### ===========================================================================
### Security Enhanced & Highly Optimized .htaccess File for Joomla!
### automatically generated by Admin Tools 7.7.0 on 2025-02-13 18:56:45 UTC
### Auto-detected Apache version: 2.0 (best guess)
### ===========================================================================
###
### The contents of this file are based on the same author's work "Master
### .htaccess".
###
### Admin Tools is Free Software, distributed under the terms of the GNU
### General Public License version 3 or, at your option, any later version
### published by the Free Software Foundation.
###
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
### !! !!
### !! If you get an Internal Server Error 500 or a blank page when trying !!
### !! to access your site, remove this file and try tweaking its settings !!
### !! in the back-end of the Admin Tools component. !!
### !! !!
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
###
##### RewriteEngine enabled - BEGIN
RewriteEngine On
##### RewriteEngine enabled - END
# PHP FastCGI fix for HTTP Authorization
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
##### RewriteBase set - BEGIN
RewriteBase /
##### RewriteBase set - END
##### HTTP to HTTPS redirection
## Since you have enabled HSTS the first redirection rule will instruct the browser to visit the HTTPS version of your
## site. This prevents unsafe redirections through HTTP.
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://salesxchange.co.uk%{REQUEST_URI} [L,R=301]
##### Custom Rules (Top of File) -- BEGIN
# LiteSpeed Cache Lookup
CacheLookup on
RewriteEngine On
# Vary Cache for Mobile Devices
RewriteCond %{HTTP_USER_AGENT} Mobile|Android|Silk/|Kindle|BlackBerry|Opera\ Mini|Opera\ Mobi [NC]
RewriteRule .* - [E=Cache-Control:vary=ismobile]
# Disable Cache for Specific URIs (e.g., forms)
RewriteCond %{REQUEST_URI} enquiry [NC]
RewriteRule .* - [E=Cache-Control:no-cache]
# Block Known Scraper Bots (Fix for 403)
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (AhrefsBot|MJ12bot|SemrushBot|HTTrack|python-requests|curl|wget|Scrapy|libwww-perl|Python|Java) [NC]
RewriteCond %{REQUEST_URI} !robots.txt$ # Allow access to robots.txt
RewriteRule .* - [F,L]
# Increase PHP Execution Time
php_value max_execution_time 600
# Enable Compression
AddOutputFilterByType DEFLATE text/html text/css text/javascript text/xml text/plain
AddOutputFilterByType DEFLATE application/javascript application/json application/xml
AddOutputFilterByType DEFLATE font/woff2 font/woff font/ttf font/otf
AddOutputFilterByType DEFLATE image/webp image/svg+xml application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE video/mp4 video/m3u8
# MIME Type Configuration
AddType font/opentype .otf
AddType application/font-woff .woff
AddType application/font-woff2 .woff2
AddType application/x-font-ttf .ttf
AddType application/vnd.ms-fontobject .eot
AddType image/svg+xml .svg
# Cache-Control and Expiration Settings
ExpiresActive On
# Long-Term Cache for Static Assets
ExpiresByType image/webp "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType video/mp4 "access plus 1 year"
ExpiresByType video/m3u8 "access plus 1 year"
ExpiresByType font/woff "access plus 1 year"
ExpiresByType font/woff2 "access plus 1 year"
ExpiresByType font/ttf "access plus 1 year"
ExpiresByType font/otf "access plus 1 year"
# JavaScript and CSS (6 Months Cache)
ExpiresByType text/javascript "access plus 6 months"
ExpiresByType application/javascript "access plus 6 months"
ExpiresByType text/css "access plus 6 months"
# HTML (Short Cache)
ExpiresByType text/html "access plus 1 month"
ExpiresByType application/xhtml+xml "access plus 1 month"
# Default Cache Fallback
ExpiresDefault "access plus 1 seconds"
# Allow CORS for Fonts
Header set Access-Control-Allow-Origin "*"
# Lazy Load Videos on Mobile
RewriteCond %{HTTP_USER_AGENT} Mobile|Android|Silk/|Kindle|BlackBerry|Opera\ Mini|Opera\ Mobi [NC]
RewriteCond %{REQUEST_URI} \.mp4$ [NC]
RewriteRule .* - [E=Cache-Control:no-cache]
# Prevent Excessive Connections from the Same IP
LimitIPConn 10
# Compress Fonts for Faster Delivery
AddOutputFilterByType DEFLATE font/woff font/woff2 font/ttf font/otf
##### Custom Rules (Top of File) -- END
##### File execution order -- BEGIN
DirectoryIndex index.php index.html
##### File execution order -- END
##### No directory listings -- BEGIN
IndexIgnore *
Options -Indexes
##### No directory listings -- END
##### Optimal default expiration time - BEGIN
# Enable expiration control
ExpiresActive On
# No caching for specific resource types
## -- Application cache manifest
ExpiresByType text/cache-manifest "now"
## -- XML and JSON
ExpiresByType application/json "now"
ExpiresByType application/xml "now"
ExpiresByType text/xml "now"
## RSS and Atom feeds: 1 hour (hardcoded)
ExpiresByType application/atom+xml "now plus 1 hour"
ExpiresByType application/rss+xml "now plus 1 hour"
# CSS and JS expiration: 1 year after request
ExpiresByType text/css "now plus 1 year"
ExpiresByType text/javascript "now plus 1 year"
ExpiresByType application/javascript "now plus 1 year"
ExpiresByType application/ld+json "now plus 1 year"
ExpiresByType application/x-javascript "now plus 1 year"
# Image files expiration: 1 year after request
ExpiresByType application/ico "now plus 1 year"
ExpiresByType application/smil "now plus 1 year"
ExpiresByType application/vnd.wap.wbxml "now plus 1 year"
ExpiresByType image/bmp "now plus 1 year"
ExpiresByType image/gif "now plus 1 year"
ExpiresByType image/ico "now plus 1 year"
ExpiresByType image/icon "now plus 1 year"
ExpiresByType image/jp2 "now plus 1 year"
ExpiresByType image/jpeg "now plus 1 year"
ExpiresByType image/jpg "now plus 1 year"
ExpiresByType image/pipeg "now plus 1 year"
ExpiresByType image/png "now plus 1 year"
ExpiresByType image/svg+xml "now plus 1 year"
ExpiresByType image/tiff "now plus 1 year"
ExpiresByType image/vnd.microsoft.icon "now plus 1 year"
ExpiresByType image/vnd.wap.wbmp "now plus 1 year"
ExpiresByType image/webp "now plus 1 year"
ExpiresByType image/x-icon "now plus 1 year"
ExpiresByType text/ico "now plus 1 year"
# Font files expiration: 1 year after request
ExpiresByType application/font-woff "now plus 1 year"
ExpiresByType application/font-woff2 "now plus 1 year"
ExpiresByType application/vnd.ms-fontobject "now plus 1 year"
ExpiresByType application/x-font-opentype "now plus 1 year"
ExpiresByType application/x-font-ttf "now plus 1 year"
ExpiresByType application/x-font-woff "now plus 1 year"
ExpiresByType font/opentype "now plus 1 year"
ExpiresByType font/otf "now plus 1 year"
ExpiresByType font/ttf "now plus 1 year"
ExpiresByType font/woff "now plus 1 year"
ExpiresByType font/woff2 "now plus 1 year"
# Audio files expiration: 1 year after request
ExpiresByType application/ogg "now plus 1 year"
ExpiresByType audio/3gpp "now plus 1 year"
ExpiresByType audio/3gpp2 "now plus 1 year"
ExpiresByType audio/aac "now plus 1 year"
ExpiresByType audio/basic "now plus 1 year"
ExpiresByType audio/mid "now plus 1 year"
ExpiresByType audio/midi "now plus 1 year"
ExpiresByType audio/mp3 "now plus 1 year"
ExpiresByType audio/mpeg "now plus 1 year"
ExpiresByType audio/ogg "now plus 1 year"
ExpiresByType audio/opus "now plus 1 year"
ExpiresByType audio/x-aiff "now plus 1 year"
ExpiresByType audio/x-mpegurl "now plus 1 year"
ExpiresByType audio/x-pn-realaudio "now plus 1 year"
ExpiresByType audio/x-wav "now plus 1 year"
ExpiresByType audio/wav "now plus 1 year"
# Movie files expiration: 1 year after request
ExpiresByType application/x-shockwave-flash "now plus 1 year"
ExpiresByType video/3gpp "now plus 1 year"
ExpiresByType video/3gpp2 "now plus 1 year"
ExpiresByType video/mp4 "now plus 1 year"
ExpiresByType video/mpeg "now plus 1 year"
ExpiresByType video/ogg "now plus 1 year"
ExpiresByType video/quicktime "now plus 1 year"
ExpiresByType video/webm "now plus 1 year"
ExpiresByType video/x-la-asf "now plus 1 year"
ExpiresByType video/x-ms-asf "now plus 1 year"
ExpiresByType video/x-msvideo "now plus 1 year"
ExpiresByType x-world/x-vrml "now plus 1 year"
# Disable caching of administrator/index.php
ExpiresActive Off
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
##### Optimal default expiration time - END
##### Common hacking tools and bandwidth hoggers block -- BEGIN
SetEnvIf user-agent "(?i:Acunetix)" stayout=1
SetEnvIf user-agent "(?i:BOT for JCE)" stayout=1
SetEnvIf user-agent "(?i:BlackWidow)" stayout=1
SetEnvIf user-agent "(?i:Bolt 0)" stayout=1
SetEnvIf user-agent "(?i:Bot mailto:craftbot@yahoo.com)" stayout=1
SetEnvIf user-agent "(?i:CazoodleBot)" stayout=1
SetEnvIf user-agent "(?i:ChinaClaw)" stayout=1
SetEnvIf user-agent "(?i:Custo)" stayout=1
SetEnvIf user-agent "(?i:DIIbot)" stayout=1
SetEnvIf user-agent "(?i:DISCo)" stayout=1
SetEnvIf user-agent "(?i:Default Browser 0)" stayout=1
SetEnvIf user-agent "(?i:Download Demon)" stayout=1
SetEnvIf user-agent "(?i:EirGrabber)" stayout=1
SetEnvIf user-agent "(?i:EmailCollector)" stayout=1
SetEnvIf user-agent "(?i:EmailSiphon)" stayout=1
SetEnvIf user-agent "(?i:EmailWolf)" stayout=1
SetEnvIf user-agent "(?i:Express WebPictures)" stayout=1
SetEnvIf user-agent "(?i:ExtractorPro)" stayout=1
SetEnvIf user-agent "(?i:EyeNetIE)" stayout=1
SetEnvIf user-agent "(?i:FHscan)" stayout=1
SetEnvIf user-agent "(?i:FlashGet)" stayout=1
SetEnvIf user-agent "(?i:GT::WWW)" stayout=1
SetEnvIf user-agent "(?i:GetRight)" stayout=1
SetEnvIf user-agent "(?i:GetWeb!)" stayout=1
SetEnvIf user-agent "(?i:Go!Zilla)" stayout=1
SetEnvIf user-agent "(?i:Go-Ahead-Got-It)" stayout=1
SetEnvIf user-agent "(?i:GrabNet)" stayout=1
SetEnvIf user-agent "(?i:Grafula)" stayout=1
SetEnvIf user-agent "(?i:HMView)" stayout=1
SetEnvIf user-agent "(?i:HTTP::Lite)" stayout=1
SetEnvIf user-agent "(?i:HTTrack)" stayout=1
SetEnvIf user-agent "(?i:IDBot)" stayout=1
SetEnvIf user-agent "(?i:IRLbot)" stayout=1
SetEnvIf user-agent "(?i:ISC Systems iRc Search 2.1)" stayout=1
SetEnvIf user-agent "(?i:Image Stripper)" stayout=1
SetEnvIf user-agent "(?i:Image Sucker)" stayout=1
SetEnvIf user-agent "(?i:Indy Library)" stayout=1
SetEnvIf user-agent "(?i:InterGET)" stayout=1
SetEnvIf user-agent "(?i:Internet Ninja)" stayout=1
SetEnvIf user-agent "(?i:InternetSeer.com)" stayout=1
SetEnvIf user-agent "(?i:JOC Web Spider)" stayout=1
SetEnvIf user-agent "(?i:Java)" stayout=1
SetEnvIf user-agent "(?i:JetCar)" stayout=1
SetEnvIf user-agent "(?i:LeechFTP)" stayout=1
SetEnvIf user-agent "(?i:LinksManager.com_bot)" stayout=1
SetEnvIf user-agent "(?i:MFC_Tear_Sample)" stayout=1
SetEnvIf user-agent "(?i:MIDown tool)" stayout=1
SetEnvIf user-agent "(?i:MSFrontPage)" stayout=1
SetEnvIf user-agent "(?i:Mass Downloader)" stayout=1
SetEnvIf user-agent "(?i:Maxthon$)" stayout=1
SetEnvIf user-agent "(?i:Microsoft URL Control)" stayout=1
SetEnvIf user-agent "(?i:Missigua Locator)" stayout=1
SetEnvIf user-agent "(?i:Mister PiX)" stayout=1
SetEnvIf user-agent "(?i:NEWT)" stayout=1
SetEnvIf user-agent "(?i:Navroad)" stayout=1
SetEnvIf user-agent "(?i:NearSite)" stayout=1
SetEnvIf user-agent "(?i:Net Vampire)" stayout=1
SetEnvIf user-agent "(?i:NetAnts)" stayout=1
SetEnvIf user-agent "(?i:NetSpider)" stayout=1
SetEnvIf user-agent "(?i:NetZIP)" stayout=1
SetEnvIf user-agent "(?i:Octopus)" stayout=1
SetEnvIf user-agent "(?i:Offline Explorer)" stayout=1
SetEnvIf user-agent "(?i:Offline Navigator)" stayout=1
SetEnvIf user-agent "(?i:PECL::HTTP)" stayout=1
SetEnvIf user-agent "(?i:PHPCrawl)" stayout=1
SetEnvIf user-agent "(?i:PageGrabber)" stayout=1
SetEnvIf user-agent "(?i:Papa Foto)" stayout=1
SetEnvIf user-agent "(?i:PeoplePal)" stayout=1
SetEnvIf user-agent "(?i:PleaseCrawl)" stayout=1
SetEnvIf user-agent "(?i:ReGet)" stayout=1
SetEnvIf user-agent "(?i:RealDownload)" stayout=1
SetEnvIf user-agent "(?i:Rippers 0)" stayout=1
SetEnvIf user-agent "(?i:SBIder)" stayout=1
SetEnvIf user-agent "(?i:SeaMonkey$)" stayout=1
SetEnvIf user-agent "(?i:SiteSnagger)" stayout=1
SetEnvIf user-agent "(?i:SmartDownload)" stayout=1
SetEnvIf user-agent "(?i:Snoopy)" stayout=1
SetEnvIf user-agent "(?i:Steeler)" stayout=1
SetEnvIf user-agent "(?i:SuperBot)" stayout=1
SetEnvIf user-agent "(?i:SuperHTTP)" stayout=1
SetEnvIf user-agent "(?i:Surfbot)" stayout=1
SetEnvIf user-agent "(?i:Teleport Pro)" stayout=1
SetEnvIf user-agent "(?i:Toata dragostea mea pentru diavola)" stayout=1
SetEnvIf user-agent "(?i:TurnitinBot)" stayout=1
SetEnvIf user-agent "(?i:URI::Fetch)" stayout=1
SetEnvIf user-agent "(?i:VoidEYE)" stayout=1
SetEnvIf user-agent "(?i:WEP Search)" stayout=1
SetEnvIf user-agent "(?i:WWW-Mechanize)" stayout=1
SetEnvIf user-agent "(?i:WWWOFFLE)" stayout=1
SetEnvIf user-agent "(?i:Web Image Collector)" stayout=1
SetEnvIf user-agent "(?i:Web Sucker)" stayout=1
SetEnvIf user-agent "(?i:WebAuto)" stayout=1
SetEnvIf user-agent "(?i:WebBandit)" stayout=1
SetEnvIf user-agent "(?i:WebCollage)" stayout=1
SetEnvIf user-agent "(?i:WebCopier)" stayout=1
SetEnvIf user-agent "(?i:WebFetch)" stayout=1
SetEnvIf user-agent "(?i:WebGo IS)" stayout=1
SetEnvIf user-agent "(?i:WebLeacher)" stayout=1
SetEnvIf user-agent "(?i:WebReaper)" stayout=1
SetEnvIf user-agent "(?i:WebSauger)" stayout=1
SetEnvIf user-agent "(?i:WebStripper)" stayout=1
SetEnvIf user-agent "(?i:WebWhacker)" stayout=1
SetEnvIf user-agent "(?i:WebZIP)" stayout=1
SetEnvIf user-agent "(?i:Website Quester)" stayout=1
SetEnvIf user-agent "(?i:Website eXtractor)" stayout=1
SetEnvIf user-agent "(?i:Wells Search II)" stayout=1
SetEnvIf user-agent "(?i:Widow)" stayout=1
SetEnvIf user-agent "(?i:Xaldon WebSpider)" stayout=1
SetEnvIf user-agent "(?i:Yandex)" stayout=1
SetEnvIf user-agent "(?i:Zeus)" stayout=1
SetEnvIf user-agent "(?i:ZyBorg)" stayout=1
SetEnvIf user-agent "(?i:binlar)" stayout=1
SetEnvIf user-agent "(?i:casper)" stayout=1
SetEnvIf user-agent "(?i:checkprivacy)" stayout=1
SetEnvIf user-agent "(?i:clshttp)" stayout=1
SetEnvIf user-agent "(?i:cmsworldmap)" stayout=1
SetEnvIf user-agent "(?i:comodo)" stayout=1
SetEnvIf user-agent "(?i:diavol)" stayout=1
SetEnvIf user-agent "(?i:discobot)" stayout=1
SetEnvIf user-agent "(?i:dotbot)" stayout=1
SetEnvIf user-agent "(?i:eCatch)" stayout=1
SetEnvIf user-agent "(?i:ecxi)" stayout=1
SetEnvIf user-agent "(?i:extract)" stayout=1
SetEnvIf user-agent "(?i:feedfinder)" stayout=1
SetEnvIf user-agent "(?i:flicky)" stayout=1
SetEnvIf user-agent "(?i:grab)" stayout=1
SetEnvIf user-agent "(?i:harvest)" stayout=1
SetEnvIf user-agent "(?i:heritrix)" stayout=1
SetEnvIf user-agent "(?i:ia_archiver)" stayout=1
SetEnvIf user-agent "(?i:id-search)" stayout=1
SetEnvIf user-agent "(?i:id-search.org)" stayout=1
SetEnvIf user-agent "(?i:jakarta)" stayout=1
SetEnvIf user-agent "(?i:kmccrew)" stayout=1
SetEnvIf user-agent "(?i:larbin)" stayout=1
SetEnvIf user-agent "(?i:libwww)" stayout=1
SetEnvIf user-agent "(?i:libwww-perl)" stayout=1
SetEnvIf user-agent "(?i:linkwalker)" stayout=1
SetEnvIf user-agent "(?i:lwp-trivial)" stayout=1
SetEnvIf user-agent "(?i:microsoft.url)" stayout=1
SetEnvIf user-agent "(?i:miner)" stayout=1
SetEnvIf user-agent "(?i:nutch)" stayout=1
SetEnvIf user-agent "(?i:panscient.com)" stayout=1
SetEnvIf user-agent "(?i:pavuk)" stayout=1
SetEnvIf user-agent "(?i:pcBrowser)" stayout=1
SetEnvIf user-agent "(?i:planetwork)" stayout=1
SetEnvIf user-agent "(?i:psbot)" stayout=1
SetEnvIf user-agent "(?i:purebot)" stayout=1
SetEnvIf user-agent "(?i:pycurl)" stayout=1
SetEnvIf user-agent "(?i:sitecheck.internetseer.com)" stayout=1
SetEnvIf user-agent "(?i:skygrid)" stayout=1
SetEnvIf user-agent "(?i:sucker)" stayout=1
SetEnvIf user-agent "(?i:tAkeOut)" stayout=1
SetEnvIf user-agent "(?i:turnit)" stayout=1
SetEnvIf user-agent "(?i:urllib)" stayout=1
SetEnvIf user-agent "(?i:vikspider)" stayout=1
SetEnvIf user-agent "(?i:webalta)" stayout=1
SetEnvIf user-agent "(?i:webbandit)" stayout=1
SetEnvIf user-agent "(?i:zermelo)" stayout=1
SetEnvIf user-agent "(?i:zmeu)" stayout=1
deny from env=stayout
Require all granted
Require not env stayout
##### Common hacking tools and bandwidth hoggers block -- END
##### Automatic compression of resources -- BEGIN
# Automatically serve .css.gz, .css.br, .js.gz or .js.br instead of the original file
# These are versions of the files pre-compressed with GZip or Brotli, respectively
# Serve Brotli compressed CSS files if they exist and the client accepts Brotli.
RewriteCond "%{HTTP:Accept-encoding}" "br"
RewriteCond "%{REQUEST_FILENAME}\.br" -s
RewriteRule "^(.*)\.css" "$1\.css\.br" [QSA]
# Serve Brotli compressed JS files if they exist and the client accepts Brotli.
RewriteCond "%{HTTP:Accept-encoding}" "br"
RewriteCond "%{REQUEST_FILENAME}\.br" -s
RewriteRule "^(.*)\.js" "$1\.js\.br" [QSA]
# Serve correct content types, and prevent double compression.
RewriteRule "\.css\.br$" "-" [T=text/css,E=no-gzip:1,E=no-brotli:1,L]
RewriteRule "\.js\.br$" "-" [T=text/javascript,E=no-gzip:1,E=no-brotli:1,L]
# Serve correct encoding type.
Header set Content-Encoding br
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond "%{HTTP:Accept-encoding}" "gzip"
RewriteCond "%{REQUEST_FILENAME}\.gz" -s
RewriteRule "^(.*)\.css" "$1\.css\.gz" [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond "%{HTTP:Accept-encoding}" "gzip"
RewriteCond "%{REQUEST_FILENAME}\.gz" -s
RewriteRule "^(.*)\.js" "$1\.js\.gz" [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
# Also set it as the last rule to prevent the Front- or Backend protection from preventing access to the .gz file.
RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1,E=no-brotli:1,L]
RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1,E=no-brotli:1,L]
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
## Automatically compress by MIME type using mod_brotli. Takes priority due to better compression ratio.
AddOutputFilterByType BROTLI_COMPRESS text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript image/svg+xml
## Automatically compress by MIME type using mod_deflate.
AddOutputFilterByType DEFLATE text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript image/svg+xml
## Fallback to mod_gzip when neither mod_brotli nor mod_deflate is available
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_keep_workfiles No
mod_gzip_can_negotiate Yes
mod_gzip_add_header_count Yes
mod_gzip_send_vary Yes
mod_gzip_min_http 1000
mod_gzip_minimum_file_size 300
mod_gzip_maximum_file_size 512000
mod_gzip_maximum_inmem_size 60000
mod_gzip_handle_methods GET
mod_gzip_item_include file \.(html?|txt|css|js|php|pl|xml|rb|py|svg|scgz)$
mod_gzip_item_include mime ^text/javascript$
mod_gzip_item_include mime ^text/plain$
mod_gzip_item_include mime ^text/xml$
mod_gzip_item_include mime ^text/css$
mod_gzip_item_include mime ^application/xml$
mod_gzip_item_include mime ^application/xhtml+xml$
mod_gzip_item_include mime ^application/rss+xml$
mod_gzip_item_include mime ^application/javascript$
mod_gzip_item_include mime ^application/x-javascript$
mod_gzip_item_include mime ^image/svg+xml$
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include handler ^server-status$
mod_gzip_item_include handler ^server-info$
mod_gzip_item_include handler ^application/x-httpd-php
mod_gzip_item_exclude mime ^image/.*
##### Automatic compression of resources -- END
## Force GZip compression for mangled Accept-Encoding headers
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
##### Redirect index.php to / -- BEGIN
RewriteCond %{THE_REQUEST} !^POST
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ / [R,L]
##### Redirect index.php to / -- END
##### Redirect www to non-www -- BEGIN
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R,L]
##### Redirect www to non-www -- END
##### Rewrite rules to block out some common exploits -- BEGIN
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code\(.*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F]
##### Rewrite rules to block out some common exploits -- END
##### File injection protection -- BEGIN
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http[s]?:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]
##### File injection protection -- END
##### Advanced server protection rules exceptions -- BEGIN
RewriteRule ^administrator\/components\/com_akeeba\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$ - [L]
RewriteRule ^index\.php\?option=com_jmap&view=sitemap&format=mobile$ - [L]
RewriteRule ^index\.php\?option=com_jmap&view=sitemap&format=videos$ - [L]
RewriteRule ^index\.php\?option=com_jmap&view=sitemap&format=images$ - [L]
RewriteRule ^index\.php\?option=com_jmap&view=sitemap&format=xml$ - [L]
RewriteRule ^robots\.txt$ - [L]
RewriteRule ^ads\.txt$ - [L]
RewriteRule ^1k2nhbxv9bf5h7ypxwlnw52i6iuyza\.html$ - [L]
RewriteRule ^yandex_c259204a6f15e1c3\.html$ - [L]
RewriteRule ^administrator\/components\/com_akeebabackup\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/extract\.php$ - [L]
RewriteRule ^googlee54f5ad28aaba92e\.html$ - [L]
RewriteRule ^favicon\.ico$ - [L]
RewriteRule ^seobilityverify_8428866\.html$ - [L]
RewriteRule ^f3f5df3a306940079f22ad12187a1c14\.txt$ - [L]
RewriteRule ^favicon\.svg$ - [L]
RewriteCond %{REQUEST_FILENAME} !(\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^\.well\-known/ - [L]
##### Advanced server protection rules exceptions -- END
##### Advanced server protection -- BEGIN
#### Back-end protection
RewriteRule ^administrator/?$ - [L]
RewriteRule ^administrator/index\.(php|html?)$ - [L]
RewriteRule ^administrator/(administrator|components|modules|templates|images|plugins)/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xml|xps|xsl|zip)$ - [L,NC]
RewriteRule ^administrator/ - [F]
#### Front-end protection
## Allow limited access to additional TinyMCE plugins' HTML files
RewriteRule ^media/plg_editors_tinymce/js/plugins/.*\.(htm|html)$ - [L,NC]
## Allow limited access for certain directories with client-accessible content
RewriteRule ^(administrator|components|downloads|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xml|xps|xsl|zip)$ - [L,NC]
RewriteRule ^(administrator|components|downloads|modules|templates|images|plugins|media|libraries|media/jui/fonts)/ - [F]
## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above)
RewriteRule ^includes/js/ - [L]
RewriteRule ^(cache|includes|language|logs|log|tmp)/ - [F]
RewriteRule ^(configuration\.php|CONTRIBUTING\.md|htaccess\.txt|joomla\.xml|LICENSE\.txt|phpunit\.xml|README\.txt|web\.config\.txt) - [F]
## Explicitly allow access to the site's index.php main entry point file
RewriteRule ^index.php(/.*){0,1}$ - [L]
## Explicitly allow access to the API application's index.php main entry point file
RewriteRule ^api/index.php(/.*){0,1}$ - [L]
## Explicitly allow access to the site's robots.txt file
RewriteRule ^robots.txt$ - [L]
## Disallow access to all other PHP files throughout the site, unless they are explicitly allowed
RewriteCond %{REQUEST_FILENAME} (\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule (.*\.php)$ - [F]
## Disallow access to htaccess.txt, php.ini, .user.ini and configuration.php-dist
RewriteRule ^(htaccess\.txt|configuration\.php-dist|php\.ini|\.user\.ini)$ - [F]
# Disallow access to all other front-end folders
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} !^/
RewriteRule .* - [F]
# Disallow access to all other front-end files
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule !^index.php$ - [F]
## Protect against clickjacking
Header always set X-Frame-Options SAMEORIGIN
# The `X-Frame-Options` response header should be send only for
# HTML documents and not for the other resources.
Header unset X-Frame-Options
## Reduce MIME type security risks
Header set X-Content-Type-Options "nosniff"
## Reflected XSS prevention
Header set X-XSS-Protection "1; mode=block"
# mod_headers cannot match based on the content-type, however,
# the X-XSS-Protection response header should be sent only for
# HTML documents and not for the other resources.
Header unset X-XSS-Protection
## Remove Apache and PHP version signature
Header always unset X-Powered-By
Header always unset X-Content-Powered-By
ServerSignature Off
##### Advanced server protection -- END
## HSTS Header - See http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS
## Referrer-policy
Header always set Referrer-Policy "unsafe-url"
##### Joomla! core SEF Section -- BEGIN
# -- SEF URLs for the API application
RewriteCond %{REQUEST_URI} ^/api/
RewriteCond %{REQUEST_URI} !^/api/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* api/index.php [L]
# -- SEF URLs for the public frontend application
##### Joomla! core SEF Section -- BEGIN
RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]
##### Joomla! core SEF Section -- END