Last active
December 5, 2024 01:43
-
-
Save nasrulhazim/65bcf6d5ae51077e071618e721e3ec9f to your computer and use it in GitHub Desktop.
Laravel .htaccess with Security & Optimisation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Directory Listing | |
| Options -Indexes | |
| <IfModule mod_security.c> | |
| # Server Information Disclosure | |
| ServerTokens Prod | |
| ServerSignature Off | |
| SecServerSignature " " | |
| </IfModule> | |
| <IfModule mod_headers.c> | |
| # X-Frame-Options header missing | |
| Header append X-FRAME-OPTIONS "SAMEORIGIN" | |
| # XSS Protection Not Enabled | |
| Header set X-XSS-Protection "1; mode=block" | |
| # Missing X-Content-Type-Options is not specified | |
| Header set X-Content-Type-Options nosniff | |
| </IfModule> | |
| <IfModule mod_rewrite.c> | |
| <IfModule mod_negotiation.c> | |
| Options -MultiViews -Indexes | |
| </IfModule> | |
| RewriteEngine On | |
| # Force HTTPS | |
| # Use this if you are not behind any proxies | |
| # RewriteCond %{HTTP:X-Forwarded-Proto} !https | |
| # RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R,L] | |
| ## Block bad bots | |
| RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] | |
| RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] | |
| RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] | |
| RewriteCond %{HTTP_USER_AGENT} ^Zeus | |
| RewriteRule ^.* - [F,L] | |
| # TRACE method enabled | |
| # Forbid access to all URIs for http TRACE, OPTIONS, PUT, DELETE and PATCH requests | |
| # Disable only TRACE, due to behaviour of Laravel need to handle normal CRUD Operation | |
| # OPTIONS is enabled as well due to when mobile application consume API, it will call | |
| # OPTIONS method first, before calling the GET / POST / PUT method. | |
| RewriteCond %{REQUEST_METHOD} ^(TRACE) | |
| RewriteRule .* - [F] | |
| # Handle Authorization Header | |
| RewriteCond %{HTTP:Authorization} . | |
| RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
| # Redirect Trailing Slashes If Not A Folder... | |
| RewriteCond %{REQUEST_FILENAME} !-d | |
| RewriteCond %{REQUEST_URI} (.+)/$ | |
| RewriteRule ^ %1 [L,R=301] | |
| # Handle Front Controller... | |
| RewriteCond %{REQUEST_FILENAME} !-d | |
| RewriteCond %{REQUEST_FILENAME} !-f | |
| RewriteRule ^ index.php [L] | |
| </IfModule> | |
| <IfModule mod_expires.c> | |
| ExpiresActive On | |
| # Images | |
| ExpiresByType image/jpeg "access plus 1 year" | |
| ExpiresByType image/gif "access plus 1 year" | |
| ExpiresByType image/png "access plus 1 year" | |
| ExpiresByType image/webp "access plus 1 year" | |
| ExpiresByType image/svg+xml "access plus 1 year" | |
| ExpiresByType image/x-icon "access plus 1 year" | |
| ExpiresByType image/vnd.microsoft.icon "access plus 1 year" | |
| # Video | |
| ExpiresByType video/mp4 "access plus 1 year" | |
| ExpiresByType video/mpeg "access plus 1 year" | |
| # CSS, JavaScript | |
| ExpiresByType text/css "access plus 1 month" | |
| ExpiresByType text/javascript "access plus 1 month" | |
| ExpiresByType application/javascript "access plus 1 month" | |
| # Others | |
| ExpiresByType application/pdf "access plus 1 month" | |
| ExpiresByType application/x-shockwave-flash "access plus 1 month" | |
| ExpiresByType application/json "access plus 1 month" | |
| </IfModule> | |
| <IfModule mod_deflate.c> | |
| # Compress HTML, CSS, JavaScript, Text, XML and fonts | |
| AddOutputFilterByType DEFLATE application/javascript | |
| AddOutputFilterByType DEFLATE application/rss+xml | |
| AddOutputFilterByType DEFLATE application/json | |
| AddOutputFilterByType DEFLATE application/vnd.ms-fontobject | |
| AddOutputFilterByType DEFLATE application/x-font | |
| AddOutputFilterByType DEFLATE application/x-font-opentype | |
| AddOutputFilterByType DEFLATE application/x-font-otf | |
| AddOutputFilterByType DEFLATE application/x-font-truetype | |
| AddOutputFilterByType DEFLATE application/x-font-ttf | |
| AddOutputFilterByType DEFLATE application/x-javascript | |
| AddOutputFilterByType DEFLATE application/xhtml+xml | |
| AddOutputFilterByType DEFLATE application/xml | |
| AddOutputFilterByType DEFLATE font/opentype | |
| AddOutputFilterByType DEFLATE font/otf | |
| AddOutputFilterByType DEFLATE font/ttf | |
| AddOutputFilterByType DEFLATE image/svg+xml | |
| AddOutputFilterByType DEFLATE image/x-icon | |
| AddOutputFilterByType DEFLATE text/css | |
| AddOutputFilterByType DEFLATE text/html | |
| AddOutputFilterByType DEFLATE text/javascript | |
| AddOutputFilterByType DEFLATE text/plain | |
| AddOutputFilterByType DEFLATE text/xml | |
| # Remove browser bugs (only needed for really old browsers) | |
| BrowserMatch ^Mozilla/4 gzip-only-text/html | |
| BrowserMatch ^Mozilla/4\.0[678] no-gzip | |
| BrowserMatch \bMSIE !no-gzip !gzip-only-text/html | |
| Header append Vary User-Agent | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment