||
| Header set Cache-Control "max-age=31536000, public" | |||||
| </FilesMatch> | |||||
| Header always set Strict-Transport-Security "max-age=31536000; preload" | |||||
| Header always set X-Frame-Options SAMEORIGIN | |||||
| Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src *" | |||||
| Header always set X-Content-Type-Options nosniff | |||||
| Header always set X-XSS-Protection "1; mode=block" | |||||
| Header always set Referrer-Policy "origin" | |||||
| Header unset ETag | |||||
| Header unset Server | |||||
| FileETag none | |||||
| RewriteEngine On | |||||
| RewriteCond %{HTTP:X-Forwarded-Proto} !https | |||||
| RewriteCond %{SERVER_NAME} =media.larlet.fr | |||||
| RewriteRule ^.* https://%{SERVER_NAME}%{REQUEST_URI} [R,L] | |||||
| Redirect 410 /wp-login.php | |||||
Loading…