# ------------------------ #
# Sabali Co .htaccess File
# Read the instructions at https://www.sabali.co/documentation/htaccess.php
# Do not edit this file without contacting your hosting provider or webmaster first. 
# ** Editing this file incorrectly can cause major errors to your server and website **
# This is simply a template, idea or model of what you can use to perform specific functions. 
# Different server combinations may require different scripts. 
# Use this file at your own caution, Sabali Co does not provide any warranties or guarantees 
# https://gist.github.com/ludo237/5857215
# Notes:
# Use a "#" symbol to turn a line into a comment.
# This will prevent the code from running on the server.
# ------------------------ #

# --- Default Settings --- #

# Set UTF-8 Charset
AddDefaultCharset UTF-8

# Set Directory
DirectoryIndex index.php index.html index.htm

# GZIP Compression
<IfModule mod_deflate.c>
<filesMatch "\.(js|css|html|php)$">
SetOutputFilter DEFLATE
</filesMatch>
</IfModule>

# --- Security Settings --- #

# HSTS (HTTP Strict Transport Security)
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
Header set Connection Keep-Alive

# HTTP Cookies 
Header always edit Set-Cookie (.*) "$1; HTTPOnly"
Header always edit Set-Cookie (.*) "$1; Secure"
Header always edit Set-Cookie (.*) "$1; SameSite"
Header always edit Set-Cookie (.*) "$1; Prefixed"

# X-XSS-Protection
Header set X-XSS-Protection "1; mode=block"

# X-Frame-Options
Header set X-Frame-Options "DENY"

# X-Content-Type nosniff
Header set X-Content-Type-Options nosniff

# Content Security Policy
# See public_html/blueprint/templates/security.php
	
# Referrer-Policy
# Header set Referrer-Policy "same-origin"

# Feature-Policy
Header set Feature-Policy "geolocation 'self'; vibrate 'none'"

# --- Start Rewrite --- #

<IfModule mod_rewrite.c>

# Enable Rewrite Engine 
RewriteEngine On
 
# Force SSL
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# SQL Injection Defense:
# This works only on HTTP GET, *not* POST body
RewriteCond %{THE_REQUEST} (?:limit|union|select|concat|1==1|like|drop|\#|--) [NC]
RewriteRule .? - [F,L]
 
# Rewrite non-www. to www. (cPanel)
# RewriteCond %{HTTP_HOST} !^www\.
# RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
# RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
# RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

# Rewrite www. to non-www.
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]

# Redirect index.php to root (/)
RewriteCond %{REQUEST_URI} ^/index.php
RewriteRule (.*) / [R=301,L]

# Pages
RewriteRule ^([a-zA-Z0-9_-]+)$ /?page=$1
RewriteRule ^([a-zA-Z0-9_-]+)/$ /?page=$1

# Folders
RewriteRule ^([a-zA-Z0-9_-]+)/([a-zA-Z0-9_-]+)$ /?folder=$1&page=$2
RewriteRule ^([a-zA-Z0-9_-]+)/([a-zA-Z0-9_-]+)/$ /?folder=$1&page=$2

</IfModule>

# --- End Rewrite --- #

# --- Start Caching --- #

# Leverage Browser Caching
<IfModule mod_expires.c>

# Set Expires Active
ExpiresActive on

# Set Default Expiration
ExpiresDefault "access plus 1 month"

# CSS
ExpiresByType text/css "access plus 1 year"

# Data
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType application/rdf+xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType application/ld+json "access plus 0 seconds"
ExpiresByType application/schema+json "access plus 0 seconds"
ExpiresByType application/vnd.geo+json "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType text/xml "access plus 0 seconds"

# Manifest
ExpiresByType application/manifest+json "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"

# HTML
ExpiresByType text/html "access plus 0 seconds"
ExpiresByType text/plain "access plus 1 month"
ExpiresByType text/x-component "access plus 1 month" 

# JavaScript
ExpiresByType text/javascript "access plus 1 year"
ExpiresByType text/x-javascript "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType application/x-javascript "access plus 1 year"

# Images
ExpiresByType image/bmp "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/jpe "access plus 1 month"
ExpiresByType image/jp2 "access plus 1 month"
ExpiresByType image/pipeg "access plus 1 month"
ExpiresByType image/tiff "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType image/webp "access plus 1 month"

# Favicons
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType image/vnd.microsoft.icon "access plus 1 month"
ExpiresByType image/icon "access plus 1 month"
ExpiresByType image/x-ico "access plus 1 month"
ExpiresByType application/ico "access plus 1 month"
ExpiresByType text/ico "access plus 1 month"

# Audio
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType audio/basic "access plus 1 month"
ExpiresByType audio/mid "access plus 1 month"
ExpiresByType audio/midi "access plus 1 month"
ExpiresByType audio/mpeg "access plus 1 month"
ExpiresByType audio/x-aiff "access plus 1 month"
ExpiresByType audio/x-mpegurl "access plus 1 month"
ExpiresByType audio/x-pn-realaudio "access plus 1 month"
ExpiresByType audio/x-wav "access plus 1 month"

# Video
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
ExpiresByType video/x-msvideo "access plus 1 month"
ExpiresByType video/mpeg "access plus 1 month"
ExpiresByType video/quicktime "access plus 1 month"
ExpiresByType video/x-la-asf "access plus 1 month"
ExpiresByType video/x-ms-asf "access plus 1 month"
ExpiresByType x-world/x-vrml "access plus 1 month"

# Flash
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType video/x-flv "access plus 1 month"

# Miscellaneous
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType image/vnd.wap.wbmp "access plus 1 month"
ExpiresByType application/vnd.wap.wbxml "access plus 1 month"
ExpiresByType application/smil "access plus 1 month"

# Web fonts

# Embedded OpenType (EOT)
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType font/eot "access plus 1 month"

# OpenType
ExpiresByType font/opentype "access plus 1 month"

# TrueType
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType font/truetype "access plus 1 month"

# Web Open Font Format (WOFF) 1.0
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType font/woff "access plus 1 month"

# Web Open Font Format (WOFF) 2.0
ExpiresByType application/font-woff2 "access plus 1 month"

# Other
ExpiresByType text/x-cross-domain-policy "access plus 1 week"

<IfModule mod_headers.c>
Header append Cache-Control "public"
</IfModule>

</IfModule>

# --- End Caching --- #

# --- Start Error Pages --- #

Order deny,allow
ErrorDocument 100 /blueprint/errors/error-100-continue.php
ErrorDocument 101 /blueprint/errors/error-101-switching-protocols.php
ErrorDocument 102 /blueprint/errors/error-102-processing.php
ErrorDocument 200 /blueprint/errors/error-200-ok.php
ErrorDocument 201 /blueprint/errors/error-201-created.php
ErrorDocument 202 /blueprint/errors/error-202-accepted.php
ErrorDocument 203 /blueprint/errors/error-203-non-authoritative.php
ErrorDocument 204 /blueprint/errors/error-204-no-content.php
ErrorDocument 205 /blueprint/errors/error-205-reset-content.php
ErrorDocument 206 /blueprint/errors/error-206-partial-content.php
ErrorDocument 207 /blueprint/errors/error-207-multi-status.php
ErrorDocument 300 /blueprint/errors/error-300-multiple-choices.php
ErrorDocument 301 /blueprint/errors/error-301-moved-permanently.php
ErrorDocument 302 /blueprint/errors/error-302-moved-temporarily.php
ErrorDocument 303 /blueprint/errors/error-303-see-other.php
ErrorDocument 304 /blueprint/errors/error-304-not-modified.php
ErrorDocument 305 /blueprint/errors/error-305-use-proxy.php
ErrorDocument 307 /blueprint/errors/error-307-temporary-redirect.php
ErrorDocument 400 /blueprint/errors/error-400-bad-request.php
ErrorDocument 401 /blueprint/errors/error-401-unauthorized.php
ErrorDocument 402 /blueprint/errors/error-402-payment-required.php
ErrorDocument 403 /blueprint/errors/error-403-forbidden.php
ErrorDocument 404 /blueprint/errors/error-404-not-found.php
ErrorDocument 405 /blueprint/errors/error-405-method-not-allowed.php
ErrorDocument 406 /blueprint/errors/error-406-not-acceptable.php
ErrorDocument 407 /blueprint/errors/error-407-proxy-authentication-required.php
ErrorDocument 408 /blueprint/errors/error-408-request-time-out.php
ErrorDocument 409 /blueprint/errors/error-409-conflict.php
ErrorDocument 410 /blueprint/errors/error-410-gone.php
ErrorDocument 411 /blueprint/errors/error-411-length-required.php
ErrorDocument 412 /blueprint/errors/error-412-precondition-failed.php
ErrorDocument 413 /blueprint/errors/error-413-request-entity-too-large.php
ErrorDocument 414 /blueprint/errors/error-414-request-uri-too-large.php
ErrorDocument 415 /blueprint/errors/error-415-unsupported-media-type.php
ErrorDocument 416 /blueprint/errors/error-416-range-not-satisfiable.php
ErrorDocument 417 /blueprint/errors/error-417-expectation-failed.php
ErrorDocument 422 /blueprint/errors/error-422-unprocessable-entity.php
ErrorDocument 423 /blueprint/errors/error-423-locked.php
ErrorDocument 424 /blueprint/errors/error-424-failed-dependency.php
ErrorDocument 426 /blueprint/errors/error-426-upgrade-required.php
ErrorDocument 500 /blueprint/errors/error-500-internal-server-error.php
ErrorDocument 501 /blueprint/errors/error-501-not-implemented.php
ErrorDocument 502 /blueprint/errors/error-502-bad-gateway.php
ErrorDocument 503 /blueprint/errors/error-503-service-unavailable.php
ErrorDocument 504 /blueprint/errors/error-504-gateway-time-out.php
ErrorDocument 505 /blueprint/errors/error-505-version-not-supported.php
ErrorDocument 506 /blueprint/errors/error-506-variant-also-varies.php
ErrorDocument 507 /blueprint/errors/error-507-insufficient-storage.php
ErrorDocument 510 /blueprint/errors/error-510-not-extended.php

# --- End Error Pages --- #

# --- Start PHP ---

# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php7_module>
   php_flag display_errors On
   php_value max_execution_time 90
   php_value max_input_time 60
   php_value max_input_vars 1000
   php_value memory_limit 32M
   php_value post_max_size 8M
   php_value session.gc_maxlifetime 1440
   php_value session.save_path "/var/cpanel/php/sessions/ea-php73"
   php_value upload_max_filesize 100M
   php_flag zlib.output_compression Off
</IfModule>
<IfModule lsapi_module>
   php_flag display_errors On
   php_value max_execution_time 90
   php_value max_input_time 60
   php_value max_input_vars 1000
   php_value memory_limit 32M
   php_value post_max_size 8M
   php_value session.gc_maxlifetime 1440
   php_value session.save_path "/var/cpanel/php/sessions/ea-php73"
   php_value upload_max_filesize 100M
   php_flag zlib.output_compression Off
</IfModule>
# END cPanel-generated php ini directives, do not edit

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit