# HexaHost.de .htaccess # Sicherheit und Performance-Optimierungen # Sicherheitsheader Header always set X-Content-Type-Options nosniff Header always set X-Frame-Options DENY Header always set X-XSS-Protection "1; mode=block" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()" # Content Security Policy - Schutz vor XSS und Code-Injection Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://cdn.hexahost.de data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'" # Strict-Transport-Security (HSTS) - Erzwingt HTTPS Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # HTTPS erzwingen (falls SSL verfügbar) RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} ^(www\.)?hexahost\.de$ [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # PHP-Endung aus URLs entfernen # Schritt 1: Wenn .php in URL, weiterleiten auf saubere URL (301) RewriteCond %{THE_REQUEST} \s/([^.]+)\.php[\s?] [NC] RewriteCond %{REQUEST_URI} !^/(contact-handler|config/) RewriteRule ^(.+)\.php$ /$1 [R=301,L] # Schritt 2: index.php zur Startseite weiterleiten RewriteCond %{THE_REQUEST} \s/index\.php[\s?] [NC] RewriteRule ^index\.php$ / [R=301,L] # Schritt 3: Saubere URLs intern auf .php-Dateien umleiten RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}.php -f RewriteRule ^(.+)$ $1.php [L] # HTML zu PHP Weiterleitungen (Legacy-Support) RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^([^\.]+)\.html$ $1 [L,R=301] # Konfigurationsdateien schützen Order allow,deny Deny from all Order allow,deny Deny from all Order allow,deny Deny from all # Config-Verzeichnis schützen RewriteRule ^config/ - [F,L] # Includes-Verzeichnis schützen (direkter Zugriff verhindern) RewriteRule ^includes/ - [F,L] # Logs-Verzeichnis schützen RewriteRule ^logs/ - [F,L] # Vendor-Verzeichnis schützen RewriteRule ^vendor/ - [F,L] # Cache-Header für statische Dateien ExpiresActive On ExpiresByType text/css "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/jpg "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/svg+xml "access plus 1 month" ExpiresByType image/webp "access plus 1 month" ExpiresByType font/woff "access plus 1 month" ExpiresByType font/woff2 "access plus 1 month" # Gzip-Kompression AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript # PHP-Einstellungen php_value upload_max_filesize 10M php_value post_max_size 10M php_value max_execution_time 30 php_value memory_limit 128M # Fehlerbehandlung ErrorDocument 400 /404.php ErrorDocument 401 /404.php ErrorDocument 403 /404.php ErrorDocument 404 /404.php ErrorDocument 500 /500.php ErrorDocument 502 /500.php ErrorDocument 503 /500.php # Verzeichnis-Listing deaktivieren Options -Indexes # Datei-Zugriff beschränken Order Allow,Deny Deny from all # Spezifische Ausnahmen für benötigte XML-Dateien Order Allow,Deny Allow from all