### ===========================================================================
### Security Enhanced & Highly Optimized .htaccess File for Joomla!
### automatically generated by Admin Tools 7.8.7 on 2026-03-24 11:29:07 EDT
### Auto-detected Apache version: 2.4 (best guess)
### ===========================================================================
###
### The contents of this file are based on the same author's work "Master
### .htaccess".
###
### Admin Tools is Free Software, distributed under the terms of the GNU
### General Public License version 3 or, at your option, any later version
### published by the Free Software Foundation.
###
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
### !!                                                                       !!
### !!  If you get an Internal Server Error 500 or a blank page when trying  !!
### !!  to access your site, remove this file and try tweaking its settings  !!
### !!  in the back-end of the Admin Tools component.                        !!
### !!                                                                       !!
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
###

##### Common hacking tools and bandwidth hoggers block -- BEGIN
RewriteCond %{HTTP_USER_AGENT} "Acunetix" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "BOT for JCE" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "BlackWidow" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Bolt 0" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Bot mailto:craftbot@yahoo.com" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "CazoodleBot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "ChinaClaw" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Custo" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "DIIbot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "DISCo" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Default Browser 0" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Download Demon" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "EirGrabber" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "EmailCollector" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "EmailSiphon" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "EmailWolf" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Express WebPictures" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "ExtractorPro" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "EyeNetIE" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "FHscan" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "FlashGet" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "GT::WWW" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "GetRight" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "GetWeb!" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Go!Zilla" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Go-Ahead-Got-It" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "GrabNet" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Grafula" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "HMView" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "HTTP::Lite" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "HTTrack" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "IDBot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "IRLbot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "ISC Systems iRc Search 2.1" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Image Stripper" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Image Sucker" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Indy Library" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "InterGET" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Internet Ninja" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "InternetSeer.com" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "JOC Web Spider" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Java" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "JetCar" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "LeechFTP" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "LinksManager.com_bot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "MFC_Tear_Sample" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "MIDown tool" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "MSFrontPage" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Mass Downloader" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Maxthon$" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Microsoft URL Control" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Missigua Locator" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Mister PiX" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "NEWT" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Navroad" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "NearSite" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Net Vampire" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "NetAnts" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "NetSpider" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "NetZIP" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Octopus" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Offline Explorer" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Offline Navigator" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "PECL::HTTP" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "PHPCrawl" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "PageGrabber" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Papa Foto" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "PeoplePal" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "PleaseCrawl" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "ReGet" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "RealDownload" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Rippers 0" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "SBIder" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "SeaMonkey$" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "SiteSnagger" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "SmartDownload" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Snoopy" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Steeler" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "SuperBot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "SuperHTTP" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Surfbot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Teleport Pro" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Toata dragostea mea pentru diavola" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "TurnitinBot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "URI::Fetch" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "VoidEYE" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WEP Search" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WWW-Mechanize" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WWWOFFLE" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Web Image Collector" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Web Sucker" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebAuto" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebBandit" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebCollage" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebCopier" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebFetch" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebGo IS" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebLeacher" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebReaper" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebSauger" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebStripper" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebWhacker" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "WebZIP" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Website Quester" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Website eXtractor" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Wells Search II" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Wget" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Widow" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Xaldon WebSpider" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Yandex" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "Zeus" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "ZyBorg" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "binlar" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "casper" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "checkprivacy" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "clshttp" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "cmsworldmap" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "comodo" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "diavol" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "discobot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "dotbot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "eCatch" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "ecxi" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "extract" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "feedfinder" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "flicky" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "grab" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "harvest" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "heritrix" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "ia_archiver" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "id-search" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "id-search.org" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "jakarta" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "kmccrew" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "larbin" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "libwww" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "libwww-perl" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "linkwalker" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "lwp-trivial" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "microsoft.url" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "miner" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "nutch" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "panscient.com" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "pavuk" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "pcBrowser" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "planetwork" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "psbot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "purebot" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "pycurl" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "sitecheck.internetseer.com" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "skygrid" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "sqlmap" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "sucker" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "tAkeOut" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "turnit" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "urllib" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "vikspider" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "webalta" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "webbandit" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "zermelo" [NC] [OR]
RewriteCond %{HTTP_USER_AGENT} "zmeu" [NC]
RewriteRule ^ - [F,L]
##### Common hacking tools and bandwidth hoggers block -- END
##### RewriteEngine enabled - BEGIN
RewriteEngine On
##### RewriteEngine enabled - END

# PHP FastCGI fix for HTTP Authorization
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
##### RewriteBase set - BEGIN
RewriteBase /
##### RewriteBase set - END

##### File execution order -- BEGIN
DirectoryIndex index.php index.html
##### File execution order -- END

##### Follow symlinks -- BEGIN
##### Follow symlinks -- END

##### Optimal default expiration time - BEGIN
<IfModule mod_expires.c>
	# Enable expiration control
	ExpiresActive On
	
	# No caching for specific resource types
	## -- Application cache manifest
	ExpiresByType text/cache-manifest "now"
	## -- XML and JSON
	ExpiresByType application/json "now"
	ExpiresByType application/xml "now"
	ExpiresByType text/xml "now"

	## RSS and Atom feeds: 1 hour (hardcoded)
	ExpiresByType application/atom+xml "now plus 1 hour"
	ExpiresByType application/rss+xml "now plus 1 hour"

	# CSS and JS expiration: 1 year after request
	ExpiresByType text/css "now plus 1 year"
	ExpiresByType text/javascript "now plus 1 year"
	ExpiresByType application/javascript "now plus 1 year"
	ExpiresByType application/ld+json "now plus 1 year"
	ExpiresByType application/x-javascript "now plus 1 year"

	# Image files expiration: 1 year after request
	ExpiresByType application/ico "now plus 1 year"
	ExpiresByType application/smil "now plus 1 year"
	ExpiresByType application/vnd.wap.wbxml "now plus 1 year"
	ExpiresByType image/bmp "now plus 1 year"
	ExpiresByType image/gif "now plus 1 year"
	ExpiresByType image/ico "now plus 1 year"
	ExpiresByType image/icon "now plus 1 year"
	ExpiresByType image/jp2 "now plus 1 year"
	ExpiresByType image/jpeg "now plus 1 year"
	ExpiresByType image/jpg "now plus 1 year"
	ExpiresByType image/pipeg "now plus 1 year"
	ExpiresByType image/png "now plus 1 year"
	ExpiresByType image/svg+xml "now plus 1 year"
	ExpiresByType image/tiff "now plus 1 year"
	ExpiresByType image/vnd.microsoft.icon "now plus 1 year"
	ExpiresByType image/vnd.wap.wbmp "now plus 1 year"
	ExpiresByType image/webp "now plus 1 year"
	ExpiresByType image/x-icon "now plus 1 year"
	ExpiresByType text/ico "now plus 1 year"
	
	# Font files expiration: 1 year after request
	ExpiresByType application/font-woff "now plus 1 year"
	ExpiresByType application/font-woff2 "now plus 1 year"
	ExpiresByType application/vnd.ms-fontobject "now plus 1 year"
	ExpiresByType application/x-font-opentype "now plus 1 year"
	ExpiresByType application/x-font-ttf "now plus 1 year"
	ExpiresByType application/x-font-woff "now plus 1 year"
	ExpiresByType font/opentype "now plus 1 year"
	ExpiresByType font/otf "now plus 1 year"
	ExpiresByType font/ttf "now plus 1 year"
	ExpiresByType font/woff "now plus 1 year"
	ExpiresByType font/woff2 "now plus 1 year"

	# Audio files expiration: 1 year after request
	ExpiresByType application/ogg "now plus 1 year"
	ExpiresByType audio/3gpp "now plus 1 year"
	ExpiresByType audio/3gpp2 "now plus 1 year"
	ExpiresByType audio/aac "now plus 1 year"
	ExpiresByType audio/basic "now plus 1 year"
	ExpiresByType audio/mid "now plus 1 year"
	ExpiresByType audio/midi "now plus 1 year"
	ExpiresByType audio/mp3 "now plus 1 year"
	ExpiresByType audio/mpeg "now plus 1 year"
	ExpiresByType audio/ogg "now plus 1 year"
	ExpiresByType audio/opus "now plus 1 year"
	ExpiresByType audio/x-aiff "now plus 1 year"
	ExpiresByType audio/x-mpegurl "now plus 1 year"
	ExpiresByType audio/x-pn-realaudio "now plus 1 year"
	ExpiresByType audio/x-wav "now plus 1 year"
	ExpiresByType audio/wav "now plus 1 year"

	# Movie files expiration: 1 year after request
	ExpiresByType application/x-shockwave-flash "now plus 1 year"
	ExpiresByType video/3gpp "now plus 1 year"
	ExpiresByType video/3gpp2 "now plus 1 year"
	ExpiresByType video/mp4 "now plus 1 year"
	ExpiresByType video/mpeg "now plus 1 year"
	ExpiresByType video/ogg "now plus 1 year"
	ExpiresByType video/quicktime "now plus 1 year"
	ExpiresByType video/webm "now plus 1 year"
	ExpiresByType video/x-la-asf "now plus 1 year"
	ExpiresByType video/x-ms-asf "now plus 1 year"
	ExpiresByType video/x-msvideo "now plus 1 year"
	ExpiresByType x-world/x-vrml "now plus 1 year"
</IfModule>

# Disable caching of administrator/index.php
<Files "administrator/index.php">
	<IfModule mod_expires.c>
		ExpiresActive Off
	</IfModule>
	<IfModule mod_headers.c>
		Header unset ETag
		Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
		Header set Pragma "no-cache"
		Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
	</IfModule>
</Files>

##### Optimal default expiration time - END

##### Automatic compression of resources -- BEGIN
# Automatically serve .css.gz, .css.br, .js.gz or .js.br instead of the original file
# These are versions of the files pre-compressed with GZip or Brotli, respectively
<IfModule mod_headers.c>
    # Serve Brotli compressed CSS files if they exist and the client accepts Brotli.
    RewriteCond "%{HTTP:Accept-encoding}" "br"
    RewriteCond "%{REQUEST_FILENAME}\.br" -s
    RewriteRule "^(.*)\.css" "$1\.css\.br" [QSA]

    # Serve Brotli compressed JS files if they exist and the client accepts Brotli.
    RewriteCond "%{HTTP:Accept-encoding}" "br"
    RewriteCond "%{REQUEST_FILENAME}\.br" -s
    RewriteRule "^(.*)\.js" "$1\.js\.br" [QSA]
    
    # Serve correct content types, and prevent double compression.
    RewriteRule "\.css\.br$" "-" [T=text/css,E=no-gzip:1,E=no-brotli:1,L]
	RewriteRule "\.js\.br$" "-" [T=text/javascript,E=no-gzip:1,E=no-brotli:1,L]
    
    <FilesMatch "(\.js\.br|\.css\.br)$">
      # Serve correct encoding type.
      Header set Content-Encoding br

      # Force proxies to cache gzipped & non-gzipped css/js files separately.
      Header append Vary Accept-Encoding
    </FilesMatch>

    # Serve gzip compressed CSS files if they exist and the client accepts gzip.
    RewriteCond "%{HTTP:Accept-encoding}" "gzip"
    RewriteCond "%{REQUEST_FILENAME}\.gz" -s
    RewriteRule "^(.*)\.css" "$1\.css\.gz" [QSA]

    # Serve gzip compressed JS files if they exist and the client accepts gzip.
    RewriteCond "%{HTTP:Accept-encoding}" "gzip"
    RewriteCond "%{REQUEST_FILENAME}\.gz" -s
    RewriteRule "^(.*)\.js" "$1\.js\.gz" [QSA]

    # Serve correct content types, and prevent mod_filter double gzip.
    # Also set it as the last rule to prevent the Front- or Backend protection from preventing access to the .gz file.
    RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1,E=no-brotli:1,L]
	RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1,E=no-brotli:1,L]

    <FilesMatch "(\.js\.gz|\.css\.gz)$">
      # Serve correct encoding type.
      Header set Content-Encoding gzip

      # Force proxies to cache gzipped & non-gzipped css/js files separately.
      Header append Vary Accept-Encoding
    </FilesMatch>
</IfModule>

## Automatically compress by MIME type using mod_brotli. Takes priority due to better compression ratio.
<IfModule mod_brotli.c>
	AddOutputFilterByType BROTLI_COMPRESS text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript image/svg+xml
</IfModule>

## Automatically compress by MIME type using mod_filter.
<IfModule mod_filter.c>
	AddOutputFilterByType DEFLATE text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript image/svg+xml
</IfModule>

## Fallback to mod_gzip when neither mod_brotli nor mod_filter is available
<IfModule !mod_brotli.c>
	<IfModule !mod_filter.c>
		<IfModule mod_gzip.c>
			mod_gzip_on Yes
			mod_gzip_dechunk Yes
			mod_gzip_keep_workfiles No
			mod_gzip_can_negotiate Yes
			mod_gzip_add_header_count Yes
			mod_gzip_send_vary Yes
			mod_gzip_min_http 1000
			mod_gzip_minimum_file_size 300
			mod_gzip_maximum_file_size 512000
			mod_gzip_maximum_inmem_size 60000
			mod_gzip_handle_methods GET
			mod_gzip_item_include file \.(html?|txt|css|js|php|pl|xml|rb|py|svg|scgz)$
			mod_gzip_item_include mime ^text/javascript$
			mod_gzip_item_include mime ^text/plain$
			mod_gzip_item_include mime ^text/xml$
			mod_gzip_item_include mime ^text/css$
			mod_gzip_item_include mime ^application/xml$
			mod_gzip_item_include mime ^application/xhtml+xml$
			mod_gzip_item_include mime ^application/rss+xml$
			mod_gzip_item_include mime ^application/javascript$
			mod_gzip_item_include mime ^application/x-javascript$
			mod_gzip_item_include mime ^image/svg+xml$
			mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
			mod_gzip_item_include handler ^cgi-script$
			mod_gzip_item_include handler ^server-status$
			mod_gzip_item_include handler ^server-info$
			mod_gzip_item_include handler ^application/x-httpd-php
			mod_gzip_item_exclude mime ^image/.*
		</ifmodule>
	</IfModule>
</IfModule>
##### Automatic compression of resources -- END
## Force GZip compression for mangled Accept-Encoding headers
<IfModule mod_setenvif.c>
	<IfModule mod_headers.c>
		SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
		RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
	</IfModule>
</IfModule>
##### Redirect non-www to www -- BEGIN
# HTTP
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
# HTTPS
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} ==https
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
##### Redirect non-www to www -- END
##### Rewrite rules to block out some common exploits -- BEGIN
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code\(.*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F]
##### Rewrite rules to block out some common exploits -- END
##### File injection protection -- BEGIN
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http[s]?:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]
##### File injection protection -- END

##### Advanced server protection rules exceptions -- BEGIN
RewriteRule ^administrator\/components\/com_akeeba\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_akeebabackup\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/extract\.php$ - [L]
RewriteRule ^sitemap\.xml$ - [L]
RewriteCond %{REQUEST_FILENAME} !(\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^\.well\-known/ - [L]
RewriteRule ^installation/ - [L]
##### Advanced server protection rules exceptions -- END

##### Advanced server protection -- BEGIN

#### Back-end protection
RewriteRule ^administrator/?$ - [L]
RewriteRule ^administrator/index\.(php|html?)$ - [L]
RewriteRule ^administrator/(components|modules|templates)/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xps|xsl|zip)$ - [L,NC]
RewriteRule ^administrator/ - [F]
#### Front-end protection
## Allow limited access to additional TinyMCE plugins' HTML files
RewriteRule ^media/plg_editors_tinymce/js/plugins/.*\.(htm|html)$ - [L,NC]
## Allow limited access for certain directories with client-accessible content
RewriteRule ^(components|modules|templates|images|plugins|media|libraries|files)/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xps|xsl|zip)$ - [L,NC]
RewriteRule ^(components|modules|templates|images|plugins|media|libraries|files)/ - [F]
## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above)
RewriteRule ^includes/js/ - [L]
RewriteRule ^(cache|includes|language|logs|log|tmp)/ - [F]
RewriteRule ^(configuration\.php|CONTRIBUTING\.md|htaccess\.txt|joomla\.xml|LICENSE\.txt|phpunit\.xml|README\.txt|web\.config\.txt) - [F]

## Explicitly allow access to the site's index.php main entry point file
RewriteRule ^index.php(/.*){0,1}$ - [L]
## Explicitly allow access to the API application's index.php main entry point file
RewriteRule ^api/index.php(/.*){0,1}$ - [L]
## Explicitly allow access to the site's robots.txt file
RewriteRule ^robots.txt$ - [L]

## Disallow access to all other PHP files throughout the site, unless they are explicitly allowed
RewriteCond %{REQUEST_FILENAME} (\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule (.*\.php)$ - [F]
#### Disable client-side risky behavior in backend static content
SetEnvIf Request_URI "^/administrator/(components|modules|templates)/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xps|xsl|zip)$" disable_risky_behaviour
#### Disable client-side risky behavior in frontend static content
SetEnvIf Request_URI "^/(components|modules|templates|images|plugins|media|libraries|files)/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xps|xsl|zip)$" disable_risky_behaviour
##### Always allow TinyMCE plugin files to load scripts (they need to)
SetEnvIf Request_URI "^/media/plg_editors_tinymce/js/plugins/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xps|xsl|zip)$" !disable_risky_behaviour
SetEnvIf Request_URI "^/media/plg_editors_tinymce/js/plugins/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xps|xsl|zip)$" !disable_risky_behaviour

##### Advanced server protection rules exceptions also bypass the “disable client-side risky behavior” features -- BEGIN
SetEnvIf Request_URI "^/administrator\/components\/com_akeeba\/restore\.php$" !disable_risky_behaviour
SetEnvIf Request_URI "^/administrator\/components\/com_akeebabackup\/restore\.php$" !disable_risky_behaviour
SetEnvIf Request_URI "^/administrator\/components\/com_joomlaupdate\/restore\.php$" !disable_risky_behaviour
SetEnvIf Request_URI "^/administrator\/components\/com_joomlaupdate\/extract\.php$" !disable_risky_behaviour
SetEnvIf Request_URI "^/sitemap\.xml$" !disable_risky_behaviour
SetEnvIf Request_URI "^/\.well\-known/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xps|xsl|zip)$" !disable_risky_behaviour
SetEnvIf Request_URI "^/\.well\-known/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xps|xsl|zip)$" !disable_risky_behaviour
SetEnvIf Request_URI "^/installation/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xps|xsl|zip)$" !disable_risky_behaviour
SetEnvIf Request_URI "^/installation/.*\.(7z|CSS|EOT|GIF|JPEG|JPG|JS|PNG|TTF|WEBP|WOFF|WOFF2|avi|bmp|css|doc|docx|eot|flv|gif|htm|html|ico|jp2|jpe|jpe2|jpeg|jpg|js|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogv|pdf|png|ppt|pptx|rar|svg|swf|ttf|txt|wav|webp|woff|woff2|xls|xlsx|xps|xsl|zip)$" !disable_risky_behaviour
##### Advanced server protection rules exceptions also bypass the “disable client-side risky behavior” features -- END


# Apply the "Disable client-side risky behavior" features
Header always set Content-Security-Policy "default-src 'self'; script-src 'none';" env=disable_risky_behaviour
## Disallow access to htaccess.txt, php.ini, .user.ini and configuration.php-dist
RewriteRule ^(htaccess\.txt|configuration\.php-dist|php\.ini|\.user\.ini)$ - [F]
# Disallow access to all other front-end folders
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} !^/
RewriteRule .* - [F]

# Disallow access to all other front-end files
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule !^index.php$ - [F]
## Remove Apache and PHP version signature
<IfModule mod_headers.c>
	Header always unset X-Powered-By
	Header always unset X-Content-Powered-By
</IfModule>

ServerSignature Off
##### Advanced server protection -- END

## Referrer-policy
<IfModule mod_headers.c>
	Header always set Referrer-Policy "unsafe-url"
</IfModule>
##### Joomla! core SEF Section -- BEGIN
# -- SEF URLs for the API application
RewriteCond %{REQUEST_URI} ^/api/
RewriteCond %{REQUEST_URI} !^/api/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* api/index.php [L]

# -- SEF URLs for the public frontend application
##### Joomla! core SEF Section -- BEGIN
RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]
##### Joomla! core SEF Section -- END



php_value upload_max_filesize 100M
php_value post_max_size 105M
php_value max_input_vars 5000
