##################################################################
#
# @package      : Joomla / QuatuorA / www.quatuora.nl
# @copyright    : Copyright (C) 2020 Open Source Matters. All rights reserved.
# @license GNU  : General Public License version 2 or later; see LICENSE.txt
#
# @modification : 23-12-2020
# @site         : joomla4all.nl/portal/quatuora
#
#### Read this completely if you choose to use this file!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of mod_rewrite, but it may have already been set by your server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the beginning of the line), reload your site in your browser and test your sef urls. If 
# they work, then it has been set by your server administrator and you do not need to set it here.
# Options +FollowSymlinks
   Options -Indexes
#
#### Mod_Rewrite In Use.
   RewriteEngine On
#
#### ErrorDocument
	 ErrorDocument 400 /../error/index.php
	 ErrorDocument 401 /../error/index.php
	 ErrorDocument 403 /../error/index.php
	 ErrorDocument 404 /../error/index.php
	 ErrorDocument 500 /../error/index.php
#
#### Additional XSS protection for the usage of SVG files
   <FilesMatch "\.svg$">
      <IfModule mod_headers.c>
         Header always set Content-Security-Policy "script-src 'none'"
      </IfModule>
   </FilesMatch>
#
#### Suppress mime type detection in browsers for unknown types 
   <IfModule mod_headers.c>
      Header always set X-Content-Type-Options "nosniff"
   </IfModule>
#
#### Referrer-policy / (remove if no admin access)
#$  <IfModule mod_headers.c>
#$	   Header always set Referrer-Policy ""
#$  </IfModule>
# 
# Allow access from all domains for webfonts.
# Alternatively you could only whitelist your
# subdomains like "subdomain.example.com".
  <IfModule mod_headers.c>
    <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css)$">
      Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
  </IfModule>
#
#### No Directory Listings
   <IfModule mod_autoindex.c>
      IndexIgnore *
   </IfModule>
#
#### Prevent someone from reading .htaccess file
   <Files ~ "^.*\.([Hh][Tt][Aa])">
      order allow,deny
      deny from all
      satisfy all
   </Files>   
#
#### Begin - REWRITE rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
## Block out any script trying to set a mosConfig value through the URL
  RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
## proc/self/environ blocked this is what attacked your site
  RewriteCond %{QUERY_STRING} proc/self/environ [OR]
## Block any script trying to base64_encode data within the URL.
  RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
## Block any script that includes a <script> tag in URL.
  RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
## Block any script trying to set a PHP GLOBALS variable via URL.
  RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
## Block any script trying to modify a _REQUEST variable via URL.
  RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
#
## Block other useful stuff
#  RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
#  RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|&#x0A;|&#x0D;).* [NC,OR]
#
#$  RewriteCond %{HTTP_REFERER} ^(.*)(<|>|’|&#x0A;|&#x0D;|&#x27;|&#x3C;|&#x3E;|&#x00;).* [NC,OR]
#$  RewriteCond %{HTTP_COOKIE} ^.*(<|>|’|&#x0A;|&#x0D;|&#x27;|&#x3C;|&#x3E;|&#x00;).* [NC,OR]
#$  RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|”>|”<|/|\\\.\.\\).{0,9999}.* [NC,OR]
#
#$  RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
#$  RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
#$  RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
#$  RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|’|&#x0A;|&#x0D;|&#x27;|&#x3C;|&#x3E;|&#x00;).* [NC,OR]
#
## Block MySQL injects
#$  RewriteCond %{QUERY_STRING} ^.*(;|<|>|’|”|\)|&#x0A;|&#x0D;|&#x22;|&#x27;|&#x3C;|&#x3E;|&#x00;).*(/\*|union|select|insert|cast|set|declare|drop|u pdate|md5|benchmark).* [NC,OR]
#
#$  RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
#$  RewriteCond %{QUERY_STRING} ^.*\.[A-Za-z0-9].* [NC,OR]
#$  RewriteCond %{QUERY_STRING} ^.*(<|>|’|&#x0A;|&#x0D;|&#x27;|&#x3C;|&#x3E;|&#x00;).* [NC]
#
## Send all blocked request to homepage with 403 Forbidden error!
  RewriteRule ^(.*)$ index.php [F,L] 
#
#### End - Rewrite rules to block out some common exploits.

#
#### Begin - Custom redirects
# If you need to redirect some pages, or set a canonical non-www to www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
#
####
# Uncomment the following line if your webserver's URL is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
   RewriteBase /portal/quatuora
#
## Joomla! Update (core feature) — Joomla versions 2.5.1 through 4.0.3
   RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$ - [L]
## Joomla! Update (core feature) — Joomla versions 4.0.4 and later
#$ RewriteRule ^administrator\/components\/com_joomlaupdate\/extract\.php$ - [L]
#
#### Begin - Joomla! core SEF Section.
   RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# If the requested path and file is not /index.php and the request has not already been internally rewritten to the index.php script
   RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
   RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
   RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
   RewriteRule .* index.php [L]
#
  RewriteCond %{REQUEST_URI} !(\.jpg|\.jpeg|\.gif|\.png|\.css|\.js)$ [NC]
  RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
#
## End - Joomla! core SEF Section.
#
#### Turn off magic quotes gpc for Joomla 3
#$ php_flag magic_quotes_gpc Off
#
#### Begin - ETag Optimization
# This rule will create an ETag for files based only on the modification timestamp and their size. 
# This works wonders if you are using rsync'ed servers, where the inode number of identical files differs.
# Note: It may cause problems on your server and you may need to remove it
   FileETag MTime Size
#
#### Begin - Automatic compression of resources
# Compress text, html, javascript, css, xml, kudos to Komra.de May kill access to your site for old versions of Internet Explorer
# The server needs to be compiled with mod_deflate otherwise it will send HTTP 500 Error.
# mod_deflate is not available on Apache 1.x series. Can only be used with Apache 2.x server.
# AddOutputFilterByType is now deprecated by Apache. Use mod_filter in the future.
   AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
#
# RewriteRule ^templates\/shaper_helixultimate/ - [L]
  RewriteRule ^templates\/shaper_helixultimate/ - [L]
#
#### I found this necessary for @fontface fonts
# RewriteRule ^templates\/shaper_helixultimate\/fonts/ - [L]
  RewriteRule ^templates\/shaper_helixultimate\/fonts/ - [L]
#
#### Yoo Themes Widgetkit and Zoo will not display css styles or images correctly if the cache folder access is blocked
   RewriteRule ^cache\/widgetkit/ - [L]
   RewriteRule ^cache\/com_zoo/ - [L]
   RewriteRule ^cache\/com_templates/ - [L]
   RewriteRule ^cache\/template/ - [L]
   RewriteRule ^cache\/plg_jch_optimize/ - [L]
#
####