added .htaccess to _config.yaml

create a new .htaccess file add security header to .htaccess add cache to .htaccess add none www redirect to .htaccess
2020-05-29 17:51:16 +02:00 · 2020-05-29 17:51:16 +02:00 · 13f6b0af35
commit 13f6b0af35
parent 9f77a36439
2 changed files with 43 additions and 0 deletions
--- a/.htaccess
+++ b/.htaccess
@ -0,0 +1,41 @@
+# Set redirect to non www
+# ------------------------------------------------------------------------------
+RewriteEngine On
+RewriteBase /
+
+RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
+RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
+
+RewriteCond %{HTTPS} !=on
+RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+
+# HTTP Security Header
+# ------------------------------------------------------------------------------
+AddCharset UTF-8 .html
+Header always set Strict-Transport-Security: max-age=63072000
+Header always set X-Content-Type-Options nosniff
+Header always set X-Frame-Options "DENY"
+Header always set X-XSS-Protection "1; mode=block"
+Header always set X-Robots-Tag none
+Header always set Referrer-Policy "same-origin"
+Header always set Expect-CT "enforce, max-age=21600"
+Header always set Content-Security-Policy "default-src 'none'; img-src 'self'; style-src 'self'; font-src 'self'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content"
+Header always set Feature-Policy "geolocation 'none'; midi 'none'; camera 'none'; usb 'none'; magnetometer 'none'; accelerometer 'none'; vr 'none'; speaker 'none'; ambient-light-sensor 'none'; gyroscope 'none'; microphone 'none'"
+
+# Set browser caching
+# ------------------------------------------------------------------------------
+<IfModule mod_expires.c>
+ExpiresActive On
+ExpiresByType image/jpg "access 1 year"
+ExpiresByType image/jpeg "access 1 year"
+ExpiresByType image/gif "access 1 year"
+ExpiresByType image/png "access 1 year"
+ExpiresByType text/css "access 1 month"
+ExpiresByType text/html "access 1 month"
+ExpiresByType application/pdf "access 1 month"
+ExpiresByType text/x-javascript "access 1 month"
+ExpiresByType application/x-shockwave-flash "access 1 month"
+ExpiresByType image/x-icon "access 1 year"
+ExpiresDefault "access 1 month"
+</IfModule>
+# End caching block
--- a/_config.yaml
+++ b/_config.yaml
@ -10,6 +10,8 @@ url: "https://www.nicojensen.de"
 # Build settings
 markdown: kramdown

+include: ['.htaccess']
+
 exclude:
  - vendor
  - source # Don't include the original photos directory