# ── Prevent directory listing ── Options -Indexes # ── Set index file ── DirectoryIndex index.php # ── Enable rewrite engine ── RewriteEngine On # ── Force HTTPS (uncomment if your host supports it) ── # RewriteCond %{HTTPS} off # RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # ── Protect sensitive files from direct access ── Order Allow,Deny Deny from all # ── Block direct access to the data/ directory ─────────────────── # (files must be served through download.php) RewriteEngine On RewriteRule ^data/(.*)$ - [F,L] # ── PHP settings for uploads ────────────────────────────────────── php_value upload_max_filesize 512M php_value post_max_size 520M php_value max_execution_time 300 php_value max_input_time 300 php_value memory_limit 256M # Prevent uploaded files from being interpreted as PHP php_flag engine Off php_value upload_max_filesize 512M php_value post_max_size 520M php_value max_execution_time 300 php_value max_input_time 300 php_value memory_limit 256M php_flag engine Off # ── Detect embed mode from the query string ─────────────────────── # Sets the EMBED_MODE env var when ?embed=1 is present. # Used below to suppress X-Frame-Options so cross-origin iframes work. SetEnvIf Query_String "embed=1" EMBED_MODE # ── Security headers ────────────────────────────────────────────── Header always set X-Content-Type-Options "nosniff" Header always set Referrer-Policy "same-origin" # X-Frame-Options — handled conditionally: # 1. Always unset first (strips any header the server/host injects) # 2. Re-apply SAMEORIGIN only when NOT in embed mode # Embed mode (?embed=1) intentionally omits the header so that # cross-origin sites (e.g. WordOfGod.in) can frame the page. Header always unset X-Frame-Options Header always set X-Frame-Options "SAMEORIGIN" env=!EMBED_MODE Header always set Content-Security-Policy: upgrade-insecure-requests ## 🤖 Fine-Tuned Bot Blocking ## # 1. Block known bad bots only (empty UA check removed — causes false positives) # RewriteCond %{HTTP_USER_AGENT} (curl|python-requests|wget|libwww-perl|MJ12bot|AhrefsBot|SemrushBot|GPTBot|ClaudeBot) [NC] # RewriteRule .* - [F,L] ErrorDocument 403 /cgi-sys/403_def.html ErrorDocument 404 /cgi-sys/404_def.html ErrorDocument 500 /cgi-sys/500_def.html ErrorDocument 502 /cgi-sys/502_def.html ErrorDocument 503 /cgi-sys/503_def.html ErrorDocument 504 /cgi-sys/504_def.html # php -- BEGIN cPanel-generated handler, do not edit # Set the “ea-php82” package as the default “PHP” programming language. AddHandler application/x-httpd-ea-php82___lsphp .php .php8 .phtml # php -- END cPanel-generated handler, do not edit # ── PHP settings (if allowed by host) ── php_flag display_errors Off # ── Cache static assets ── ExpiresActive On ExpiresByType text/css "access plus 7 days" ExpiresByType application/javascript "access plus 7 days" ExpiresByType image/png "access plus 30 days" ExpiresByType image/jpeg "access plus 30 days" ExpiresByType application/manifest+json "access plus 1 day"