# Security Headers
# For testing and more details, see https://securityheaders.com/ .
<IfModule mod_headers.c>
  Header set X-Frame-Options "sameorigin"
  Header set X-XSS-Protection "1; mode=block"
  Header set X-Content-Type-Options "nosniff"
  Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  # Put your domain here (or your wildcard *, if you experience any problems)
  Header set Access-Control-Allow-Origin "https://YOURDOMAIN.com/"
  # Adjust to your needs. GET should be enough for simple landingpages. Sometimes, you might need 'GET, POST'.
  Header set Access-Control-Allow-Methods "GET"
  # Be careful here. Enabling it limits you on what third-party tools you can include on your page. The provided configuration is only an example.
  Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube-nocookie.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cookiehub.net data:; img-src 'self' https://www.gstatic.com https://ssl.gstatic.com https://i.ytimg.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.tailwindcss.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cookiehub.net"
  # Usually, you would not need any special browser features, so keep them set to 'none'. Some none intrusive things might be helpful for services like YouTube.
  Header set Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(*),encrypted-media=(*),accelerometer=(*),payment=()"
  # The next 2 lines aim to hide the PHP version.
  Header unset "X-Powered-By"
  Header always unset "X-Powered-By"
</IfModule>


# 7G FIREWALL v1.4 20210821
# @ https://perishablepress.com/7g-firewall/
# 7G:[CORE]
ServerSignature Off
Options -Indexes
RewriteEngine On
RewriteBase /
# 7G:[QUERY STRING]
<IfModule mod_rewrite.c>
  RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
  RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]
  RewriteCond %{QUERY_STRING} (order(\s|%20)by(\s|%20)1--) [NC,OR]
  RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR]
  RewriteCond %{QUERY_STRING} (`|<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR]
  RewriteCond %{QUERY_STRING} (ckfinder|fck|fckeditor|fullclick) [NC,OR]
  RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR]
  RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR]
  RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR]
  RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR]
  RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]
  RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR]
  RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
  RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR]
  RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR]
  RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]
  RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
  RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]
  RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
  RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR]
  RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR]
  RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR]
  RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR]
  RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR]
  RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
  RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR]
  RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR]
  RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
  RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR]
  RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|\[|%[0-9A-Z]{0,2}) [NC,OR]
  RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|\[|%[0-9A-Z]{2,}) [NC,OR]
  RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR]
  RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR]
  RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curl(_exec|test)|disable_functions?|document_root|elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|null|open_basedir|outfile|passthru|phpinfo|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|user_func_array|wget|xertive) [NC,OR]
  RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|request|script|select|set|union|update) [NC,OR]
  RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR]
  RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR]
  RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC]
  RewriteRule .* - [F,L]
</IfModule>
# 7G:[REQUEST URI]
<IfModule mod_rewrite.c>
  RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR]
  RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR]
  RewriteCond %{REQUEST_URI} (\^|`|<|>|%|\\|\{|\}|\|) [NC,OR]
  RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&amp;?)/?$ [NC,OR]
  RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR]
  RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR]
  RewriteCond %{REQUEST_URI} (/)(ckfinder|fck|fckeditor|fullclick) [NC,OR]
  RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR]
  RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR]
  RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR]
  RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR]
  RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR]
  RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR]
  RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR]
  RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
  RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR]
  RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR]
  RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR]
  RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR]
  RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR]
  RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR]
  RewriteCond %{REQUEST_URI} (/)((php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR]
  RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-my-admin(.*)|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR]
  RewriteCond %{REQUEST_URI} (\.)(7z|ab4|ace|afm|ashx|aspx?|bash|ba?k?|bin|bz2|cfg|cfml?|cgi|conf\b|config|ctl|dat|db|dist|dll|eml|engine|env|et2|exe|fec|fla|git|gz|hg|inc|ini|inv|jsp|log|lqd|make|mbf|mdb|mmw|mny|module|old|one|orig|out|passwd|pdb|phtml|pl|profile|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|save|sdb|sql|sh|soa|svn|swf|swl|swo|swp|stx|tar|tax|tgz|theme|tls|tmd|wow|xtmpl|ya?ml|zlib)$ [NC,OR]
  RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR]
  RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3index|3xp|70bex?|admin_events|bkht|(php|web)?shell|c99|config(\.)?bak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|libsoft|marg|mobiquo|mysql|nessus|php-?info|racrew|sql|vuln|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC]
  RewriteRule .* - [F,L]
</IfModule>
# 7G:[USER AGENT]
<IfModule mod_rewrite.c>
  RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR]
  RewriteCond %{HTTP_USER_AGENT} (&lt;|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR]
  RewriteCond %{HTTP_USER_AGENT} (ahrefs|alexibot|majestic|mj12bot|rogerbot) [NC,OR]
  RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR]
  RewriteCond %{HTTP_USER_AGENT} (econtext|eolasbot|eventures|liebaofast|nominet|oppo\sa33) [NC,OR]
  RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR]
  RewriteCond %{HTTP_USER_AGENT} (acapbot|acoonbot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|mechanize|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|petalbot|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]
  RewriteRule .* - [F,L]
</IfModule>
# 7G:[REMOTE HOST]
<IfModule mod_rewrite.c>
  RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]
  RewriteRule .* - [F,L]
</IfModule>
# 7G:[HTTP REFERRER]
<IfModule mod_rewrite.c>
  RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR]
  RewriteCond %{HTTP_REFERER} (order(\s|%20)by(\s|%20)1--) [NC,OR]
  RewriteCond %{HTTP_REFERER} (blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]
  RewriteRule .* - [F,L]
</IfModule>
# 7G:[REQUEST METHOD]
<IfModule mod_rewrite.c>
  RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC]
  RewriteRule .* - [F,L]
</IfModule>


# Caching of common files using Apache's "mod_headers", if it is installed.
<IfModule mod_headers.c>
  <FilesMatch "\.(ico|pdf|flv|swf|gif|png|jpg|jpeg|txt|svg|webmanifest|webp)$">
    Header set Cache-Control "max-age=2592000, public"
  </FilesMatch>
	<FilesMatch "\.(woff|woff2|eot|ttf|js|css|min.js|min.css)$">
    Header set Cache-Control "max-age=31536000, public"
  </FilesMatch>
</IfModule>

# Alternativ caching with mod_expires (not recommended, but use it if mod_headers is not working for you)
#<IfModule mod_expires.c>
  #ExpiresActive on
  #ExpiresDefault                                      "access plus 1 month"
  #ExpiresByType text/css                              "access plus 1 year"
  #ExpiresByType application/atom+xml                  "access plus 1 hour"
  #ExpiresByType application/rdf+xml                   "access plus 1 hour"
  #ExpiresByType application/rss+xml                   "access plus 1 hour"
  #ExpiresByType application/json                      "access plus 0 seconds"
  #ExpiresByType application/ld+json                   "access plus 0 seconds"
  #ExpiresByType application/schema+json               "access plus 0 seconds"
  #ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
  #ExpiresByType application/xml                       "access plus 0 seconds"
  #ExpiresByType text/xml                              "access plus 0 seconds"
  #ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
  #ExpiresByType image/x-icon                          "access plus 1 week"
  #ExpiresByType text/html                             "access plus 3600 seconds"
  #ExpiresByType application/javascript                "access plus 1 year"
  #ExpiresByType application/x-javascript              "access plus 1 year"
  #ExpiresByType text/javascript                       "access plus 1 year"
  #ExpiresByType application/manifest+json             "access plus 1 year"
  #ExpiresByType application/webmanifest+json          "access plus 1 year"
  #ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
  #ExpiresByType text/cache-manifest                   "access plus 0 seconds"
  #ExpiresByType audio/ogg                             "access plus 1 month"
  #ExpiresByType image/bmp                             "access plus 1 month"
  #ExpiresByType image/gif                             "access plus 1 month"
  #ExpiresByType image/jpeg                            "access plus 1 month"
  #ExpiresByType image/webp                            "access plus 1 month"
  #ExpiresByType image/png                             "access plus 1 month"
  #ExpiresByType image/svg+xml                         "access plus 1 month"
  #ExpiresByType image/webp                            "access plus 1 month"
  #ExpiresByType video/mp4                             "access plus 1 month"
  #ExpiresByType video/ogg                             "access plus 1 month"
  #ExpiresByType video/webm                            "access plus 1 month"
  #ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
  #ExpiresByType font/eot                              "access plus 1 year"
  #ExpiresByType font/opentype                         "access plus 1 year"
  #ExpiresByType application/x-font-ttf                "access plus 1 year"
  #ExpiresByType application/font-woff                 "access plus 1 year"
  #ExpiresByType application/x-font-woff               "access plus 1 year"
  #ExpiresByType font/woff                             "access plus 1 year"
  #ExpiresByType font/woff2                            "access plus 1 year"
  #ExpiresByType application/font-woff                 "access plus 1 year"
  #ExpiresByType application/font-woff2                "access plus 1 year"
  #ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
#</IfModule>


# Deflation
<IfModule mod_deflate.c>
  # Insert filters / compress text, html, javascript, css, xml:
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/vtt 
  AddOutputFilterByType DEFLATE text/x-component
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/js
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/x-httpd-php
  AddOutputFilterByType DEFLATE application/x-httpd-fastphp
  AddOutputFilterByType DEFLATE application/atom+xml 
  AddOutputFilterByType DEFLATE application/json
  AddOutputFilterByType DEFLATE application/ld+json 
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject 
  AddOutputFilterByType DEFLATE application/x-font-ttf 
  AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
  AddOutputFilterByType DEFLATE application/webmanifest+json
  AddOutputFilterByType DEFLATE font/opentype  
  AddOutputFilterByType DEFLATE font/woff
  AddOutputFilterByType DEFLATE font/woff2
  AddOutputFilterByType DEFLATE application/x-font-woff
  AddOutputFilterByType DEFLATE application/x-font-woff2
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE image/x-icon
  # Exception: Images
  SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg|webp)$ no-gzip dont-vary
  # Drop problematic browsers
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
  # Make sure proxies don't deliver the wrong content
  Header append Vary User-Agent env=!dont-vary
</IfModule>


# Vary Accept-Encoding
<IfModule mod_headers.c>
  <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary Accept-Encoding
  </FilesMatch>
</IfModule>


# Set Keep Alive Header
<IfModule mod_headers.c>
  Header set Connection keep-alive
</IfModule>


# Disable ETags with "None" (and remove header)
<IfModule mod_expires.c> 
  <IfModule mod_headers.c> 
    Header unset ETag 
  </IfModule> 
  FileETag None 
</IfModule>


# Restrict access to .htaccess and .htpasswd
<FilesMatch "(\.htaccess|\.htpasswd)">
  Order deny,allow
  Deny from all
</FilesMatch>


# Restrict access to nginx conf
RedirectMatch 404 ^(.*\/)?nginx_conf


# Restrict access to .git
RedirectMatch 404 ^(.*\/)?\.git+


# Restrict access to folders named "config" or "logs" (helpful if you run Directus within the same domain at a subfolder).
# Mind to not use this, if you do not need it!
# RedirectMatch 404 ^(.*\/)?config\/+
# RedirectMatch 404 ^(.*\/)?logs\/+


# Restrict Hotlinking
# MIND THE DOMAIN HERE!
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_REFERER} !^$
  # Adjust the regex accordingly, if you want to allow for other subdomains
  RewriteCond %{HTTP_REFERER} !^https://(www.|test.|)(localhost|YOURDOMAIN\.com)(/.*)?$ [NC]
  # Exclude specific directories or files from the restriction (e.g. to make them available within emails)
  # RewriteCond %{REQUEST_URI} !^(.*)email_logo\.png [NC]
  # RewriteCond %{REQUEST_URI} !^(.*)\/opendirectory\/(.*) [NC]
  # Any files, which act as external thumbnails (e.g. social media preview) and favicons should be always excluded.
  RewriteCond %{REQUEST_URI} !^(.*)social_media\.png [NC]
  RewriteCond %{REQUEST_URI} !^(.*)repo_image\.png [NC]
  RewriteCond %{REQUEST_URI} !^(.*)\/assets\/favicons\/(.*) [NC]
  # Rewrite
  RewriteRule \.(jpg|jpeg|gif|webp|png)$ - [F]
</ifModule>


# Block XML-RPC if existent
<Files xmlrpc.php>
  Order Deny,Allow
  Deny from all
</Files>


## MAIN REWRITE ##
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /

  # Force www.
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteRule (.*) https://www.%{HTTP_HOST}/$1 [L,R=301,NC]

  # Force non-www (alternative).
  #RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
  #RewriteRule ^(.*)$ https://%1/$1 [L,R=301,NC]

  # Force HTTPS.
  RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]
  RewriteCond %{HTTP:X-Forwarded-Proto} =""
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  # Redirect direct access attempts to php files.
  RewriteCond %{THE_REQUEST} \.php[?/] [NC]
  RewriteRule !^index\.php$ - [F,L,NC]

  # Force a trailing slash and route through index.php.
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_URI} !(.*)/$ [NC]
  RewriteRule ^(.*)$ $1/ [L,R=301,NC]
	
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?/$1 [L,QSA]

</IfModule>
## END MAIN REWRITE ##
