#Force HTTPS
Code:
[color=#ffffff][size=x-small]RewriteEngine On[/size][/color]
[color=#ffffff][size=x-small]RewriteCond %{HTTPS} off[/size][/color]
[color=#ffffff][size=x-small]RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} {L,R=301}[/size][/color]
# Add www to any URLs that do not have them
Code:
[size=x-small][color=#ffffff]RewriteEngine on[/color][/size]
[size=x-small][color=#ffffff]RewriteCond %{HTTP_HOST} !^www\.[/color][/size]
[size=x-small][color=#ffffff]RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L][/color][/size]
# Remove www from any URLs that have them
Code:
[size=x-small][color=#ffffff]RewriteEngine on[/color][/size]
[size=x-small][color=#ffffff]RewriteCond %{HTTP_HOST} ^www\.[/color][/size]
[size=x-small][color=#ffffff]RewriteRule ^(.*)$ http://[/color][/size][i][color=#ffffff][size=small]example.com[/size][/color][/i][size=x-small][color=#ffffff]/$1 [R=301,L][/color][/size]
# Add Security Headers
Code:
[color=#ffffff][size=x-small]<IfModule mod_headers.c>[/size][/color]
[color=#ffffff][size=x-small]# Protect against XSS attacks[/size][/color]
[color=#ffffff][size=x-small]Header set X-XSS-Protection "1; mode=block"[/size][/color]
[color=#ffffff][size=x-small]</IfModule>[/size][/color]
# Deny access to .htaccess
Code:
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
# Disable directory browsing
Code:
Options -Indexes
# Hide files of type .png, .zip, .jpg, .gif and .doc from listing
Code:
[font=Consolas, monospace][font=Consolas, monospace][font=Consolas, monospace][size=small][color=#ffffff]IndexIgnore *.png *.zip *.jpg *.gif *.doc[/color][/size][/font][/font][/font]
# Hide the contents of directories
Code:
IndexIgnore *
# Deny access to files with extensions .ini, .psd, .log, .sh
Code:
[color=#ffffff][size=medium]<FilesMatch "\.(ini|psd|log|sh)$">[/size][/color]
[color=#ffffff][size=medium]Order allow,deny[/size][/color]
[color=#ffffff][size=medium]Deny from all[/size][/color]
[color=#ffffff][size=medium]</FilesMatch>[/size][/color]
# Deny access to filenames starting with dot(.)
Code:
[color=#ffffff][size=medium]<FilesMatch "^\.">[/size][/color]
[color=#ffffff][size=medium]Order allow,deny[/size][/color]
[color=#ffffff][size=medium]Deny from all[/size][/color]
[color=#ffffff][size=medium]</FilesMatch>[/size][/color]
# Password protect files
Code:
[color=#ffffff]<FilesMatch "^(execute|index|myfile|anotherfile)*$">[/color]
[color=#ffffff]AuthType Basic[/color]
[color=#ffffff]AuthName "Mypassword"[/color]
[color=#ffffff]AuthUserFile [/color][i][color=#ffffff]<Full Server Path to .htpasswd file>[/color][/i][color=#ffffff]/.htpasswd[/color]
[color=#ffffff]Require valid-user[/color]
[color=#ffffff]</FilesMatch>[/color]
#Prevent Directory Listing
Code:
Options -Indexes
# Prevent Image Hotlinking
Code:
RewriteEngine ON
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpeg|png)$ - [F].
Do you use anything else that you may find useful? Have any questions or need any help? Let me know and ill do what I can to help out.