182 lines
5.3 KiB
ApacheConf
182 lines
5.3 KiB
ApacheConf
# KI-Fit Check Questionnaire - Server Configuration
|
|
# For Appwizzy platform compatibility
|
|
|
|
# Set default index files
|
|
DirectoryIndex index.php index.html
|
|
|
|
# Security & Performance
|
|
Options -Indexes
|
|
Options -MultiViews
|
|
ServerSignature Off
|
|
|
|
# Enable Rewrite Engine
|
|
RewriteEngine On
|
|
|
|
# Force HTTPS (uncomment when SSL is installed)
|
|
# RewriteCond %{HTTPS} off
|
|
# RewriteCond %{HTTP_HOST} !^localhost [NC]
|
|
# RewriteCond %{HTTP_HOST} !^127\.0\.0\.1 [NC]
|
|
# RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
|
|
|
|
# ===== SECURITY HEADERS =====
|
|
<IfModule mod_headers.c>
|
|
# Prevent MIME type sniffing
|
|
Header set X-Content-Type-Options "nosniff"
|
|
|
|
# Enable XSS protection
|
|
Header set X-XSS-Protection "1; mode=block"
|
|
|
|
# Prevent clickjacking
|
|
Header set X-Frame-Options "SAMEORIGIN"
|
|
|
|
# Referrer Policy
|
|
Header set Referrer-Policy "strict-origin-when-cross-origin"
|
|
</IfModule>
|
|
|
|
# ===== URL REWRITING =====
|
|
|
|
# 1) Serve existing files/directories as-is
|
|
RewriteCond %{REQUEST_FILENAME} -f [OR]
|
|
RewriteCond %{REQUEST_FILENAME} -d
|
|
RewriteRule ^ - [L]
|
|
|
|
# 2) Handle clean URLs for questionnaire
|
|
# Rewrite /ki-fit-check to index.php (main questionnaire)
|
|
RewriteRule ^ki-fit-check/?$ index.php [L]
|
|
|
|
# 3) Handle other pages
|
|
RewriteRule ^kontakt/?$ ki-check.php [L]
|
|
RewriteRule ^ergebnisse/?$ results.php [L]
|
|
RewriteRule ^erfolg/?$ success.php [L]
|
|
|
|
# 4) Handle API endpoints
|
|
RewriteRule ^api/submit/?$ api/submit.php [L]
|
|
RewriteRule ^api/analyze/?$ api/analyze.php [L]
|
|
RewriteRule ^api/generate-pdf/?$ api/generate-pdf.php [L]
|
|
RewriteRule ^api/send-email/?$ api/send-email.php [L]
|
|
|
|
# 5) Remove trailing slashes for non-directories
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteCond %{REQUEST_URI} (.+)/$
|
|
RewriteRule ^ %1 [R=301,L]
|
|
|
|
# 6) Custom error pages
|
|
ErrorDocument 404 /404.html
|
|
ErrorDocument 500 /500.html
|
|
|
|
# ===== REDIRECTIONS =====
|
|
|
|
# Redirect old .php URLs to clean URLs
|
|
RewriteRule ^index\.php$ / [R=301,L]
|
|
RewriteRule ^ki-check\.php$ /ki-fit-check [R=301,L]
|
|
|
|
# ===== PERFORMANCE OPTIMIZATION =====
|
|
<IfModule mod_expires.c>
|
|
ExpiresActive On
|
|
|
|
# Images
|
|
ExpiresByType image/jpeg "access plus 1 year"
|
|
ExpiresByType image/png "access plus 1 year"
|
|
ExpiresByType image/gif "access plus 1 year"
|
|
ExpiresByType image/svg+xml "access plus 1 year"
|
|
ExpiresByType image/webp "access plus 1 year"
|
|
|
|
# Fonts
|
|
ExpiresByType font/ttf "access plus 1 year"
|
|
ExpiresByType font/otf "access plus 1 year"
|
|
ExpiresByType font/woff "access plus 1 year"
|
|
ExpiresByType font/woff2 "access plus 1 year"
|
|
|
|
# CSS & JavaScript
|
|
ExpiresByType text/css "access plus 1 month"
|
|
ExpiresByType text/javascript "access plus 1 month"
|
|
ExpiresByType application/javascript "access plus 1 month"
|
|
|
|
# HTML
|
|
ExpiresByType text/html "access plus 1 hour"
|
|
</IfModule>
|
|
|
|
<IfModule mod_deflate.c>
|
|
# Compress HTML, CSS, JavaScript, Text, XML and fonts
|
|
AddOutputFilterByType DEFLATE text/html
|
|
AddOutputFilterByType DEFLATE text/css
|
|
AddOutputFilterByType DEFLATE text/javascript
|
|
AddOutputFilterByType DEFLATE text/plain
|
|
AddOutputFilterByType DEFLATE text/xml
|
|
AddOutputFilterByType DEFLATE application/javascript
|
|
AddOutputFilterByType DEFLATE application/json
|
|
AddOutputFilterByType DEFLATE application/xml
|
|
AddOutputFilterByType DEFLATE application/xhtml+xml
|
|
AddOutputFilterByType DEFLATE application/rss+xml
|
|
AddOutputFilterByType DEFLATE application/atom+xml
|
|
AddOutputFilterByType DEFLATE image/svg+xml
|
|
AddOutputFilterByType DEFLATE font/ttf
|
|
AddOutputFilterByType DEFLATE font/otf
|
|
AddOutputFilterByType DEFLATE font/woff
|
|
AddOutputFilterByType DEFLATE font/woff2
|
|
</IfModule>
|
|
|
|
# ===== CORS SETTINGS =====
|
|
<IfModule mod_headers.c>
|
|
# Allow requests from any origin (adjust for production)
|
|
Header set Access-Control-Allow-Origin "*"
|
|
|
|
# Allow specific methods
|
|
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
|
|
|
|
# Allow specific headers
|
|
Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
|
|
|
|
# Allow credentials
|
|
Header set Access-Control-Allow-Credentials "true"
|
|
</IfModule>
|
|
|
|
# ===== CACHE CONTROL =====
|
|
<IfModule mod_headers.c>
|
|
# Cache static assets
|
|
<FilesMatch "\.(css|js|jpg|jpeg|png|gif|svg|woff|woff2|ttf|eot|ico)$">
|
|
Header set Cache-Control "public, max-age=31536000, immutable"
|
|
</FilesMatch>
|
|
|
|
# Don't cache HTML files (except static pages)
|
|
<FilesMatch "\.(html|php)$">
|
|
Header set Cache-Control "public, max-age=3600, must-revalidate"
|
|
</FilesMatch>
|
|
</IfModule>
|
|
|
|
# ===== BLOCK ACCESS TO SENSITIVE FILES =====
|
|
<FilesMatch "^\.">
|
|
Order allow,deny
|
|
Deny from all
|
|
</FilesMatch>
|
|
|
|
<FilesMatch "\.(log|sql|bak|inc|cfg|config|ini|env)$">
|
|
Order allow,deny
|
|
Deny from all
|
|
</FilesMatch>
|
|
|
|
# Block access to config directories
|
|
RedirectMatch 403 ^/ai/.*$
|
|
RedirectMatch 403 ^/db/.*$
|
|
RedirectMatch 403 ^/mail/.*$
|
|
RedirectMatch 403 ^/api/.*$
|
|
|
|
# ===== PHP SETTINGS =====
|
|
<IfModule mod_php.c>
|
|
php_value upload_max_filesize 10M
|
|
php_value post_max_size 10M
|
|
php_value max_execution_time 300
|
|
php_value max_input_time 300
|
|
php_value memory_limit 256M
|
|
</IfModule>
|
|
|
|
# ===== FOR APPWIZZY COMPATIBILITY =====
|
|
# Ensure PHP files are processed correctly
|
|
AddType application/x-httpd-php .php
|
|
AddHandler application/x-httpd-php .php
|
|
|
|
# Set default charset
|
|
AddDefaultCharset UTF-8
|
|
|
|
# Disable directory listing
|
|
IndexIgnore * |