File: /mnt/data/targetplatform/public_html/.htaccess
# Disable directory browsing
Options -Indexes
# Protect .htaccess itself
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
# Protect sensitive files
<FilesMatch "\.(htaccess|htpasswd|ini|log|conf|env|json)$">
Order Allow,Deny
Deny from all
</FilesMatch>
# Disable server signature
ServerSignature Off
# Block access to Git and SVN folders
RedirectMatch 404 /\.git
RedirectMatch 404 /\.svn
# Prevent access to backup and source files
<FilesMatch "(^#.*#|\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist))$">
Order Allow,Deny
Deny from all
</FilesMatch>
# Set security headers
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>
# Prevent hotlinking of images
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?targetplatform\.net [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp)$ - [F]
# Block common bad bots
SetEnvIfNoCase User-Agent "libwww-perl" bad_bot
SetEnvIfNoCase User-Agent "MJ12bot" bad_bot
SetEnvIfNoCase User-Agent "HTTrack" bad_bot
SetEnvIfNoCase User-Agent "wget" bad_bot
SetEnvIfNoCase User-Agent "curl" bad_bot
Order Allow,Deny
Allow from all
Deny from env=bad_bot
# Prevent PHP execution in uploads, images, and files directories
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/(uploads|images|files)/.*\.php$ [NC]
RewriteRule ^ - [F,L]
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit