AddEncoding gzip .gz AddType "text/javascript" .gz AddType "text/css" .gz AddType font/ttf .ttf AddType font/otf .otf AddType application/font-woff .woff AddType application/vnd.ms-fontobject .eot AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript # END Gzip Compression # Force mime for javascript files ForceType text/javascript # BEGIN Caching ExpiresActive On ExpiresDefault A300 ExpiresByType image/x-icon A2592000 ExpiresDefault A0 Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0" Header set Pragma "no-cache" # END Caching # BEGIN Spelling CheckSpelling On CheckCaseOnly On # END Spelling # BEGIN URL rewrite RewriteEngine On RewriteBase / RewriteCond %{HTTP:Accept-encoding} gzip RewriteCond %{REQUEST_FILENAME} \.(js|css)$ RewriteCond %{REQUEST_FILENAME}.gz -f RewriteRule ^(.*)$ $1.gz [QSA,L] EOT; if (\stripos($fullTLD, '127.0.0.1') === false) { if (\filter_var($fullTLD, \FILTER_VALIDATE_IP) === false) { $htaccess .= << # END URL rewrite # BEGIN Access control Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from all # END Access control # Disable directory view Options All -Indexes # Disable unsupported scripts Options -ExecCGI AddHandler cgi-script .pl .py .jsp .asp .shtml .sh .cgi # # # XSS protection # header always set x-xss-protection "1; mode=block" # # # Nosnif # header always set x-content-type-options "nosniff" # # # Iframes only from self # header always set x-frame-options "SAMEORIGIN" # Header set Service-Worker-Allowed "/" # Php config # This should be removed from here and adjusted in the php.ini file php_value upload_max_filesize 40M php_value post_max_size 40M php_value memory_limit 128M php_value max_input_time 30 php_value max_execution_time 30 EOT; return $htaccess;