Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/arukustech.com/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/arukustech.com/.htaccess
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{REQUEST_URI} \.\./
RewriteRule .* - [R=400]
</IfModule>


# ===========================
# Security Headers
# ===========================

<IfModule mod_headers.c>
    Header unset X-Forwarded-Host
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

    # CORS Headers (including for localhost)
    Header set Access-Control-Allow-Origin "http://localhost"
    Header set Access-Control-Allow-Credentials "true"
    Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header always set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"

    # CORS advanced headers
    Header always set Cross-Origin-Opener-Policy "same-origin"
    Header always set Cross-Origin-Resource-Policy "cross-origin"
    Header always set Cross-Origin-Embedder-Policy "unsafe-none"

    # Basic Security Headers
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Permitted-Cross-Domain-Policies "none"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"

    # Strict CSP
    Header set Content-Security-Policy "default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; media-src 'self' https://*.s3.ap-south-1.amazonaws.com blob:;"

</IfModule>


# END WordPress
# BEGIN Speed Optimizer by 10Web
# The directives (lines) between "BEGIN Speed Optimizer by 10Web" and "END Speed Optimizer by 10Web" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.


# END Speed Optimizer by 10Web
# END WordPress
# Disable Directory Listing
Options All -Indexes

# Disable sensitive fies and json
<Files ~ "\.(env|gitignore|json|lock)$">
    Order allow,deny
    Deny from all
</Files>
<Files license.txt>
   deny from all
</Files>
<Files phpinfo.php>
   deny from all
</Files>
<Files readme.html>
   deny from all
</Files>
<Files xmlrpc.php>
   deny from all
</Files>
<Files wp-links-opml.php>
   deny from all
</Files>
<Files wp-content/debug.log>
   deny from all
</Files>

Youez - 2016 - github.com/yon3zu
LinuXploit