1

### File security

2

# Exclude direct access to tpl, tpl.xml, inc.php, sql extensions

3

#

4

5

order allow,deny

6

deny from all

7

</Files>

8

9

10

ExpiresActive on

11

ExpiresByType text/css "access plus 4 hours"

12

ExpiresByType application/x-javascript "access plus 4 hours"

13

ExpiresByType image/gif "access plus 4 hours"

14

ExpiresByType image/jpeg "access plus 4 hours"

15

ExpiresByType image/png "access plus 4 hours"

16

</IfModule>

17

18

## Enable mod-rewrite

19

RewriteEngine On

20

21

###### Rewrite rule to force 'www.' prefix. Use only if needed

22

# If your site can be accessed both with and without the 'www.' prefix,

23

# use the following setting to redirect all users to access the site with the 'www.'

24

# when they access without 'www.'. Uncomment and MAKE sure to adapt for your domain name

25

#

26

# RewriteCond %{HTTP_HOST} ^example\.com$ [NC]

27

# RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

28

29

###### Rewrite rules to block common hacks

30

## If you experience problems comment out the operations listed below

31

## Block out any script trying to base64_encode crap to send via URL

32

RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [OR]

33

## Block out any script that includes a <script> tag in URL

34

RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

35

## Block out any script trying to set a PHP GLOBALS variable via URL

36

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

37

## Block out any script trying to modify a _REQUEST variable via URL

38

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

39

## Send all blocked request to homepage with 403 Forbidden error!

40

RewriteRule ^(.*)$ index.php [F,L]

41

42

## Uncomment line below if FollowSymLinks option is not enabled

43

## by default in server configuration

44

#

45

# Options +FollowSymLinks

46

47

## Uncomment following line if your webserver's URL

48

## is not directly related to physical file paths.

49

## Update Your In-Portal Directory (just / for root)

50

#

51

# RewriteBase /

52

53

## In-Portal SEF URLs

54

#

55

RewriteCond %{REQUEST_FILENAME} !-f

56

RewriteCond %{REQUEST_FILENAME}/ !-f

57

RewriteCond %{REQUEST_FILENAME}/index.php !-f

58

RewriteCond %{REQUEST_FILENAME}/index.html !-f

59

RewriteCond %{REQUEST_URI} !\.(gif|jpg|png|bmp|js|css|ico|swf)$ [NC]

60

RewriteRule ^(.*) index.php?rewrite=on&_mod_rw_url_=$1 [QSA]

61

62

RedirectMatch 404 /(\.svn|CVS)(/|$)

				1	### File security
				2	# Exclude direct access to tpl, tpl.xml, inc.php, sql extensions
				3	#
				4	<Files ~ "\.(tpl\|tpl.xml\|inc.php\|sql)$">
				5	order allow,deny
				6	deny from all
				7	</Files>
				8
				9	<IfModule mod_expires.c>
				10	ExpiresActive on
				11	ExpiresByType text/css "access plus 4 hours"
				12	ExpiresByType application/x-javascript "access plus 4 hours"
				13	ExpiresByType image/gif "access plus 4 hours"
				14	ExpiresByType image/jpeg "access plus 4 hours"
				15	ExpiresByType image/png "access plus 4 hours"
				16	</IfModule>
				17
				18	## Enable mod-rewrite
				19	RewriteEngine On
				20
				21	###### Rewrite rule to force 'www.' prefix. Use only if needed
				22	# If your site can be accessed both with and without the 'www.' prefix,
				23	# use the following setting to redirect all users to access the site with the 'www.'
				24	# when they access without 'www.'. Uncomment and MAKE sure to adapt for your domain name
				25	#
				26	# RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
				27	# RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
				28
				29	###### Rewrite rules to block common hacks
				30	## If you experience problems comment out the operations listed below
				31	## Block out any script trying to base64_encode crap to send via URL
				32	RewriteCond %{QUERY_STRING} base64_encode.\(.\) [OR]
				33	## Block out any script that includes a <script> tag in URL
				34	RewriteCond %{QUERY_STRING} (<\|%3C).script.(>\|%3E) [NC,OR]
				35	## Block out any script trying to set a PHP GLOBALS variable via URL
				36	RewriteCond %{QUERY_STRING} GLOBALS(=\|\[\|\%[0-9A-Z]{0,2}) [OR]
				37	## Block out any script trying to modify a _REQUEST variable via URL
				38	RewriteCond %{QUERY_STRING} _REQUEST(=\|\[\|\%[0-9A-Z]{0,2})
				39	## Send all blocked request to homepage with 403 Forbidden error!
				40	RewriteRule ^(.*)$ index.php [F,L]
				41
				42	## Uncomment line below if FollowSymLinks option is not enabled
				43	## by default in server configuration
				44	#
				45	# Options +FollowSymLinks
				46
				47	## Uncomment following line if your webserver's URL
				48	## is not directly related to physical file paths.
				49	## Update Your In-Portal Directory (just / for root)
				50	#
				51	# RewriteBase /
				52
				53	## In-Portal SEF URLs
				54	#
				55	RewriteCond %{REQUEST_FILENAME} !-f
				56	RewriteCond %{REQUEST_FILENAME}/ !-f
				57	RewriteCond %{REQUEST_FILENAME}/index.php !-f
				58	RewriteCond %{REQUEST_FILENAME}/index.html !-f
				59	RewriteCond %{REQUEST_URI} !\.(gif\|jpg\|png\|bmp\|js\|css\|ico\|swf)$ [NC]
				60	RewriteRule ^(.*) index.php?rewrite=on&_mod_rw_url_=$1 [QSA]
				61
				62	RedirectMatch 404 /(\.svn\|CVS)(/\|$)