### File security # Exclude direct access to tpl, tpl.xml, inc.php, sql extensions # order allow,deny deny from all satisfy all ExpiresActive on ExpiresByType text/css "a`ccess plus 1 month" ExpiresByType application/x-javascript "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/svg+xml "access plus 1 month" ExpiresByType image/x-icon "access plus 1 month" ExpiresByType image/icon "access plus 1 month" ExpiresByType application/vnd.ms-fontobject "access plus 1 month" ExpiresByType application/x-font-opentype "access plus 1 month" ExpiresByType application/x-font-ttf "access plus 1 month" ExpiresByType application/font-woff "access plus 1 month" ## Tell PHP that the mod_rewrite module is ENABLED. SetEnv HTTP_MOD_REWRITE On ## Enable mod-rewrite RewriteEngine On ###### Rewrite rule to force 'www.' prefix. Use only if needed # If your site can be accessed both with and without the 'www.' prefix, # use the following setting to redirect all users to access the site with the 'www.' # when they access without 'www.'. Uncomment and MAKE sure to adapt for your domain name # # RewriteCond %{HTTP_HOST} ^example\.com$ [NC] # RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301] ###### Rewrite rules to block common hacks ## If you experience problems comment out the operations listed below ## Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] ## Block out any script that includes a