### ===========================================================================
### Security Enhanced & Highly Optimized .htaccess File for Joomla!
### automatically generated by Admin Tools 7.1.11 on 2022-11-18 23:35:45 CET
### Auto-detected Apache version: 2.2 (best guess)
### ===========================================================================
###
### The contents of this file are based on the same author's work "Master
### .htaccess".
###
### Admin Tools is Free Software, distributed under the terms of the GNU
### General Public License version 3 or, at your option, any later version
### published by the Free Software Foundation.
###
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
### !! !!
### !! If you get an Internal Server Error 500 or a blank page when trying !!
### !! to access your site, remove this file and try tweaking its settings !!
### !! in the back-end of the Admin Tools component. !!
### !! !!
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
###
##### RewriteEngine enabled - BEGIN
RewriteEngine On
##### RewriteEngine enabled - END
##### File execution order -- BEGIN
DirectoryIndex index.php index.html
##### File execution order -- END
##### No directory listings -- BEGIN
IndexIgnore *
Options -Indexes +SymLinksIfOwnerMatch
##### No directory listings -- END
##### Redirect index.php to / -- BEGIN
RewriteCond %{THE_REQUEST} !^POST
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ / [R=301,L]
##### Redirect index.php to / -- END
##### Force HTTPS for certain pages -- BEGIN
RewriteCond %{HTTPS} ^off$ [NC,OR]
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^$ https://beagle-freunde-butzbach.de/ [R=301,L]
##### Force HTTPS for certain pages -- END
##### Rewrite rules to block out some common exploits -- BEGIN
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code\(.*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F]
##### Rewrite rules to block out some common exploits -- END
##### File injection protection -- BEGIN
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http[s]?:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]
##### File injection protection -- END
##### Advanced server protection rules exceptions -- BEGIN
RewriteRule ^administrator\/components\/com_akeeba\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_akeebabackup\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/extract\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !(\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^\.well\-known/ - [L]
RewriteRule ^installation/ - [L]
##### Advanced server protection rules exceptions -- END
##### Advanced server protection -- BEGIN
## Disable PHP Easter Eggs
RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC]
RewriteRule .* - [F]
#### Back-end protection
RewriteRule ^administrator/?$ - [L]
RewriteRule ^administrator/index\.(php|html?)$ - [L]
RewriteRule ^administrator/(components|modules|templates)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|webp|ico|xsl)$ - [L,NC]
RewriteRule ^administrator/ - [F]
#### Disable client-side risky behavior in backend static content
Header always set Content-Security-Policy "default-src 'self'; script-src 'none';"
#### Front-end protection
## Allow limited access to additional TinyMCE plugins' HTML files
RewriteRule ^media/plg_editors_tinymce/js/plugins/.*\.(htm|html)$ - [L,NC]
## Allow limited access for certain directories with client-accessible content
RewriteRule ^(components|modules|templates|images|plugins|media|libraries)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|webp|ico|xsl)$ - [L,NC]
RewriteRule ^(components|modules|templates|images|plugins|media|libraries)/ - [F]
#### Disable client-side risky behavior in frontend static content
Header always set Content-Security-Policy "default-src 'self'; script-src 'none';"
## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above)
RewriteRule ^includes/js/ - [L]
RewriteRule ^(cache|includes|language|logs|log|tmp)/ - [F]
RewriteRule ^(configuration\.php|CONTRIBUTING\.md|htaccess\.txt|joomla\.xml|LICENSE\.txt|phpunit\.xml|README\.txt|web\.config\.txt) - [F]
## Explicitly allow access to the site's index.php main entry point file
RewriteRule ^index.php(/.*){0,1}$ - [L]
## Explicitly allow access to the API application's index.php main entry point file
RewriteRule ^api/index.php(/.*){0,1}$ - [L]
## Explicitly allow access to the site's robots.txt file
RewriteRule ^robots.txt$ - [L]
## Disallow access to all other PHP files throughout the site, unless they are explicitly allowed
RewriteCond %{REQUEST_FILENAME} (\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule (.*\.php)$ - [F]
##### Always allow TinyMCE plugin files to load scripts (they need to)
Header always unset Content-Security-Policy
##### Advanced server protection rules exceptions also bypass the “disable client-side risky behavior” features -- BEGIN
Header always unset Content-Security-Policy
Header always unset Content-Security-Policy
Header always unset Content-Security-Policy
Header always unset Content-Security-Policy
Header always unset Content-Security-Policy
Header always unset Content-Security-Policy
##### Advanced server protection rules exceptions also bypass the “disable client-side risky behavior” features -- END
## Disallow access to htaccess.txt, php.ini, .user.ini and configuration.php-dist
RewriteRule ^(htaccess\.txt|configuration\.php-dist|php\.ini|\.user\.ini)$ - [F]
# Disallow access to all other front-end folders
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} !^/
RewriteRule .* - [F]
# Disallow access to all other front-end files
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule !^index.php$ - [F]
## Protect against clickjacking
Header always set X-Frame-Options SAMEORIGIN
# The `X-Frame-Options` response header should be send only for
# HTML documents and not for the other resources.
Header unset X-Frame-Options
## Reduce MIME type security risks
Header set X-Content-Type-Options "nosniff"
## Reflected XSS prevention
Header set X-XSS-Protection "1; mode=block"
# mod_headers cannot match based on the content-type, however,
# the X-XSS-Protection response header should be sent only for
# HTML documents and not for the other resources.
Header unset X-XSS-Protection
## Remove Apache and PHP version signature
Header always unset X-Powered-By
Header always unset X-Content-Powered-By
ServerSignature Off
## Prevent content transformation
Header merge Cache-Control "no-transform"
##### Advanced server protection -- END
## Referrer-policy
Header always set Referrer-Policy "unsafe-url"
##### Joomla! core SEF Section -- BEGIN
# PHP FastCGI fix for HTTP Authorization
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# -- SEF URLs for the API application
RewriteCond %{REQUEST_URI} ^/api/
RewriteCond %{REQUEST_URI} !^/api/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* api/index.php [L]
# -- SEF URLs for the public frontend application
##### Joomla! core SEF Section -- BEGIN
RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]
##### Joomla! core SEF Section -- END