HEX

File: /var/www/gestor-horarios.bradford/.htaccess
Options +FollowSymLinks
Options -Indexes
DirectoryIndex index.html index.php
RewriteEngine on
RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
Options +FollowSymLinks
Options -Indexes
DirectoryIndex index.html index.php
RewriteEngine on
RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    Header always set X-Frame-Options "DENY"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Referrer-Policy "no-referrer"
    Header always set Permissions-Policy "geolocation=(), microphone=()"
    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://popper.js.org https://cdn.jsdelivr.net https://ajax.aspnetcdn.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';"
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>


# Deny Access to composer.json
<Files "composer.json">
    Order allow,deny
    Deny from all
</Files>

# Deny Access to composer.lock
<Files "composer.lock">
    Order allow,deny
    Deny from all
</Files>

# Deny Access to package.json
<Files "package.json">
    Order allow,deny
    Deny from all
</Files>

# Deny Access to package-lock.json
<Files "package-lock.json">
    Order allow,deny
    Deny from all
</Files>

# Deny Access to env
<Files ".env">
    Order allow,deny
    Deny from all
</Files>

# Deny Access to styleci
<Files ".styleci.yml">
    Order allow,deny
    Deny from all
</Files>

# Deny Access to editorconfig
<Files ".editorconfig">
    Order allow,deny
    Deny from all
</Files>

# Enable HSTS
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

# Add Secure Flag to Cookies
<IfModule mod_headers.c>
    Header always edit Set-Cookie ^(.*)$ $1;Secure
</IfModule>

# Add Secure Flag to HttpOnly
<IfModule mod_headers.c>
    Header always edit Set-Cookie ^(.*)$ $1;HttpOnly
</IfModule>