forkbb/.dist.htaccess

AddDefaultCharset UTF-8

<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

<IfModule mod_rewrite.c>
  RewriteEngine On
  #RewriteBase /

  RewriteRule ^favicon\.ico$ public/favicon.ico [L]
  RewriteRule ^robots\.txt$ public/robots.txt [L]

  RewriteRule !^public/ index.php [L]

  RewriteCond %{REQUEST_URI} \.v\.[0-9]
  RewriteRule ^(.+)\.v\.[0-9]+\.([^.\\/]++)$ $1.$2 [L]

  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule ^public/ index.php [L]

  RewriteRule \.dist\. index.php [L]
</IfModule>

# Set Cache-Control and Expires headers for caching statics
<IfModule mod_expires.c>
  ExpiresActive on

  ExpiresByType text/css A31536000
  ExpiresByType application/javascript A31536000

  ExpiresByType image/gif A31536000
  ExpiresByType image/png A31536000
  ExpiresByType image/jpg A31536000
  ExpiresByType image/jpeg A31536000
  ExpiresByType image/webp A31536000
</IfModule>

# Set Cache-Control header for caching statics if no mod_expires.c
<IfModule !mod_expires.c>
  <ifModule mod_headers.c>
    <FilesMatch "\.(css|js|gif|png|jpg|jpeg|webp)$">
      Header set Cache-Control "max-age=31536000, public"
    </FilesMatch>
  </ifModule>
</IfModule>

<ifModule mod_headers.c>
  # Set security headers if missing.
  # ForkBB generates these headers, but only for php pages.
  Header always set Content-Security-Policy "default-src 'self';object-src 'none';frame-ancestors 'none';base-uri 'none';form-action 'self'" "expr=-z %{resp:Content-Security-Policy}"
  Header always set Feature-Policy "accelerometer 'none';ambient-light-sensor 'none';autoplay 'none';battery 'none';camera 'none';document-domain 'self';fullscreen 'self';geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none';sync-xhr 'self';usb 'none'" "expr=-z %{resp:Feature-Policy}"
  Header always set Referrer-Policy "origin-when-cross-origin" "expr=-z %{resp:Referrer-Policy}"
#  Header set Strict-Transport-Security "max-age=31536000" "expr=-z %{resp:Strict-Transport-Security}"
  Header always set X-Content-Type-Options "nosniff" "expr=-z %{resp:X-Content-Type-Options}"
  Header always set X-Frame-Options "DENY" "expr=-z %{resp:X-Frame-Options}"
  Header always set X-XSS-Protection "1; mode=block" "expr=-z %{resp:X-XSS-Protection}"

  # Remove headers containing php information
  Header unset X-Powered-By
  Header always unset X-Powered-By
</ifModule>

# Hiding information about the system (Probably a ban on changes through .htaccess)
#ServerTokens ProductOnly
#ServerSignature Off

# More info: https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess
Fix auto detect base url for install 2018-09-12 13:40:20 +00:00			`AddDefaultCharset UTF-8`

Update .htaccess 2020-05-30 06:16:48 +00:00			`<IfModule mod_autoindex.c>`
			`Options -Indexes`
			`</IfModule>`

Fix auto detect base url for install 2018-09-12 13:40:20 +00:00			`<IfModule mod_rewrite.c>`
			`RewriteEngine On`
			`#RewriteBase /`

			`RewriteRule ^favicon\.ico$ public/favicon.ico [L]`
			`RewriteRule ^robots\.txt$ public/robots.txt [L]`

Update .htaccess 2020-06-12 12:06:28 +00:00			`RewriteRule !^public/ index.php [L]`
Update .htaccess 2020-05-30 06:16:48 +00:00
Add a method for generating a link to a static file + add caching of static files with resetting browser cache via filename. 2020-11-28 15:08:34 +00:00			`RewriteCond %{REQUEST_URI} \.v\.[0-9]`
			`RewriteRule ^(.+)\.v\.[0-9]+\.([^.\\/]++)$ $1.$2 [L]`

Fix auto detect base url for install 2018-09-12 13:40:20 +00:00			`RewriteCond %{REQUEST_FILENAME} !-f`
			`RewriteRule ^public/ index.php [L]`
Update .htaccess 2020-06-12 12:06:28 +00:00
			`RewriteRule \.dist\. index.php [L]`
Fix auto detect base url for install 2018-09-12 13:40:20 +00:00			`</IfModule>`
Add a method for generating a link to a static file + add caching of static files with resetting browser cache via filename. 2020-11-28 15:08:34 +00:00
Update .htaccess To improve system security. 2021-01-11 10:51:48 +00:00			`# Set Cache-Control and Expires headers for caching statics`
Add a method for generating a link to a static file + add caching of static files with resetting browser cache via filename. 2020-11-28 15:08:34 +00:00			`<IfModule mod_expires.c>`
			`ExpiresActive on`

			`ExpiresByType text/css A31536000`
			`ExpiresByType application/javascript A31536000`

			`ExpiresByType image/gif A31536000`
			`ExpiresByType image/png A31536000`
			`ExpiresByType image/jpg A31536000`
			`ExpiresByType image/jpeg A31536000`
Add caching for webp 2020-11-28 15:13:08 +00:00			`ExpiresByType image/webp A31536000`
Add a method for generating a link to a static file + add caching of static files with resetting browser cache via filename. 2020-11-28 15:08:34 +00:00			`</IfModule>`
Update .htaccess To improve system security. 2021-01-11 10:51:48 +00:00
			`# Set Cache-Control header for caching statics if no mod_expires.c`
			`<IfModule !mod_expires.c>`
			`<ifModule mod_headers.c>`
			`<FilesMatch "\.(css\|js\|gif\|png\|jpg\|jpeg\|webp)$">`
			`Header set Cache-Control "max-age=31536000, public"`
			`</FilesMatch>`
			`</ifModule>`
			`</IfModule>`

			`<ifModule mod_headers.c>`
			`# Set security headers if missing.`
			`# ForkBB generates these headers, but only for php pages.`
			`Header always set Content-Security-Policy "default-src 'self';object-src 'none';frame-ancestors 'none';base-uri 'none';form-action 'self'" "expr=-z %{resp:Content-Security-Policy}"`
			`Header always set Feature-Policy "accelerometer 'none';ambient-light-sensor 'none';autoplay 'none';battery 'none';camera 'none';document-domain 'self';fullscreen 'self';geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none';sync-xhr 'self';usb 'none'" "expr=-z %{resp:Feature-Policy}"`
			`Header always set Referrer-Policy "origin-when-cross-origin" "expr=-z %{resp:Referrer-Policy}"`
			`# Header set Strict-Transport-Security "max-age=31536000" "expr=-z %{resp:Strict-Transport-Security}"`
			`Header always set X-Content-Type-Options "nosniff" "expr=-z %{resp:X-Content-Type-Options}"`
			`Header always set X-Frame-Options "DENY" "expr=-z %{resp:X-Frame-Options}"`
			`Header always set X-XSS-Protection "1; mode=block" "expr=-z %{resp:X-XSS-Protection}"`

			`# Remove headers containing php information`
			`Header unset X-Powered-By`
			`Header always unset X-Powered-By`
			`</ifModule>`

			`# Hiding information about the system (Probably a ban on changes through .htaccess)`
			`#ServerTokens ProductOnly`
			`#ServerSignature Off`

			`# More info: https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess`