

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

# Menonaktifkan penjelajahan direktori
Options -Indexes

# Blokir beberapa serangan XSS dan SQL Injection umum
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} (drop|union|select|insert|update|delete|--|sp_password|xp_cmdshell) [NC,OR]
    RewriteCond %{QUERY_STRING} (etc/passwd) [NC,OR]
    RewriteCond %{QUERY_STRING} (bl(a|o)g|prom(o|u))
    RewriteRule ^(.*)$ - [F]
</IfModule>

# Mencegah akses ke file konfigurasi dan sistem inti
<FilesMatch "^(\.htaccess|htpasswds|wp-config\.php|php\.ini|\.gitignore|composer\.json|readme\.html|license\.txt)">
    Order allow,deny
    Deny from all
</FilesMatch>

ErrorDocument 404 /

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
