Skip to content

Commit 3b49dd0

Browse files
walid-khalafiwalid-khalafi
committed
Improve .htaccess: add professional comments and security headers
1 parent 01c9c34 commit 3b49dd0

1 file changed

Lines changed: 42 additions & 0 deletions

File tree

.htaccess

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,48 @@
1+
# ---------------------------------------------------------
2+
# Enable Apache mod_rewrite for clean and dynamic URL handling
3+
# ---------------------------------------------------------
14
RewriteEngine On
5+
6+
# ---------------------------------------------------------
7+
# Define the base URL path for the rewrite rules
8+
# Adjust this if the project is in a subfolder (e.g., /myapp/)
9+
# ---------------------------------------------------------
210
RewriteBase /
11+
12+
# ---------------------------------------------------------
13+
# Prevent rewriting the index.php file itself
14+
# This ensures direct access to index.php remains unchanged
15+
# ---------------------------------------------------------
316
RewriteRule ^index\.php$ - [L]
17+
18+
# ---------------------------------------------------------
19+
# Condition: Requested resource does NOT match an existing file
20+
# ---------------------------------------------------------
421
RewriteCond %{REQUEST_FILENAME} !-f
22+
23+
# ---------------------------------------------------------
24+
# Condition: Requested resource does NOT match an existing directory
25+
# ---------------------------------------------------------
526
RewriteCond %{REQUEST_FILENAME} !-d
27+
28+
# ---------------------------------------------------------
29+
# Redirect all other requests to index.php
30+
# This allows a single PHP entry point to handle routing
31+
# ---------------------------------------------------------
632
RewriteRule . /index.php [L]
33+
34+
# =========================================================
35+
# Additional Security Headers (Optional but Recommended)
36+
# =========================================================
37+
38+
# Prevent MIME type sniffing by browsers
39+
Header set X-Content-Type-Options "nosniff"
40+
41+
# Disallow embedding the site in iframes to prevent clickjacking
42+
Header set X-Frame-Options "DENY"
43+
44+
# Enforce secure HTTP Referrer Policy
45+
Header always set Referrer-Policy "no-referrer-when-downgrade"
46+
47+
# Mitigate some cross-site scripting (XSS) attacks
48+
Header set X-XSS-Protection "1; mode=block"

0 commit comments

Comments
 (0)