mirror/Fail2Ban-Report
1
0
Fork 0
mirror of https://github.com/SubleXBle/Fail2Ban-Report.git synced 2026-02-11 19:28:50 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
5f1a6fdb5300a4246f7641a6faaea20d2f548cf1
Fail2Ban-Report/.htaccess
SubleXBle 39c9b5cb8c Update .htaccess 
added protction for archive/ in .htaccess
2025-08-03 17:33:50 +02:00

75 lines
2.1 KiB
ApacheConf
Raw Blame History

# ----------------------------------------------------
# BASIC PROTECTION
# ----------------------------------------------------
# Redirect to https
<IfModule mod_rewrite.c>
RewriteEngine On
# Check if HTTPS is not enabled
RewriteCond %{HTTPS} !=on
# Redirect to the same URL but with https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# Disable directory listing
Options -Indexes
# Block direct access to sensitive file types
<FilesMatch "\.(sh|ini|log|json)$">
Require all denied
</FilesMatch>
# Protect the .htaccess file itself
<Files .htaccess>
Require all denied
</Files>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^archive/ - [F,L]
</IfModule>
# ----------------------------------------------------
# BASIC HTTPS HEADERS
# ----------------------------------------------------
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
</IfModule>
# ----------------------------------------------------
# Set UTF-8 as default charset
# ----------------------------------------------------
AddDefaultCharset utf-8
# ----------------------------------------------------
# Set your own Rules to fit your needs down here
# Example for additonal configuration
# ----------------------------------------------------
# Enable Basic Authentication (uncomment and configure if needed)
# AuthType Basic
# AuthName "Restricted Area"
# AuthUserFile /path/to/.htpasswd
# Require valid-user
# Restrict access by IP address (adjust IP ranges accordingly)
# <RequireAny>
# Require ip 192.168.1.0/24
# Require ip 203.0.113.5
# </RequireAny>
# Block access to backup files (optional)
# <FilesMatch "\.(bak|old|backup)$">
# Require all denied
# </FilesMatch>
# Add your own security headers or overrides below
# Header always set Referrer-Policy "no-referrer-when-downgrade"
# Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline';"
Reference in New Issue View Git Blame Copy Permalink