File: /var/www/proveedores.bradford/.htaccess
<IfModule mod_rewrite.c>
Options +FollowSymLinks
Options -Indexes
DirectoryIndex index.php
RewriteEngine on
RewriteCond $1 !^(index\.php|img|css|js|robots\.txt|favicon\.ico)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L,QSA]
</IfModule>
# Deny Access to composer.json
<Files "composer.json">
Order allow,deny
Deny from all
</Files>
# Deny Access to composer.lock
<Files "composer.lock">
Order allow,deny
Deny from all
</Files>
# Deny Access to package.json
<Files "package.json">
Order allow,deny
Deny from all
</Files>
# Deny Access to package-lock.json
<Files "package-lock.json">
Order allow,deny
Deny from all
</Files>
# Deny Access to env
<Files ".env">
Order allow,deny
Deny from all
</Files>
# Deny Access to styleci
<Files ".styleci.yml">
Order allow,deny
Deny from all
</Files>
# Deny Access to editorconfig
<Files ".editorconfig">
Order allow,deny
Deny from all
</Files>
# Enable HSTS
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>
# Add Secure Flag to Cookies
<IfModule mod_headers.c>
Header always edit Set-Cookie ^(.*)$ $1;Secure
</IfModule>
# Add Secure Flag to HttpOnly
<IfModule mod_headers.c>
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly
</IfModule>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set X-Frame-Options "DENY"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "no-referrer"
Header always set Permissions-Policy "geolocation=(), microphone=()"
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://popper.js.org https://cdn.jsdelivr.net https://ajax.aspnetcdn.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';"
Header always set X-XSS-Protection "1; mode=block"
</IfModule>