Your IP : 216.73.217.142
### ===========================================================================
### Security Enhanced & Highly Optimized .htaccess File for Joomla!
### automatically generated by Admin Tools 6.1.11 on 2023-10-02 11:28:45 CEST
### Auto-detected Apache version: 2.2 (best guess)
### ===========================================================================
###
### The contents of this file are based on the same author's work "Master
### .htaccess".
###
### Admin Tools is Free Software, distributed under the terms of the GNU
### General Public License version 3 or, at your option, any later version
### published by the Free Software Foundation.
###
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
### !! !!
### !! If you get an Internal Server Error 500 or a blank page when trying !!
### !! to access your site, remove this file and try tweaking its settings !!
### !! in the back-end of the Admin Tools component. !!
### !! !!
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
###
##### RewriteEngine enabled - BEGIN
RewriteEngine On
##### RewriteEngine enabled - END
##### RewriteBase set - BEGIN
RewriteBase /
##### RewriteBase set - END
##### HTTP to HTTPS redirection
## Since you have enabled HSTS the first redirection rule will instruct the browser to visit the HTTPS version of your
## site. This prevents unsafe redirections through HTTP.
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://formation.e-synergisud.fr%{REQUEST_URI} [L,R=301]
##### File execution order -- BEGIN
DirectoryIndex index.php index.html
##### File execution order -- END
##### Follow symlinks -- BEGIN
##### Follow symlinks -- END
##### Optimal default expiration time - BEGIN
<IfModule mod_expires.c>
# Enable expiration control
ExpiresActive On
# No caching for specific resource types
## -- Application cache manifest
ExpiresByType text/cache-manifest "now"
## -- XML and JSON
ExpiresByType application/json "now"
ExpiresByType application/xml "now"
ExpiresByType text/xml "now"
## RSS and Atom feeds: 1 hour (hardcoded)
ExpiresByType application/atom+xml "now plus 1 hour"
ExpiresByType application/rss+xml "now plus 1 hour"
# CSS and JS expiration: 1 week after request
ExpiresByType text/css "now plus 1 week"
ExpiresByType text/javascript "now plus 1 week"
ExpiresByType application/javascript "now plus 1 week"
ExpiresByType application/ld+json "now plus 1 week"
ExpiresByType application/x-javascript "now plus 1 week"
# Image files expiration: 1 month after request
ExpiresByType application/ico "now plus 1 month"
ExpiresByType application/smil "now plus 1 month"
ExpiresByType application/vnd.wap.wbxml "now plus 1 month"
ExpiresByType image/bmp "now plus 1 month"
ExpiresByType image/gif "now plus 1 month"
ExpiresByType image/ico "now plus 1 month"
ExpiresByType image/icon "now plus 1 month"
ExpiresByType image/jp2 "now plus 1 month"
ExpiresByType image/jpeg "now plus 1 month"
ExpiresByType image/jpg "now plus 1 month"
ExpiresByType image/pipeg "now plus 1 month"
ExpiresByType image/png "now plus 1 month"
ExpiresByType image/svg+xml "now plus 1 month"
ExpiresByType image/tiff "now plus 1 month"
ExpiresByType image/vnd.microsoft.icon "now plus 1 month"
ExpiresByType image/vnd.wap.wbmp "now plus 1 month"
ExpiresByType image/webp "now plus 1 month"
ExpiresByType image/x-icon "now plus 1 month"
ExpiresByType text/ico "now plus 1 month"
# Font files expiration: 1 week after request
ExpiresByType application/font-woff "now plus 1 week"
ExpiresByType application/font-woff2 "now plus 1 week"
ExpiresByType application/vnd.ms-fontobject "now plus 1 week"
ExpiresByType application/x-font-opentype "now plus 1 week"
ExpiresByType application/x-font-ttf "now plus 1 week"
ExpiresByType application/x-font-woff "now plus 1 week"
ExpiresByType font/opentype "now plus 1 week"
ExpiresByType font/otf "now plus 1 week"
ExpiresByType font/ttf "now plus 1 week"
ExpiresByType font/woff "now plus 1 week"
ExpiresByType font/woff2 "now plus 1 week"
# Audio files expiration: 1 month after request
ExpiresByType application/ogg "now plus 1 month"
ExpiresByType audio/3gpp "now plus 1 month"
ExpiresByType audio/3gpp2 "now plus 1 month"
ExpiresByType audio/aac "now plus 1 month"
ExpiresByType audio/basic "now plus 1 month"
ExpiresByType audio/mid "now plus 1 month"
ExpiresByType audio/midi "now plus 1 month"
ExpiresByType audio/mp3 "now plus 1 month"
ExpiresByType audio/mpeg "now plus 1 month"
ExpiresByType audio/ogg "now plus 1 month"
ExpiresByType audio/opus "now plus 1 month"
ExpiresByType audio/x-aiff "now plus 1 month"
ExpiresByType audio/x-mpegurl "now plus 1 month"
ExpiresByType audio/x-pn-realaudio "now plus 1 month"
ExpiresByType audio/x-wav "now plus 1 month"
ExpiresByType audio/wav "now plus 1 month"
# Movie files expiration: 1 month after request
ExpiresByType application/x-shockwave-flash "now plus 1 month"
ExpiresByType video/3gpp "now plus 1 month"
ExpiresByType video/3gpp2 "now plus 1 month"
ExpiresByType video/mp4 "now plus 1 month"
ExpiresByType video/mpeg "now plus 1 month"
ExpiresByType video/ogg "now plus 1 month"
ExpiresByType video/quicktime "now plus 1 month"
ExpiresByType video/webm "now plus 1 month"
ExpiresByType video/x-la-asf "now plus 1 month"
ExpiresByType video/x-ms-asf "now plus 1 month"
ExpiresByType video/x-msvideo "now plus 1 month"
ExpiresByType x-world/x-vrml "now plus 1 month"
</IfModule>
# Disable caching of administrator/index.php
<Files "administrator/index.php">
<IfModule mod_expires.c>
ExpiresActive Off
</IfModule>
<IfModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</IfModule>
</Files>
##### Optimal default expiration time - END
##### Common hacking tools and bandwidth hoggers block -- BEGIN
SetEnvIf user-agent "(?i:WebBandit)" stayout=1
SetEnvIf user-agent "(?i:webbandit)" stayout=1
SetEnvIf user-agent "(?i:Acunetix)" stayout=1
SetEnvIf user-agent "(?i:binlar)" stayout=1
SetEnvIf user-agent "(?i:BlackWidow)" stayout=1
SetEnvIf user-agent "(?i:Bolt 0)" stayout=1
SetEnvIf user-agent "(?i:Bot mailto:craftbot@yahoo.com)" stayout=1
SetEnvIf user-agent "(?i:BOT for JCE)" stayout=1
SetEnvIf user-agent "(?i:casper)" stayout=1
SetEnvIf user-agent "(?i:checkprivacy)" stayout=1
SetEnvIf user-agent "(?i:ChinaClaw)" stayout=1
SetEnvIf user-agent "(?i:clshttp)" stayout=1
SetEnvIf user-agent "(?i:cmsworldmap)" stayout=1
SetEnvIf user-agent "(?i:comodo)" stayout=1
SetEnvIf user-agent "(?i:Custo)" stayout=1
SetEnvIf user-agent "(?i:Default Browser 0)" stayout=1
SetEnvIf user-agent "(?i:diavol)" stayout=1
SetEnvIf user-agent "(?i:DIIbot)" stayout=1
SetEnvIf user-agent "(?i:DISCo)" stayout=1
SetEnvIf user-agent "(?i:dotbot)" stayout=1
SetEnvIf user-agent "(?i:Download Demon)" stayout=1
SetEnvIf user-agent "(?i:eCatch)" stayout=1
SetEnvIf user-agent "(?i:EirGrabber)" stayout=1
SetEnvIf user-agent "(?i:EmailCollector)" stayout=1
SetEnvIf user-agent "(?i:EmailSiphon)" stayout=1
SetEnvIf user-agent "(?i:EmailWolf)" stayout=1
SetEnvIf user-agent "(?i:Express WebPictures)" stayout=1
SetEnvIf user-agent "(?i:extract)" stayout=1
SetEnvIf user-agent "(?i:ExtractorPro)" stayout=1
SetEnvIf user-agent "(?i:EyeNetIE)" stayout=1
SetEnvIf user-agent "(?i:feedfinder)" stayout=1
SetEnvIf user-agent "(?i:FHscan)" stayout=1
SetEnvIf user-agent "(?i:FlashGet)" stayout=1
SetEnvIf user-agent "(?i:flicky)" stayout=1
SetEnvIf user-agent "(?i:GetRight)" stayout=1
SetEnvIf user-agent "(?i:GetWeb!)" stayout=1
SetEnvIf user-agent "(?i:Go-Ahead-Got-It)" stayout=1
SetEnvIf user-agent "(?i:Go!Zilla)" stayout=1
SetEnvIf user-agent "(?i:grab)" stayout=1
SetEnvIf user-agent "(?i:GrabNet)" stayout=1
SetEnvIf user-agent "(?i:Grafula)" stayout=1
SetEnvIf user-agent "(?i:harvest)" stayout=1
SetEnvIf user-agent "(?i:HMView)" stayout=1
SetEnvIf user-agent "(?i:ia_archiver)" stayout=1
SetEnvIf user-agent "(?i:Image Stripper)" stayout=1
SetEnvIf user-agent "(?i:Image Sucker)" stayout=1
SetEnvIf user-agent "(?i:InterGET)" stayout=1
SetEnvIf user-agent "(?i:Internet Ninja)" stayout=1
SetEnvIf user-agent "(?i:InternetSeer.com)" stayout=1
SetEnvIf user-agent "(?i:jakarta)" stayout=1
SetEnvIf user-agent "(?i:Java)" stayout=1
SetEnvIf user-agent "(?i:JetCar)" stayout=1
SetEnvIf user-agent "(?i:JOC Web Spider)" stayout=1
SetEnvIf user-agent "(?i:kmccrew)" stayout=1
SetEnvIf user-agent "(?i:larbin)" stayout=1
SetEnvIf user-agent "(?i:LeechFTP)" stayout=1
SetEnvIf user-agent "(?i:libwww)" stayout=1
SetEnvIf user-agent "(?i:Mass Downloader)" stayout=1
SetEnvIf user-agent "(?i:Maxthon$)" stayout=1
SetEnvIf user-agent "(?i:microsoft.url)" stayout=1
SetEnvIf user-agent "(?i:MIDown tool)" stayout=1
SetEnvIf user-agent "(?i:miner)" stayout=1
SetEnvIf user-agent "(?i:Mister PiX)" stayout=1
SetEnvIf user-agent "(?i:NEWT)" stayout=1
SetEnvIf user-agent "(?i:MSFrontPage)" stayout=1
SetEnvIf user-agent "(?i:Navroad)" stayout=1
SetEnvIf user-agent "(?i:NearSite)" stayout=1
SetEnvIf user-agent "(?i:Net Vampire)" stayout=1
SetEnvIf user-agent "(?i:NetAnts)" stayout=1
SetEnvIf user-agent "(?i:NetSpider)" stayout=1
SetEnvIf user-agent "(?i:NetZIP)" stayout=1
SetEnvIf user-agent "(?i:nutch)" stayout=1
SetEnvIf user-agent "(?i:Octopus)" stayout=1
SetEnvIf user-agent "(?i:Offline Explorer)" stayout=1
SetEnvIf user-agent "(?i:Offline Navigator)" stayout=1
SetEnvIf user-agent "(?i:PageGrabber)" stayout=1
SetEnvIf user-agent "(?i:Papa Foto)" stayout=1
SetEnvIf user-agent "(?i:pavuk)" stayout=1
SetEnvIf user-agent "(?i:pcBrowser)" stayout=1
SetEnvIf user-agent "(?i:PeoplePal)" stayout=1
SetEnvIf user-agent "(?i:planetwork)" stayout=1
SetEnvIf user-agent "(?i:psbot)" stayout=1
SetEnvIf user-agent "(?i:purebot)" stayout=1
SetEnvIf user-agent "(?i:pycurl)" stayout=1
SetEnvIf user-agent "(?i:RealDownload)" stayout=1
SetEnvIf user-agent "(?i:ReGet)" stayout=1
SetEnvIf user-agent "(?i:Rippers 0)" stayout=1
SetEnvIf user-agent "(?i:SeaMonkey$)" stayout=1
SetEnvIf user-agent "(?i:sitecheck.internetseer.com)" stayout=1
SetEnvIf user-agent "(?i:SiteSnagger)" stayout=1
SetEnvIf user-agent "(?i:skygrid)" stayout=1
SetEnvIf user-agent "(?i:SmartDownload)" stayout=1
SetEnvIf user-agent "(?i:sucker)" stayout=1
SetEnvIf user-agent "(?i:SuperBot)" stayout=1
SetEnvIf user-agent "(?i:SuperHTTP)" stayout=1
SetEnvIf user-agent "(?i:Surfbot)" stayout=1
SetEnvIf user-agent "(?i:tAkeOut)" stayout=1
SetEnvIf user-agent "(?i:Teleport Pro)" stayout=1
SetEnvIf user-agent "(?i:Toata dragostea mea pentru diavola)" stayout=1
SetEnvIf user-agent "(?i:turnit)" stayout=1
SetEnvIf user-agent "(?i:vikspider)" stayout=1
SetEnvIf user-agent "(?i:VoidEYE)" stayout=1
SetEnvIf user-agent "(?i:Web Image Collector)" stayout=1
SetEnvIf user-agent "(?i:Web Sucker)" stayout=1
SetEnvIf user-agent "(?i:WebAuto)" stayout=1
SetEnvIf user-agent "(?i:WebCopier)" stayout=1
SetEnvIf user-agent "(?i:WebFetch)" stayout=1
SetEnvIf user-agent "(?i:WebGo IS)" stayout=1
SetEnvIf user-agent "(?i:WebLeacher)" stayout=1
SetEnvIf user-agent "(?i:WebReaper)" stayout=1
SetEnvIf user-agent "(?i:WebSauger)" stayout=1
SetEnvIf user-agent "(?i:Website eXtractor)" stayout=1
SetEnvIf user-agent "(?i:Website Quester)" stayout=1
SetEnvIf user-agent "(?i:WebStripper)" stayout=1
SetEnvIf user-agent "(?i:WebWhacker)" stayout=1
SetEnvIf user-agent "(?i:WebZIP)" stayout=1
SetEnvIf user-agent "(?i:Wget)" stayout=1
SetEnvIf user-agent "(?i:Widow)" stayout=1
SetEnvIf user-agent "(?i:WWW-Mechanize)" stayout=1
SetEnvIf user-agent "(?i:WWWOFFLE)" stayout=1
SetEnvIf user-agent "(?i:Xaldon WebSpider)" stayout=1
SetEnvIf user-agent "(?i:Zeus)" stayout=1
SetEnvIf user-agent "(?i:zmeu)" stayout=1
SetEnvIf user-agent "(?i:CazoodleBot)" stayout=1
SetEnvIf user-agent "(?i:discobot)" stayout=1
SetEnvIf user-agent "(?i:ecxi)" stayout=1
SetEnvIf user-agent "(?i:GT::WWW)" stayout=1
SetEnvIf user-agent "(?i:heritrix)" stayout=1
SetEnvIf user-agent "(?i:HTTP::Lite)" stayout=1
SetEnvIf user-agent "(?i:HTTrack)" stayout=1
SetEnvIf user-agent "(?i:ia_archiver)" stayout=1
SetEnvIf user-agent "(?i:id-search)" stayout=1
SetEnvIf user-agent "(?i:id-search.org)" stayout=1
SetEnvIf user-agent "(?i:IDBot)" stayout=1
SetEnvIf user-agent "(?i:Indy Library)" stayout=1
SetEnvIf user-agent "(?i:IRLbot)" stayout=1
SetEnvIf user-agent "(?i:ISC Systems iRc Search 2.1)" stayout=1
SetEnvIf user-agent "(?i:LinksManager.com_bot)" stayout=1
SetEnvIf user-agent "(?i:linkwalker)" stayout=1
SetEnvIf user-agent "(?i:lwp-trivial)" stayout=1
SetEnvIf user-agent "(?i:MFC_Tear_Sample)" stayout=1
SetEnvIf user-agent "(?i:Microsoft URL Control)" stayout=1
SetEnvIf user-agent "(?i:Missigua Locator)" stayout=1
SetEnvIf user-agent "(?i:panscient.com)" stayout=1
SetEnvIf user-agent "(?i:PECL::HTTP)" stayout=1
SetEnvIf user-agent "(?i:PHPCrawl)" stayout=1
SetEnvIf user-agent "(?i:PleaseCrawl)" stayout=1
SetEnvIf user-agent "(?i:SBIder)" stayout=1
SetEnvIf user-agent "(?i:Snoopy)" stayout=1
SetEnvIf user-agent "(?i:Steeler)" stayout=1
SetEnvIf user-agent "(?i:URI::Fetch)" stayout=1
SetEnvIf user-agent "(?i:urllib)" stayout=1
SetEnvIf user-agent "(?i:Web Sucker)" stayout=1
SetEnvIf user-agent "(?i:webalta)" stayout=1
SetEnvIf user-agent "(?i:WebCollage)" stayout=1
SetEnvIf user-agent "(?i:Wells Search II)" stayout=1
SetEnvIf user-agent "(?i:WEP Search)" stayout=1
SetEnvIf user-agent "(?i:zermelo)" stayout=1
SetEnvIf user-agent "(?i:ZyBorg)" stayout=1
SetEnvIf user-agent "(?i:Indy Library)" stayout=1
SetEnvIf user-agent "(?i:libwww-perl)" stayout=1
SetEnvIf user-agent "(?i:Go!Zilla)" stayout=1
SetEnvIf user-agent "(?i:TurnitinBot)" stayout=1
SetEnvIf user-agent "(?i:sqlmap)" stayout=1
<IfModule !mod_authz_core.c>
deny from env=stayout
</IfModule>
<IfModule mod_authz_core.c>
<RequireAll>
Require all granted
Require not env stayout
</RequireAll>
</IfModule>
##### Common hacking tools and bandwidth hoggers block -- END
##### Automatic compression of resources -- BEGIN
# Automatically serve .css.gz, .css.br, .js.gz or .js.br instead of the original file
# These are versions of the files pre-compressed with GZip or Brotli, respectively
<IfModule mod_headers.c>
# Serve Brotli compressed CSS files if they exist and the client accepts Brotli.
RewriteCond "%{HTTP:Accept-encoding}" "br"
RewriteCond "%{REQUEST_FILENAME}\.br" -s
RewriteRule "^(.*)\.css" "$1\.css\.br" [QSA]
# Serve Brotli compressed JS files if they exist and the client accepts Brotli.
RewriteCond "%{HTTP:Accept-encoding}" "br"
RewriteCond "%{REQUEST_FILENAME}\.br" -s
RewriteRule "^(.*)\.js" "$1\.js\.br" [QSA]
# Serve correct content types, and prevent double compression.
RewriteRule "\.css\.br$" "-" [E=no-gzip:1]
RewriteRule "\.css\.br$" "-" [T=text/css,E=no-brotli:1,L]
RewriteRule "\.js\.br$" "-" [E=no-gzip:1]
RewriteRule "\.js\.br$" "-" [T=text/javascript,E=no-brotli:1,L]
<FilesMatch "(\.js\.br|\.css\.br)$">
# Serve correct encoding type.
Header append Content-Encoding br
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond "%{HTTP:Accept-encoding}" "gzip"
RewriteCond "%{REQUEST_FILENAME}\.gz" -s
RewriteRule "^(.*)\.css" "$1\.css\.gz" [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond "%{HTTP:Accept-encoding}" "gzip"
RewriteCond "%{REQUEST_FILENAME}\.gz" -s
RewriteRule "^(.*)\.js" "$1\.js\.gz" [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
# Also set it as the last rule to prevent the Front- or Backend protection from preventing access to the .gz file.
RewriteRule "\.css\.gz$" "-" [E=no-brotli:1]
RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1,L]
RewriteRule "\.js\.gz$" "-" [E=no-brotli:1]
RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1,L]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header append Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
## Automatically compress by MIME type using mod_brotli. Takes priority due to better compression ratio.
<IfModule mod_brotli.c>
AddOutputFilterByType BROTLI_COMPRESS text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript image/svg+xml
</IfModule>
## Automatically compress by MIME type using mod_deflate.
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript image/svg+xml
</IfModule>
## Fallback to mod_gzip when neither mod_brotli nor mod_deflate is available
<IfModule !mod_brotli.c>
<IfModule !mod_deflate.c>
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_keep_workfiles No
mod_gzip_can_negotiate Yes
mod_gzip_add_header_count Yes
mod_gzip_send_vary Yes
mod_gzip_min_http 1000
mod_gzip_minimum_file_size 300
mod_gzip_maximum_file_size 512000
mod_gzip_maximum_inmem_size 60000
mod_gzip_handle_methods GET
mod_gzip_item_include file \.(html?|txt|css|js|php|pl|xml|rb|py|svg|scgz)$
mod_gzip_item_include mime ^text/javascript$
mod_gzip_item_include mime ^text/plain$
mod_gzip_item_include mime ^text/xml$
mod_gzip_item_include mime ^text/css$
mod_gzip_item_include mime ^application/xml$
mod_gzip_item_include mime ^application/xhtml+xml$
mod_gzip_item_include mime ^application/rss+xml$
mod_gzip_item_include mime ^application/javascript$
mod_gzip_item_include mime ^application/x-javascript$
mod_gzip_item_include mime ^image/svg+xml$
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include handler ^server-status$
mod_gzip_item_include handler ^server-info$
mod_gzip_item_include handler ^application/x-httpd-php
mod_gzip_item_exclude mime ^image/.*
</ifmodule>
</IfModule>
</IfModule>
##### Automatic compression of resources -- END
## Force GZip compression for mangled Accept-Encoding headers
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
##### Redirect www to non-www -- BEGIN
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
##### Redirect www to non-www -- END
##### Rewrite rules to block out some common exploits -- BEGIN
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code\(.*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F]
##### Rewrite rules to block out some common exploits -- END
##### File injection protection -- BEGIN
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http[s]?:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]
##### File injection protection -- END
##### Advanced server protection rules exceptions -- BEGIN
RewriteRule ^administrator\/components\/com_akeeba\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_akeebabackup\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/extract\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !(\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^\.well\-known/ - [L]
##### Advanced server protection rules exceptions -- END
##### Advanced server protection -- BEGIN
## Disable PHP Easter Eggs
RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC]
RewriteRule .* - [F]
#### Back-end protection
RewriteRule ^administrator/?$ - [L]
RewriteRule ^administrator/index\.(php|html?)$ - [L]
RewriteRule ^administrator/(components|modules|templates|images|plugins)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$ - [L]
RewriteRule ^administrator/ - [F]
#### Disable client-side risky behavior in backend static content
<If "%{REQUEST_URI} =~ m#^/administrator/(components|modules|templates|images|plugins)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$#">
<IfModule mod_headers.c>
Header always set Content-Security-Policy "default-src 'self'; script-src 'none';"
</IfModule>
</If>
#### Front-end protection
## Allow limited access for certain directories with client-accessible content
RewriteRule ^(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$ - [L]
RewriteRule ^(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/ - [F]
#### Disable client-side risky behavior in frontend static content
<If "%{REQUEST_URI} =~ m#^/(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$#">
<IfModule mod_headers.c>
Header always set Content-Security-Policy "default-src 'self'; script-src 'none';"
</IfModule>
</If>
## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above)
RewriteRule ^includes/js/ - [L]
RewriteRule ^(cache|includes|language|logs|log|tmp)/ - [F]
RewriteRule ^(configuration\.php|CONTRIBUTING\.md|htaccess\.txt|joomla\.xml|LICENSE\.txt|phpunit\.xml|README\.txt|web\.config\.txt) - [F]
## Explicitly allow access to the site's index.php main entry point file
RewriteRule ^index.php(/.*){0,1}$ - [L]
## Explicitly allow access to the site's robots.txt file
RewriteRule ^robots.txt$ - [L]
## Disallow access to all other PHP files throughout the site, unless they are explicitly allowed
RewriteCond %{REQUEST_FILENAME} (\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule (.*\.php)$ - [F]
##### Advanced server protection rules exceptions also bypass the “disable client-side risky behavior” features -- BEGIN
<If "%{REQUEST_URI} == '/administrator/components/com_akeeba/restore.php'">
<IfModule mod_headers.c>
Header always unset Content-Security-Policy
</IfModule>
</If>
<If "%{REQUEST_URI} == '/administrator/components/com_akeebabackup/restore.php'">
<IfModule mod_headers.c>
Header always unset Content-Security-Policy
</IfModule>
</If>
<If "%{REQUEST_URI} == '/administrator/components/com_joomlaupdate/restore.php'">
<IfModule mod_headers.c>
Header always unset Content-Security-Policy
</IfModule>
</If>
<If "%{REQUEST_URI} == '/administrator/components/com_joomlaupdate/extract.php'">
<IfModule mod_headers.c>
Header always unset Content-Security-Policy
</IfModule>
</If>
<If "%{REQUEST_URI} =~ m#^\.well\-known/#">
<IfModule mod_headers.c>
Header always unset Content-Security-Policy
</IfModule>
</If>
##### Advanced server protection rules exceptions also bypass the “disable client-side risky behavior” features -- END
## Disallow access to htaccess.txt, php.ini, .user.ini and configuration.php-dist
RewriteRule ^(htaccess\.txt|configuration\.php-dist|php\.ini|\.user\.ini)$ - [F]
# Disallow access to all other front-end folders
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} !^/
RewriteRule .* - [F]
# Disallow access to all other front-end files
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule !^index.php$ - [F]
## Remove Apache and PHP version signature
<IfModule mod_headers.c>
Header always unset X-Powered-By
Header always unset X-Content-Powered-By
</IfModule>
ServerSignature Off
##### Advanced server protection -- END
## HSTS Header - See http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS
</IfModule>
## Referrer-policy
<IfModule mod_headers.c>
Header always set Referrer-Policy "unsafe-url"
</IfModule>
##### Joomla! core SEF Section -- BEGIN
# PHP FastCGI fix for HTTP Authorization
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
##### Joomla! core SEF Section -- BEGIN
RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]
##### Joomla! core SEF Section -- END