# ============================================ # BOT PROTECTION (HEAD requests + crawlers) # ============================================ SetEnvIfNoCase Request_Method "HEAD" headreq=1 SetEnvIfNoCase User-Agent "(meta-externalagent|facebookexternalhit|SemrushBot|AhrefsBot|MJ12bot|DotBot|DataForSeoBot|SeznamBot|BLEXBot|PetalBot|Bytespider|bingbot|YandexBot|Applebot|Discordbot|Twitterbot|WhatsApp|TelegramBot|crawler|spider|bot)" badbot=1 # ============================================ # WORDPRESS MULTISITE REWRITES # ============================================ RewriteEngine On RewriteBase / # Index RewriteRule ^index\.php$ - [L] # Uploaded files RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L] # Trailing slash voor /wp-admin RewriteRule ^wp-admin$ wp-admin/ [R=301,L] # Als bestand of directory bestaat -> niets doen RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] # Alle overige naar WordPress RewriteRule . index.php [L] # --- BotActionBlock binnen rewrite --- # 1) HEAD requests blocken RewriteCond %{ENV:headreq} =1 RewriteCond %{QUERY_STRING} (^|&)(add(?:_|-)?to(?:_|-)?(cart|wishlist)|add_to_wishlist|add-to-cart)(=|&|$) [NC] RewriteRule ^ - [F,L] # 2) Bekende bots blocken RewriteCond %{ENV:badbot} =1 RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$ [NC] RewriteCond %{QUERY_STRING} (^|&)(add(?:_|-)?to(?:_|-)?(cart|wishlist)|add_to_wishlist|add-to-cart)(=|&|$) [NC] RewriteRule ^ - [F,L] # ============================================ # LITESPEED CACHE # ============================================ RewriteEngine on CacheLookup on RewriteRule .* - [E=Cache-Control:no-autoflush] RewriteRule litespeed/debug/.*\.log$ - [F,L] RewriteRule \.litespeed_conf\.dat - [F,L] ### marker ASYNC start ### RewriteCond %{REQUEST_URI} /wp-admin/admin-ajax\.php RewriteCond %{QUERY_STRING} action=async_litespeed RewriteRule .* - [E=noabort:1] ### marker ASYNC end ### ### marker WEBP start ### RewriteCond %{HTTP_ACCEPT} image/webp [OR] RewriteCond %{HTTP_USER_AGENT} iPhone\ OS\ (1[4-9]|[2-9][0-9]) [OR] RewriteCond %{HTTP_USER_AGENT} Firefox/([6-9][0-9]|[1-9][0-9]{2,}) RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp] ### marker WEBP end ### ### marker DROPQS start ### CacheKeyModify -qs:fbclid CacheKeyModify -qs:gclid CacheKeyModify -qs:utm* CacheKeyModify -qs:_ga ### marker DROPQS end ### # ============================================ # NON LSCACHE (Browser cache) # ============================================ ExpiresActive on ExpiresByType application/pdf A4838400 ExpiresByType image/x-icon A4838400 ExpiresByType image/svg+xml A4838400 ExpiresByType image/jpg A4838400 ExpiresByType image/jpeg A4838400 ExpiresByType image/png A4838400 ExpiresByType image/gif A4838400 ExpiresByType image/webp A4838400 ExpiresByType image/avif A4838400 ExpiresByType video/ogg A4838400 ExpiresByType audio/ogg A4838400 ExpiresByType video/mp4 A4838400 ExpiresByType video/webm A4838400 ExpiresByType text/css A4838400 ExpiresByType text/javascript A4838400 ExpiresByType application/javascript A4838400 ExpiresByType application/x-javascript A4838400 ExpiresByType font/ttf A4838400 ExpiresByType font/otf A4838400 ExpiresByType font/woff A4838400 ExpiresByType font/woff2 A4838400 ExpiresByType application/vnd.ms-fontobject A4838400 # ============================================ # WP ROCKET # ============================================ AddDefaultCharset UTF-8 AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml Header unset ETag FileETag None Header set X-Powered-By "WP Rocket/3.19.3" Header unset Pragma Header append Cache-Control "public" Header unset Last-Modified Header unset Pragma Header append Cache-Control "public" ExpiresActive on ExpiresDefault "access plus 1 month" ExpiresByType text/html "access plus 0 seconds" ExpiresByType application/json "access plus 0 seconds" ExpiresByType image/webp "access plus 4 months" ExpiresByType font/woff2 "access plus 4 months" ExpiresByType text/css "access plus 1 year" ExpiresByType application/javascript "access plus 1 year" SetOutputFilter DEFLATE SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|mp4|webm|zip)$ no-gzip dont-vary AddOutputFilterByType DEFLATE application/javascript application/json text/css text/html text/xml Header append Vary: Accept-Encoding # ============================================ # WORDFENCE WAF # ============================================ php_value auto_prepend_file '/var/www/vhosts/xman.be/httpdocs/wordfence-waf.php' php_value auto_prepend_file '/var/www/vhosts/xman.be/httpdocs/wordfence-waf.php' Require all denied Order deny,allow Deny from all # ============================================ # Really Simple Security # ============================================ Options -Indexes