RewriteEngine On
## Force not ssl to ssl
#
#RewriteCond %{HTTPS} off
#RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
## Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
## Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
## Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
## Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
#
## Begin - Security Headers
<ifModule mod_headers.c>
    Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
    Header always set X-Frame-Options "deny"
    Header setifempty Referrer-Policy: same-origin
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Permitted-Cross-Domain-Policies "none"
    Header set Referrer-Policy "no-referrer"
    Header set X-Content-Type-Options: nosniff
    Header set Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
    Header set Permissions-Policy "geolocation=self"
</ifModule>
## End - Security Headers
#
## Begin Blocking Bots
#
RewriteCond %{HTTP_USER_AGENT} (GbPlugin|Wget|EmailSiphon|EmailWolf|libwww-perl|EvilBotHere|SpamSpewer|SecretAgentAgent|PetalBot|DotBot|SeznamBot|8LEGS|Nimbostratus-Bot|Semrush|Ahrefs|AspiegelBot|AhrefsBot|MauiBot|BLEXBot|Sogou|Go-http-client|MJ12bot|SemrushBot|AhrefsBot|Dalvik) [NC]
RewriteRule (.*) - [F,L]
#
## End - Blocking Bots
