# ============================================
# BOT PROTECTION (HEAD requests + crawlers)
# ============================================
SetEnvIfNoCase Request_Method "HEAD" headreq=1
SetEnvIfNoCase User-Agent "(meta-externalagent|facebookexternalhit|SemrushBot|AhrefsBot|MJ12bot|DotBot|DataForSeoBot|SeznamBot|BLEXBot|PetalBot|Bytespider|bingbot|YandexBot|Applebot|Discordbot|Twitterbot|WhatsApp|TelegramBot|crawler|spider|bot)" badbot=1
# ============================================
# WORDPRESS MULTISITE REWRITES
# ============================================
RewriteEngine On
RewriteBase /
# Index
RewriteRule ^index\.php$ - [L]
# Uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]
# Trailing slash voor /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
# Als bestand of directory bestaat -> niets doen
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# Alle overige naar WordPress
RewriteRule . index.php [L]
# --- BotActionBlock binnen rewrite ---
# 1) HEAD requests blocken
RewriteCond %{ENV:headreq} =1
RewriteCond %{QUERY_STRING} (^|&)(add(?:_|-)?to(?:_|-)?(cart|wishlist)|add_to_wishlist|add-to-cart)(=|&|$) [NC]
RewriteRule ^ - [F,L]
# 2) Bekende bots blocken
RewriteCond %{ENV:badbot} =1
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$ [NC]
RewriteCond %{QUERY_STRING} (^|&)(add(?:_|-)?to(?:_|-)?(cart|wishlist)|add_to_wishlist|add-to-cart)(=|&|$) [NC]
RewriteRule ^ - [F,L]
# ============================================
# LITESPEED CACHE
# ============================================
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]
RewriteRule litespeed/debug/.*\.log$ - [F,L]
RewriteRule \.litespeed_conf\.dat - [F,L]
### marker ASYNC start ###
RewriteCond %{REQUEST_URI} /wp-admin/admin-ajax\.php
RewriteCond %{QUERY_STRING} action=async_litespeed
RewriteRule .* - [E=noabort:1]
### marker ASYNC end ###
### marker WEBP start ###
RewriteCond %{HTTP_ACCEPT} image/webp [OR]
RewriteCond %{HTTP_USER_AGENT} iPhone\ OS\ (1[4-9]|[2-9][0-9]) [OR]
RewriteCond %{HTTP_USER_AGENT} Firefox/([6-9][0-9]|[1-9][0-9]{2,})
RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp]
### marker WEBP end ###
### marker DROPQS start ###
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:utm*
CacheKeyModify -qs:_ga
### marker DROPQS end ###
# ============================================
# NON LSCACHE (Browser cache)
# ============================================
ExpiresActive on
ExpiresByType application/pdf A4838400
ExpiresByType image/x-icon A4838400
ExpiresByType image/svg+xml A4838400
ExpiresByType image/jpg A4838400
ExpiresByType image/jpeg A4838400
ExpiresByType image/png A4838400
ExpiresByType image/gif A4838400
ExpiresByType image/webp A4838400
ExpiresByType image/avif A4838400
ExpiresByType video/ogg A4838400
ExpiresByType audio/ogg A4838400
ExpiresByType video/mp4 A4838400
ExpiresByType video/webm A4838400
ExpiresByType text/css A4838400
ExpiresByType text/javascript A4838400
ExpiresByType application/javascript A4838400
ExpiresByType application/x-javascript A4838400
ExpiresByType font/ttf A4838400
ExpiresByType font/otf A4838400
ExpiresByType font/woff A4838400
ExpiresByType font/woff2 A4838400
ExpiresByType application/vnd.ms-fontobject A4838400
# ============================================
# WP ROCKET
# ============================================
AddDefaultCharset UTF-8
AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml
Header unset ETag
FileETag None
Header set X-Powered-By "WP Rocket/3.19.3"
Header unset Pragma
Header append Cache-Control "public"
Header unset Last-Modified
Header unset Pragma
Header append Cache-Control "public"
ExpiresActive on
ExpiresDefault "access plus 1 month"
ExpiresByType text/html "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType image/webp "access plus 4 months"
ExpiresByType font/woff2 "access plus 4 months"
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|mp4|webm|zip)$ no-gzip dont-vary
AddOutputFilterByType DEFLATE application/javascript application/json text/css text/html text/xml
Header append Vary: Accept-Encoding
# ============================================
# WORDFENCE WAF
# ============================================
php_value auto_prepend_file '/var/www/vhosts/xman.be/httpdocs/wordfence-waf.php'
php_value auto_prepend_file '/var/www/vhosts/xman.be/httpdocs/wordfence-waf.php'
Require all denied
Order deny,allow
Deny from all
# ============================================
# Really Simple Security
# ============================================
Options -Indexes