Header always set X-Content-Type-Options "nosniff" Header always set X-XSS-Protection "1; mode=block" Header always set X-Frame-Options "deny" Header set Cache-Control "no-cache, no-store, must-revalidate" Header set Pragma "no-cache" Header set Expires 0 ExpiresActive Off FileETag None Header unset ETag Header unset Pragma Header unset Cache-Control Header unset Last-Modified Header set Pragma "no-cache" Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" Header set Expires "Thu, 1 Jan 1970 00:00:00 GMT" RewriteEngine on # PATH TRAVERSAL VÉDELEM RewriteCond %{REQUEST_URI} (\.\./|/\.\.|\\|\0|%2e%2e) [NC] RewriteRule .* - [F,L] # SENSITIVE FILES VÉDELEM (kivéve stock.php és index.php) RewriteRule ^(wp-config\.php|\.env)$ - [F,L] # HTTPS erőltetés RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # PHP rewrite RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}.php -f RewriteRule ^(.*)$ $1.php [L] DirectoryIndex index.html index.php # Hotlink védelem - CSAK statikus fájlok RewriteCond %{REQUEST_URI} !\.(php|json)$ RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^https?://(?:www\.)?zimbra\.szatuna\.hu:18821 [NC] RewriteRule \.(jpg|jpeg|png|gif|css)$ - [NC,F,L] IndexIgnore *.png *.jpg *.jpeg *.json