51 lines
1.5 KiB
ApacheConf
51 lines
1.5 KiB
ApacheConf
# =========================
|
|
# Grundschutz
|
|
# =========================
|
|
|
|
# Kein Directory-Listing
|
|
Options -Indexes
|
|
|
|
# Schutz für sensible Dateien
|
|
<FilesMatch "(\.env|\.git|config\.php|_sql\.php)">
|
|
Require all denied
|
|
</FilesMatch>
|
|
|
|
# TODO: ggf. weitere Dateien schützen, z.B. uploads oder tmp
|
|
|
|
# =========================
|
|
# Rewrite zu index.php
|
|
# =========================
|
|
RewriteEngine On
|
|
|
|
# Alles auf index.php umleiten, außer echte Dateien/Verzeichnisse
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteRule ^([a-z\-]*)$ index.php?module=$1 [QSA,L]
|
|
RewriteRule ^([a-z\-]*)/([a-z]*)$ index.php?module=$1&action=$2 [QSA,L]
|
|
RewriteRule ^$ index.php [QSA,L]
|
|
|
|
# =========================
|
|
# Standard-Dokument
|
|
# =========================
|
|
DirectoryIndex index.php
|
|
|
|
# =========================
|
|
# Security Headers
|
|
# =========================
|
|
<IfModule mod_headers.c>
|
|
Header set X-Content-Type-Options "nosniff"
|
|
Header set X-Frame-Options "SAMEORIGIN"
|
|
Header set X-XSS-Protection "1; mode=block"
|
|
Header always set Referrer-Policy "no-referrer-when-downgrade"
|
|
Header always set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:;"
|
|
</IfModule>
|
|
|
|
# =========================
|
|
# Upload-Sicherheit
|
|
# =========================
|
|
#<FilesMatch "\./uploads(php|phtml|php3|php4|php5|php7|phps)$">
|
|
# Require all denied
|
|
#</FilesMatch>
|
|
|
|
# TODO: Optional: Upload-Verzeichnisse (device_types, floorplans) via .htaccess zusätzlich schützen
|