### File security # Exclude direct access to tpl, tpl.xml, inc.php, sql extensions # <FilesMatch "\.(tpl|tpl.xml|inc.php|sql)$"> order allow,deny deny from all satisfy all </FilesMatch> <IfModule mod_expires.c> ExpiresActive on ExpiresByType text/css "access plus 1 month" ExpiresByType application/x-javascript "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/x-icon "access plus 1 month" ExpiresByType image/icon "access plus 1 month" </IfModule> <IfModule mod_rewrite.c> ## Tell PHP that the mod_rewrite module is ENABLED. SetEnv HTTP_MOD_REWRITE On ## Enable mod-rewrite RewriteEngine On ###### Rewrite rule to force 'www.' prefix. Use only if needed # If your site can be accessed both with and without the 'www.' prefix, # use the following setting to redirect all users to access the site with the 'www.' # when they access without 'www.'. Uncomment and MAKE sure to adapt for your domain name # # RewriteCond %{HTTP_HOST} ^example\.com$ [NC] # RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301] ###### Rewrite rules to block common hacks ## If you experience problems comment out the operations listed below ## Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] ## Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] ## Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] ## Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) ## Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] ## Uncomment line below if FollowSymLinks option is not enabled ## by default in server configuration # # Options +FollowSymLinks ## Uncomment following line if your webserver's URL ## is not directly related to physical file paths. ## Update Your In-Portal Directory (just / for root) # # RewriteBase / ## In-Portal SEF URLs # RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME}/ !-f RewriteCond %{REQUEST_FILENAME}/index.php !-f RewriteCond %{REQUEST_FILENAME}/index.html !-f RewriteCond %{REQUEST_URI} !\.(gif|jpg|png|bmp|js|css|ico|swf|map)$ [NC] RewriteRule ^(.*) index.php?rewrite=on&_mod_rw_url_=$1 [QSA] </IfModule> RedirectMatch 404 /(\.svn|CVS)(/|$)