Skip to content

GitLab

Last edited by Jonatan Machado
Page history

Htaccess

Perceba que existe uma regra que força o uso do www que esta comentada, no magento 1 em produção e recomentado o uso dela.

#Deny from 119.23.211.54

### Evite que o sftp-config.json seja carregado
<files sftp-config.json>
    order allow,deny
    deny from all
</files>

### Proteger .htaccess

<Files ~ "^.*\.([Hh][Tt][Aa])">
    order allow,deny
    deny from all
    satisfy all
</Files>

###Bloquear extensões sensíveis

<FilesMatch ".+\.(zip|sql|htaccess|htpasswd|ini|phps|fla|log|psd|sh)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

#### Bloqueio de Bots indesejados que entopem o servidor #####

    ## Automated HTTP libraries
    RewriteCond %{HTTP_USER_AGENT} ^.*(dav.pm/v|libwww-perl|urllib|python-requests|python-httplib2|winhttp.winhttprequest|lwp-request|lwp-trivial|fasthttp|Go-http-client|Java|httplib|httpclient|Zend_Http_Client).*$ [NC]
    RewriteRule .* - [F,L]

    ## Commonly seen in DDoS attacks
    RewriteCond %{HTTP_USER_AGENT} ^.*(CtrlFunc|w00tw00t|Apachebench).*$ [NC]
    RewriteRule .* - [F,L]
    
    ##Badbots
    RewriteCond %{HTTP_USER_AGENT} ^.*(PetalBot|Semrush|Ahrefs|MJ12|80legs|Yandex|Baidu|Dot|mega|BLEX|Webmeup|Qwantify|Coccoc|Seznam|Adidx|Python-urllib|serpstatbot).*$ [NC]
    RewriteRule .* - [F,L]

##### Adicionar suporte para gráficos SVG e CSS3 Pie #####

    AddType image/svg+xml svg svgz
    AddEncoding gzip svgz
    AddType text/x-component .htc
    DirectoryIndex index.html index.php

##### Configuração padrão do php do projeto #####

<IfModule mod_php5.c>
    php_flag magic_quotes_gpc off
    php_flag session.auto_start off
    php_flag suhosin.session.cryptua off
    php_flag zend.ze1_compatibility_mode Off
</IfModule>


<IfModule mod_rewrite.c>

    ##Bloqueia /rss
    RewriteRule ^(index.php/?)?rss/ - [L,R=403]

    ##Bloqueia /downloader
    RewriteRule ^downloader/ - [L,R=403]

    ##Forçar o uso do www
    RewriteCond %{HTTP_HOST} !=""
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteCond %{HTTPS}s ^on(s)|
    RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    ##Reescreva as chamadas da API2 para api.php (agora é apenas REST)

    RewriteRule ^api/rest api.php?type=rest [QSA,L]

    Options +FollowSymLinks
    RewriteEngine on
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l
    RewriteRule .* index.php [L]

</IfModule>

##### Ativar compactação de arquivos exibidos por apache #####

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/x-httpd-php
    AddOutputFilterByType DEFLATE application/cgi-php5
    AddOutputFilterByType DEFLATE application/cgi-php53
    AddOutputFilterByType DEFLATE application/cgi-php54
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI \.(?:pdf|doc)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI \.(?:avi|mov|mp3|mp4|rm)$ no-gzip dont-vary
</IfModule>

<Files *.php>
    SetOutputFilter DEFLATE
</Files>

<IfModule mod_ssl.c>
    SSLOptions StdEnvVars
</IfModule>

##### Cabeçalho #####

<ifModule mod_headers.c>
    Header unset ETag
    Header unset Last-Modified
</ifModule>

##### disable POST processing to not break multiple image upload #####

<IfModule mod_security.c>
    #SecRuleEngine Off
    SecFilterScanPOST Off
</IfModule>

##### Modifique o gzip e o armazenamento em cache para melhorar a velocidade do site #####

<ifModule mod_gzip.c>
    mod_gzip_on Yes
    mod_gzip_dechunk Yes
    mod_gzip_item_include  \.(html?|txt|css|js|php|pl)$
    mod_gzip_item_include handler ^cgi-script$
    mod_gzip_item_include mime ^text/.*
    mod_gzip_item_include mime ^application/x-javascript.*
    mod_gzip_item_exclude mime ^image/.*
    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

##### O padrão expira cabeçalhos para todos os tipos de arquivo  #####
##### Não recomendado para ambiente de desenvolvimento #####

<ifModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 1800 seconds"
    ExpiresByType text/html "access plus 1800 seconds"
    ExpiresByType image/gif "access plus 2592000 seconds"
    ExpiresByType image/jpeg "access plus 2592000 seconds"
    ExpiresByType image/png "access plus 2592000 seconds"
    ExpiresByType text/css "access plus 604800 seconds"
    ExpiresByType text/javascript "access plus 216000 seconds"
    ExpiresByType application/x-javascript "access plus 216000 seconds"
</ifModule>

##### Mime Type Cache #####

<IfModule mod_mime.c>

    ##### AUDIO #####
    AddType audio/mp4 m4a f4a f4b
    AddType audio/ogg oga ogg

    ##### JAVASCRIPT #####
    # Normalize to standard type (it's sniffed in IE anyways):
    # http://tools.ietf.org/html/rfc4329#section-7.2
    AddType application/javascript						js jsonp
    AddType application/json							json

    ##### VIDEO #####
    AddType video/mp4                                   mp4 m4v f4v f4p
    AddType video/ogg                                   ogv
    AddType video/webm                                  webm
    AddType video/x-flv                                 flv

    ##### WEB FONTS #####
    AddType application/font-woff                       woff
    AddType application/vnd.ms-fontobject               eot

    ##### Browsers usually ignore the font MIME types	#####
    ##### and sniff the content, however, Chrome shows 	#####
    ##### a warning if other MIME types are used for 	#####
    ##### the following fonts.							#####
    AddType application/x-font-ttf                      ttc ttf
    AddType font/opentype                               otf


    ##### OTHER #####
    AddType application/octet-stream                    safariextz
    AddType application/x-chrome-extension              crx
    AddType application/x-opera-extension               oex
    AddType application/x-shockwave-flash               swf
    AddType application/x-web-app-manifest+json         webapp
    AddType application/x-xpinstall                     xpi
    AddType application/xml                             atom rdf rss xml
    AddType image/webp                                  webp
    AddType image/x-icon                                ico
    AddType text/cache-manifest                         appcache manifest
    AddType text/vtt                                    vtt
    AddType text/x-component                            htc
    AddType text/x-vcard                                vcf

</IfModule>

<IfModule mod_mime.c>
    AddCharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml
</IfModule>

##### Desabilitado ETags http://developer.yahoo.com/performance/rules.html#etags #####

    FileETag None

##### Evitar problemas de codificação de caracteres das substituições do servidor #####

    AddDefaultCharset UTF-8

##### Por padrão, permitir todo o acesso #####

    Order allow,deny
    Allow from all