Diff -- /var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com/.htaccess

O Operator
Diff

/var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com/.htaccess

added on local at 2026-07-01 12:33:51

Added
+69
lines
Removed
-0
lines
Context
0
unchanged
Blobs
from
to 002a901f3293
Restore this content →
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.
1# =====================================================================
2# WebSTLs — webroot .htaccess
3# Lives at /var/www/vhosts/webstls.com/httpdocs/.htaccess
4#
5# This file controls how Apache treats files in this directory and below.
6# Only directives that are LEGAL inside .htaccess are used (no <Directory>
7# or <VirtualHost> blocks — those are reserved for the main server config).
8# =====================================================================
9
10# ----- CGI execution ----------------------------------------------------
11# Treat *.cgi files as CGI scripts. Plus a sane index file order.
12Options +ExecCGI -Indexes +FollowSymLinks
13AddHandler cgi-script .cgi
14DirectoryIndex index.cgi index.html
15
16# ----- Wildcard subdomain → storefront ----------------------------------
17# Any <name>.webstls.com hits store.cgi?subdomain=<name>. Skipped for the
18# canonical webstls.com / www.webstls.com hosts so the marketing site keeps
19# working normally.
20<IfModule mod_rewrite.c>
21 RewriteEngine On
22 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
23 RewriteRule ^api/(v1/.*)$ /api.cgi/$1 [L,QSA]
24
25 RewriteCond %{HTTP_HOST} !^webstls\.com$ [NC]
26 RewriteCond %{HTTP_HOST} !^www\.webstls\.com$ [NC]
27 RewriteCond %{HTTP_HOST} ^([a-z0-9-]+)\.webstls\.com$ [NC]
28 RewriteRule ^/?$ /store.cgi?subdomain=%1 [L,QSA]
29</IfModule>
30
31# ----- Block sensitive files everywhere under the webroot ---------------
32# *.sql — db_schema.sql and any SQL dumps
33# *.pm — Perl modules accidentally placed in the webroot
34# *.log — error / debug logs
35# *.bak — editor backup files
36# *.prev — pre-edit copies
37<FilesMatch "\.(sql|pm|log|bak|prev|dat|db|pem|key)$">
38 Require all denied
39</FilesMatch>
40
41# ----- Block the VAPID directory entirely (private key lives there) -----
42RedirectMatch 403 ^/_vapid/.*
43
44# ----- Force HTTPS (uncomment once your SSL cert is fully in place) -----
45# RewriteEngine On
46# RewriteCond %{HTTPS} !=on
47# RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]
48
49# ----- Long-cache static assets -----------------------------------------
50# CSS, JS, fonts, images get a year of cache. Bust by appending a
51# version querystring (e.g. /assets/css/site.css?v=2026-05) when you
52# change them.
53<FilesMatch "\.(css|js|woff2?|ttf|eot|webp|png|jpg|jpeg|gif|svg|ico)$">
54 <IfModule mod_headers.c>
55 Header set Cache-Control "public, max-age=31536000, immutable"
56 </IfModule>
57</FilesMatch>
58
59# ----- Light security headers -------------------------------------------
60<IfModule mod_headers.c>
61 Header always set X-Content-Type-Options "nosniff"
62 Header always set X-Frame-Options "SAMEORIGIN"
63 Header always set Referrer-Policy "strict-origin-when-cross-origin"
64</IfModule>
65
66# ----- Styled error pages -----------------------------------------------
67# /404.cgi renders the marketing chrome (or app chrome if logged in) so a
68# broken link never lands on the bare Apache "Not Found" page.
69ErrorDocument 404 /404.cgi