| Server IP : 3.111.61.48 / Your IP : 216.73.216.67 Web Server : Apache System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64 User : ubuntu ( 1000) PHP Version : 8.2.31 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/vhost/brvk.org/ |
Upload File : |
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{REQUEST_URI} \.\./
RewriteRule .* - [R=400]
</IfModule>
# ===========================
# Security Headers
# ===========================
<IfModule mod_headers.c>
Header unset X-Forwarded-Host
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# CORS Headers (including for localhost)
Header set Access-Control-Allow-Origin "http://localhost"
Header set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header always set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
# CORS advanced headers
Header always set Cross-Origin-Opener-Policy "same-origin"
Header always set Cross-Origin-Resource-Policy "cross-origin"
Header always set Cross-Origin-Embedder-Policy "unsafe-none"
# Basic Security Headers
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Permitted-Cross-Domain-Policies "none"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Strict CSP
Header set Content-Security-Policy "default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; media-src 'self' https://*.s3.ap-south-1.amazonaws.com blob:;"
</IfModule>
# END WordPress
# BEGIN Speed Optimizer by 10Web
# The directives (lines) between "BEGIN Speed Optimizer by 10Web" and "END Speed Optimizer by 10Web" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
# END Speed Optimizer by 10Web
# END WordPress
# Disable Directory Listing
Options All -Indexes
# Disable sensitive fies and json
<Files ~ "\.(env|gitignore|json|lock)$">
Order allow,deny
Deny from all
</Files>
<Files license.txt>
deny from all
</Files>
<Files phpinfo.php>
deny from all
</Files>
<Files readme.html>
deny from all
</Files>
<Files xmlrpc.php>
deny from all
</Files>
<Files wp-links-opml.php>
deny from all
</Files>
<Files wp-content/debug.log>
deny from all
</Files>