From e4b2bedda59cfbc28c69e68cc8667afaa79d12cb Mon Sep 17 00:00:00 2001
From: "tristan.champomier" <rooty@rooty.me>
Date: Sun, 11 Apr 2021 02:07:14 +0200
Subject: [PATCH] Implemented headers securization

---
 .htaccess | 138 ++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 98 insertions(+), 40 deletions(-)

diff --git a/.htaccess b/.htaccess
index 764cccc..6ccfe83 100755
--- a/.htaccess
+++ b/.htaccess
@@ -1,45 +1,103 @@
-RewriteEngine on
-
-# Prévention des attaques cross site tracing
-RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
-RewriteRule .* - [F]
-
-# RewriteCond %{HTTP_HOST} !^www\.
-# RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
-
-# RewriteRule ^accueil ./wwwfab_lorg-142-accueil-actionLectureInfo-175.htm
-# RewriteRule ^actualites ./wwwfab_lorg-142-actualites-actionGuest-211.htm
-# RewriteRule ^actualité ./wwwfab_lorg-142-actualites-actionGuest-211.htm
-# RewriteRule ^actualités ./wwwfab_lorg-142-actualites-actionGuest-211.htm
-# RewriteRule ^inscription ./wwwfab_lorg-142-les_communautes-formLecture-2.htm?param=139
-# RewriteRule ^calendrier ./wwwfab_lorg-142-lassociation_lcube-actionLectureInfo-205.htm
-# RewriteRule ^adhesion ./wwwfab_lorg-142-les_communautes-formLectureAdh-2.htm?param=139
-# RewriteRule ^adhesionind ./wwwfab_lorg-142-les_communautes-formLectureAdhPart-2.htm?abs=1&param=139
-# RewriteRule ^adhesionsoc ./wwwfab_lorg-142-les_communautes-formLectureAdhSoc-2.htm?abs=1&param=139
-# RewriteRule ^forum ./wwwfab_lorg-142-forum-actionViewer-177.htm
-# RewriteRule ^statuts ./wwwfab_lorg-142-lcube-actionLectureInfo-205.htm?param=2
-# RewriteRule ^regint ./wwwfab_lorg-142-lcube-actionLectureInfo-205.htm?param=3
-# RewriteRule ^confid ./wwwfab_lorg-142-lcube-actionLectureInfo-205.htm?param=4
-# RewriteRule ^legals ./wwwfab_lorg-142-lcube-actionLectureInfo-205.htm?param=5
-# RewriteRule ^contact ./wwwfab_lorg-142-contacts-actionGuest-210.htm?abs=1
-# RewriteRule ^carte ./wwwfab_lorg-142-contacts-actionGuest-210.htm#maplcube
-# RewriteRule ^rss ./wwwfab_lorg-142-actualites-guestRSS-211.htm?abs=1
-# RewriteRule ^japanlive https://fab-l3.org:7443/ofmeet/?r=japanlive
-# RewriteRule ^fr_FR ./?system=language&lid=1
-# RewriteRule ^en_GB ./?system=language&lid=2
-# RewriteRule ^fr-FR ./?system=language&lid=1
-# RewriteRule ^en-GB ./?system=language&lid=2
-
-RewriteRule (.*)-(.*)-(.*)-(.*)-(.*)\.htm[l]?$ /index.php?oid=$5&action=$4&navigationNodeId=$2&%{QUERY_STRING} [PT]
-
-# enable PHP error logging
-#php_value log_errors 1
-#php_value error_log  /homez.406/gameunit/www/PHP_errors.log
-
-# SetEnv log_errors 1
-# SetEnv error_log  /homez.406/gameunit/www/log/php_errors.log
+AddDefaultCharset utf-8
 Options -Indexes
 
+<IfModule mod_headers.c>
+	<IfModule mod_env.c>
+		# Add security and privacy related headers
+
+		# Avoid doubled headers by unsetting headers in "onsuccess" table,
+		# then add headers to "always" table
+		Header onsuccess unset Referrer-Policy
+		Header always set Referrer-Policy "no-referrer"
+
+		Header onsuccess unset X-Content-Type-Options
+		Header always set X-Content-Type-Options "nosniff"
+
+		Header onsuccess unset X-Download-Options
+		Header always set X-Download-Options "noopen"
+
+		Header onsuccess unset X-Frame-Options
+		Header always set X-Frame-Options "SAMEORIGIN"
+
+		Header onsuccess unset X-Permitted-Cross-Domain-Policies
+		Header always set X-Permitted-Cross-Domain-Policies "none"
+
+		Header onsuccess unset X-Robots-Tag
+		Header always set X-Robots-Tag "none"
+
+		Header onsuccess unset X-XSS-Protection
+		Header always set X-XSS-Protection "1; mode=block"
+		
+		Header onsuccess unset Strict-Transport-Security
+		Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
+		
+		Header onsuccess unset Permissions-Policy
+		Header always set Permissions-Policy "geolocation=(self);midi=(self);microphone=(self);camera=(self);fullscreen=(self);payment=()"
+
+		SetEnv modHeadersAvailable true
+	</IfModule>
+</IfModule>
+
+<IfModule mod_php7.c>
+	php_value mbstring.func_overload 0
+	php_value default_charset 'UTF-8'
+	php_value output_buffering 0
+	php_value memory_limit 512M
+	<IfModule mod_env.c>
+		SetEnv htaccessWorking true
+	</IfModule>
+</IfModule>
+
+<IfModule mod_php8.c>
+	php_value mbstring.func_overload 0
+	php_value default_charset 'UTF-8'
+	php_value output_buffering 0
+	php_value memory_limit 512M
+	<IfModule mod_env.c>
+		SetEnv htaccessWorking true
+	</IfModule>
+</IfModule>
+
+<IfModule mod_rewrite.c>
+	RewriteEngine on
+
+	# Prévention des attaques cross site tracing
+	RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+	RewriteRule .* - [F]
+
+	# RewriteCond %{HTTP_HOST} !^www\.
+	# RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
+
+	# RewriteRule ^accueil ./wwwfab_lorg-142-accueil-actionLectureInfo-175.htm
+	# RewriteRule ^actualites ./wwwfab_lorg-142-actualites-actionGuest-211.htm
+	# RewriteRule ^actualité ./wwwfab_lorg-142-actualites-actionGuest-211.htm
+	# RewriteRule ^actualités ./wwwfab_lorg-142-actualites-actionGuest-211.htm
+	# RewriteRule ^inscription ./wwwfab_lorg-142-les_communautes-formLecture-2.htm?param=139
+	# RewriteRule ^calendrier ./wwwfab_lorg-142-lassociation_lcube-actionLectureInfo-205.htm
+	# RewriteRule ^adhesion ./wwwfab_lorg-142-les_communautes-formLectureAdh-2.htm?param=139
+	# RewriteRule ^adhesionind ./wwwfab_lorg-142-les_communautes-formLectureAdhPart-2.htm?abs=1&param=139
+	# RewriteRule ^adhesionsoc ./wwwfab_lorg-142-les_communautes-formLectureAdhSoc-2.htm?abs=1&param=139
+	# RewriteRule ^forum ./wwwfab_lorg-142-forum-actionViewer-177.htm
+	# RewriteRule ^statuts ./wwwfab_lorg-142-lcube-actionLectureInfo-205.htm?param=2
+	# RewriteRule ^regint ./wwwfab_lorg-142-lcube-actionLectureInfo-205.htm?param=3
+	# RewriteRule ^confid ./wwwfab_lorg-142-lcube-actionLectureInfo-205.htm?param=4
+	# RewriteRule ^legals ./wwwfab_lorg-142-lcube-actionLectureInfo-205.htm?param=5
+	# RewriteRule ^contact ./wwwfab_lorg-142-contacts-actionGuest-210.htm?abs=1
+	# RewriteRule ^carte ./wwwfab_lorg-142-contacts-actionGuest-210.htm#maplcube
+	# RewriteRule ^rss ./wwwfab_lorg-142-actualites-guestRSS-211.htm?abs=1
+	# RewriteRule ^japanlive https://fab-l3.org:7443/ofmeet/?r=japanlive
+	# RewriteRule ^fr_FR ./?system=language&lid=1
+	# RewriteRule ^en_GB ./?system=language&lid=2
+	# RewriteRule ^fr-FR ./?system=language&lid=1
+	# RewriteRule ^en-GB ./?system=language&lid=2
+
+	RewriteRule (.*)-(.*)-(.*)-(.*)-(.*)\.htm[l]?$ /index.php?oid=$5&action=$4&navigationNodeId=$2&%{QUERY_STRING} [PT]
+</IfModule>
+
+<IfModule pagespeed_module>
+  ModPagespeed Off
+</IfModule>
+
 # SetEnvIfNoCase Referer "^http://www.fab-l3.org/" locally_linked=1
 # SetEnvIfNoCase Referer "^https://www.fab-l3.org/" locally_linked=1
 # SetEnvIfNoCase Referer "^http://www.fab-l3.org$" locally_linked=1