Skip to content

GitLab

Last edited by Jonatan Machado
Page history
This is an old version of this page. You can view the most recent version or browse the history.

Htaccess

Perceba que existe uma regra que força o uso do www que esta comentada, no magento 1 em produção e recomentado o uso dela.

#Deny from 119.23.211.54

### Evite que o sftp-config.json seja carregado
<files sftp-config.json>
    order allow,deny
    deny from all
</files>

### Proteger .htaccess

<Files ~ "^.*\.([Hh][Tt][Aa])">
    order allow,deny
    deny from all
    satisfy all
</Files>

###Bloquear extensões sensíveis

<FilesMatch ".+\.(zip|sql|htaccess|htpasswd|ini|phps|fla|log|psd|sh)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

#### Bloqueio de Bots indesejados que entopem o servidor #####

    ## Automated HTTP libraries
    RewriteCond %{HTTP_USER_AGENT} ^.*(dav.pm/v|libwww-perl|urllib|python-requests|python-httplib2|winhttp.winhttprequest|lwp-request|lwp-trivial|fasthttp|Go-http-client|Java|httplib|httpclient|Zend_Http_Client).*$ [NC]
    RewriteRule .* - [F,L]

    ## Commonly seen in DDoS attacks
    RewriteCond %{HTTP_USER_AGENT} ^.*(CtrlFunc|w00tw00t|Apachebench).*$ [NC]
    RewriteRule .* - [F,L]
    
    ##Badbots
    RewriteCond %{HTTP_USER_AGENT} ^.*(Semrush|Ahrefs|MJ12|80legs|Yandex|Baidu|Dot|mega|BLEX|Webmeup|Qwantify|Coccoc|Seznam|Adidx|Python-urllib|serpstatbot).*$ [NC]
    RewriteRule .* - [F,L]

##### Adicionar suporte para gráficos SVG e CSS3 Pie #####

    AddType image/svg+xml svg svgz
    AddEncoding gzip svgz
    AddType text/x-component .htc
    DirectoryIndex index.html index.php

##### Configuração padrão do php do projeto #####

<IfModule mod_php5.c>
    php_flag magic_quotes_gpc off
    php_flag session.auto_start off
    php_flag suhosin.session.cryptua off
    php_flag zend.ze1_compatibility_mode Off
</IfModule>


<IfModule mod_rewrite.c>

    ##Bloqueia /rss
    RewriteRule ^(index.php/?)?rss/ - [L,R=403]

    ##Bloqueia /downloader
    RewriteRule ^downloader/ - [L,R=403]

    ##Forçar o uso do www
    RewriteCond %{HTTP_HOST} !=""
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteCond %{HTTPS}s ^on(s)|
    RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    ##Reescreva as chamadas da API2 para api.php (agora é apenas REST)

    RewriteRule ^api/rest api.php?type=rest [QSA,L]

    Options +FollowSymLinks
    RewriteEngine on
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l
    RewriteRule .* index.php [L]

</IfModule>

##### Ativar compactação de arquivos exibidos por apache #####

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/x-httpd-php
    AddOutputFilterByType DEFLATE application/cgi-php5
    AddOutputFilterByType DEFLATE application/cgi-php53
    AddOutputFilterByType DEFLATE application/cgi-php54
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI \.(?:pdf|doc)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI \.(?:avi|mov|mp3|mp4|rm)$ no-gzip dont-vary
</IfModule>

<Files *.php>
    SetOutputFilter DEFLATE
</Files>

<IfModule mod_ssl.c>
    SSLOptions StdEnvVars
</IfModule>

##### Cabeçalho #####

<ifModule mod_headers.c>
    Header unset ETag
    Header unset Last-Modified
</ifModule>

##### disable POST processing to not break multiple image upload #####

<IfModule mod_security.c>
    #SecRuleEngine Off
    SecFilterScanPOST Off
</IfModule>

##### Modifique o gzip e o armazenamento em cache para melhorar a velocidade do site #####

<ifModule mod_gzip.c>
    mod_gzip_on Yes
    mod_gzip_dechunk Yes
    mod_gzip_item_include  \.(html?|txt|css|js|php|pl)$
    mod_gzip_item_include handler ^cgi-script$
    mod_gzip_item_include mime ^text/.*
    mod_gzip_item_include mime ^application/x-javascript.*
    mod_gzip_item_exclude mime ^image/.*
    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

##### O padrão expira cabeçalhos para todos os tipos de arquivo  #####
##### Não recomendado para ambiente de desenvolvimento #####

<ifModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 1800 seconds"
    ExpiresByType text/html "access plus 1800 seconds"
    ExpiresByType image/gif "access plus 2592000 seconds"
    ExpiresByType image/jpeg "access plus 2592000 seconds"
    ExpiresByType image/png "access plus 2592000 seconds"
    ExpiresByType text/css "access plus 604800 seconds"
    ExpiresByType text/javascript "access plus 216000 seconds"
    ExpiresByType application/x-javascript "access plus 216000 seconds"
</ifModule>

##### Mime Type Cache #####

<IfModule mod_mime.c>

    ##### AUDIO #####
    AddType audio/mp4 m4a f4a f4b
    AddType audio/ogg oga ogg

    ##### JAVASCRIPT #####
    # Normalize to standard type (it's sniffed in IE anyways):
    # http://tools.ietf.org/html/rfc4329#section-7.2
    AddType application/javascript						js jsonp
    AddType application/json							json

    ##### VIDEO #####
    AddType video/mp4                                   mp4 m4v f4v f4p
    AddType video/ogg                                   ogv
    AddType video/webm                                  webm
    AddType video/x-flv                                 flv

    ##### WEB FONTS #####
    AddType application/font-woff                       woff
    AddType application/vnd.ms-fontobject               eot

    ##### Browsers usually ignore the font MIME types	#####
    ##### and sniff the content, however, Chrome shows 	#####
    ##### a warning if other MIME types are used for 	#####
    ##### the following fonts.							#####
    AddType application/x-font-ttf                      ttc ttf
    AddType font/opentype                               otf


    ##### OTHER #####
    AddType application/octet-stream                    safariextz
    AddType application/x-chrome-extension              crx
    AddType application/x-opera-extension               oex
    AddType application/x-shockwave-flash               swf
    AddType application/x-web-app-manifest+json         webapp
    AddType application/x-xpinstall                     xpi
    AddType application/xml                             atom rdf rss xml
    AddType image/webp                                  webp
    AddType image/x-icon                                ico
    AddType text/cache-manifest                         appcache manifest
    AddType text/vtt                                    vtt
    AddType text/x-component                            htc
    AddType text/x-vcard                                vcf

</IfModule>

<IfModule mod_mime.c>
    AddCharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml
</IfModule>

##### Desabilitado ETags http://developer.yahoo.com/performance/rules.html#etags #####

    FileETag None

##### Evitar problemas de codificação de caracteres das substituições do servidor #####

    AddDefaultCharset UTF-8

##### Por padrão, permitir todo o acesso #####

    Order allow,deny
    Allow from all