## # @package Joomla # @copyright (C) 2005 Open Source Matters, Inc. # @license GNU General Public License version 2 or later; see LICENSE.txt ## ## # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE! # # The line 'Options +FollowSymLinks' may cause problems with some server configurations. # It is required for the use of Apache mod_rewrite, but it may have already been set by # your server administrator in a way that disallows changing it in this .htaccess file. # If using it causes your site to produce an error, comment it out (add # to the # beginning of the line), reload your site in your browser and test your sef urls. If # they work, then it has been set by your server administrator and you do not need to # set it here. ## ## MISSING CSS OR JAVASCRIPT ERRORS # # If your site looks strange after enabling this file, then your server is probably already # gzipping css and js files and you should comment out the GZIP section of this file. ## ## OPENLITESPEED # # If you are using an OpenLiteSpeed web server then any changes made to this file will # not take effect until you have restarted the web server. ## ## Can be commented out if causes errors, see notes above. Options +FollowSymlinks Options -Indexes ## No directory listings IndexIgnore * ## Suppress mime type detection in browsers for unknown types Header always set X-Content-Type-Options "nosniff" ## Protect against certain cross-origin requests. More information can be found here: ## https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP) ## https://web.dev/why-coop-coep/ # # Header always set Cross-Origin-Resource-Policy "same-origin" # Header always set Cross-Origin-Embedder-Policy "require-corp" # ## Disable inline JavaScript when directly opening SVG files or embedding them with the object-tag Header always set Content-Security-Policy "script-src 'none'" ## These directives are only enabled if the Apache mod_rewrite module is enabled RewriteEngine On ## Begin - Rewrite rules to block out some common exploits. # If you experience problems on your site then comment out the operations listed # below by adding a # to the beginning of the line. # This attempts to block the most common type of exploit `attempts` on Joomla! # # Block any script trying to base64_encode data within the URL. RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] # Block any script that includes a