Sindbad~EG File Manager

Current Path : /home/sarayaglobal/portal.saraya.world/
Upload File :
Current File : /home/sarayaglobal/portal.saraya.world/.htaccess

# ----------------------------------------------------------------------
# | Security & Protection                                              |
# ----------------------------------------------------------------------

# 1. Disable Directory Browsing
# Prevents visitors from seeing a list of files if an index.html is missing.
Options -Indexes

# 2. Block Access to Sensitive Files
# Blocks access to hidden files like .htaccess, .git, .env, etc.
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

# 3. Security Headers
<IfModule mod_headers.c>
    # Prevent browsers from MIME-sniffing the response content type
    Header set X-Content-Type-Options "nosniff"

    # Prevent clickjacking by ensuring the site can only be framed by itself
    Header always set X-Frame-Options "SAMEORIGIN"

    # Enable Cross-Site Scripting (XSS) filter built into browsers
    Header set X-XSS-Protection "1; mode=block"

    # Control how much referrer information is sent to other sites
    Header set Referrer-Policy "strict-origin-when-cross-origin"

    # Force HSTS (Strict-Transport-Security)
    # Tells browsers to ONLY use HTTPS for the next year. 
    # ONLY UNCOMMENT THIS IF YOU HAVE A VALID SSL CERTIFICATE INSTALLED
    # Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

# ----------------------------------------------------------------------
# | URL Rewrites & Redirects                                           |
# ----------------------------------------------------------------------

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    # 4. Force HTTPS
    # Redirects non-secure HTTP traffic to HTTPS
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # 5. Clean URLs (Remove .html extension)
    # Allows accessing "contact.html" as simply "/contact"
    
    # If the request is not a directory
    RewriteCond %{REQUEST_FILENAME} !-d
    # And the request includes .html extension, strip it (external redirect)
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.html [NC]
    RewriteRule ^ %1 [R=301,L]

    # Internally rewrite non-extension request to .html file
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME}.html -f
    RewriteRule ^(.*?)/?$ $1.html [L]

</IfModule>

# ----------------------------------------------------------------------
# | Custom Error Pages (Optional)                                      |
# ----------------------------------------------------------------------

# Make sure you create these HTML files if you want to use this section
ErrorDocument 404 /404.html
ErrorDocument 403 /404.html

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists