Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory :  /home/corals/mcoil.corals.io/

Upload File : current_dir [ Writeable ] document_root [ Writeable ]

Options -MultiViews -Indexes

<IfModule mod_rewrite.c>
RewriteEngine On

########## REDIRECT TO WWW AND HTTPS
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}/$1 [L,R=301]

########## REDIRECT TO HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

########## SET SITE TO UNDERCONSTRUCTION WITH IPS LISTED ABLE TO SEE SITE
# RewriteCond %{REMOTE_ADDR} !ip-here
# RewriteCond %{REQUEST_FILENAME} !-f
# RewriteRule ^(.*)$ /under-construction/index.php [R=302,L]

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_URI} !(\.css|\.js|\.png|\.jpg|\.gif|robots\.txt)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule ^(css|js|images|font|fonts)/(.*)$ public/$1/$2 [L,NC]
    
</IfModule>

<IfModule mod_rewrite.c>
#Customize expires cache start - adjust the period according to your needs
<IfModule mod_expires.c>
  FileETag MTime Size
  AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
  ExpiresActive On
  ExpiresByType text/html "access 600 seconds"
  ExpiresByType application/xhtml+xml "access 600 seconds"
  ExpiresByType text/css "access 1 month"
  ExpiresByType text/javascript "access 1 month"
  ExpiresByType text/x-javascript "access 1 month"
  ExpiresByType application/javascript "access 1 month"
  ExpiresByType application/x-javascript "access 1 month"
  ExpiresByType application/x-shockwave-flash "access 1 month"
  ExpiresByType application/pdf "access 1 month"
  ExpiresByType image/x-icon "access 1 year"
  ExpiresByType image/jpg "access 1 year"  
  ExpiresByType image/jpeg "access 1 year"
  ExpiresByType image/png "access 1 year"
  ExpiresByType image/gif "access 1 year"
  ExpiresDefault "access 1 month"
</IfModule>
#Expires cache end

########## DISABLES SERVER SIGNATURE
ServerSignature Off

########## PREVENT VIEWING OF HTACCESS - INI - LOG - DSSTORE - PHOTOSHOP IMAGES - SHELL
<Files "\.(htaccess|ht|htpasswd|ini|DS_Store|bak|conf|dist|fla|psd|log|sh|in[ci]|sql|sw[op]|config|md|yml|env|exe|dll|asp|hidden)$">
Order allow,deny
Deny from all
Satisfy All
</Files>

########## PREVENT VIEWING OF ALL HTACCESS DSSTORE SHITE AND _ - RESOURCE FORK FILES
<Files ~ "^\.([Hh][Tt][Aa]|[Hh][Tt][Pp]|[Dd][Ss]_[Ss]|[_])">
Order allow,deny
Deny from all
Satisfy All
</Files>

########## PREVENT VIEWING OF ALL LOG AND COMMENT FILES
<Files ~ "^.*\.([Ll][Oo][Gg]|[cC][oO][mM][mM][eE][nN][tT])">
Order allow,deny
Deny from all
Satisfy All
</Files>
<Files .env>
    Order allow,deny
    Deny from all
</Files>

########## BLOCK SPAM VISITS BY DOMAIN
RewriteCond %{HTTP_REFERER} ^http://.*semalt\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*4webmasters\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*trafficmonetize\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*guardlink\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*free\-social\-buttons\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*event\-tracking\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*Get\-Free\-Traffic\-Now\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*econom\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buttons\-for\-website\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*burger-imperia\.com\ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*1-99seo\.com\ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*pizza-tycoon\.com\ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*pizza-imperia\.com\ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*hundejo\.com\ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^.]+\.)*burger-imperia\.com\ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^.]+\.)*1-99seo\.com\ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^.]+\.)*pizza-tycoon\.com\ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^.]+\.)*pizza-imperia\.com\ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^.]+\.)*hundejo\.com\ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*darodar\..* [NC]
RewriteRule ^(.*)$ – [F,L]

########## BLOCKING CYVEILLANCE - CYBER INTELLIGENCE INDUSTRY
RewriteCond %{REMOTE_ADDR} "^63\.148\.99\.2(2[4-9]ﾃつｦ[3-4][0-9]ﾃつｦ5[0-5])$"
RewriteRule .* - [F]

########## CACHES EXPIRY
<IfModule mod_headers.c>
########## 1 YEAR
<FilesMatch "\.(ico|svg|woff|eot|ttf|flv|pdf|epdf|avi|mov|ppt|doc|mp3|wmv|wav|swf)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>

########## 1 MONTH
<FilesMatch "\.(jpg|jpeg|png|gif)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>

########## 1 WEEK
<FilesMatch "\.(js|css)$">
Header set Cache-Control "max-age=604800, public, must-revalidate"
</FilesMatch>

########## 2 HOURS
<FilesMatch "\.(html|htm|php|xml)$">
Header set Cache-Control "max-age=7200, must-revalidate"
</FilesMatch>

########## NEVER CACHE - notice the extra directives
<FilesMatch "\.(cgi|pl|json)$">
Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
</FilesMatch>
</IfModule>

########## COMPRESS TEXT HTML JAVASCRIPT CSS XML
<IfModule mod_mime.c>
AddType application/x-javascript .js
AddType text/javascript .js
AddType application/javascript .js
AddType text/css .css
AddType text/html .html
</IfModule>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/opentype
########## FOR OLDER BROWSERS WHICH CANT HANDLE COMPRESSION
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>

<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_include mime ^text/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_include handler ^cgi-script$
</IfModule>

<IfModule mod_headers.c>
    # Serve gzip compressed CSS files if they exist 
    # and the client accepts gzip.
    RewriteCond "%{HTTP:Accept-encoding}" "gzip"
    RewriteCond "%{REQUEST_FILENAME}\.gz" -s
    RewriteRule "^(.*)\.css" "$1\.css\.gz" [QSA]

    # Serve gzip compressed JS files if they exist 
    # and the client accepts gzip.
    RewriteCond "%{HTTP:Accept-encoding}" "gzip"
    RewriteCond "%{REQUEST_FILENAME}\.gz" -s
    RewriteRule "^(.*)\.js" "$1\.js\.gz" [QSA]


    # Serve correct content types, and prevent mod_deflate double gzip.
    RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1]
    RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1]


    <FilesMatch "(\.js\.gz|\.css\.gz)$">
      # Serve correct encoding type.
      Header append Content-Encoding gzip

      # Force proxies to cache gzipped & 
      # non-gzipped css/js files separately.
      Header append Vary Accept-Encoding
    </FilesMatch>
</IfModule>

########## PREVENTS USE OF SPECIFIED METHODS IN HTTP REQUEST 
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|PUT|CONNECT) [NC,OR] 

########## BLOCKS OUT ILLEGAL OR UNSAFE CHARACTERS IN HTTP REQUEST
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]

########## BLOCKS OUT ILLEGAL OR UNSAFE CHARACTERS IN REFERER VARIABLE OF THE HTTP REQUEST 
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]

########## BLOCKS OUT ILLEGAL OR UNSAFE CHARACTERS IN ANY COOKIE ASSOCIATED WITH THE HTTP REQUEST 
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 

########## BLOCKS OUT ILLEGAL OR UNSAFE CHARACTERS IN URI OR USE OF MALFORMED URI 
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(\=|\@|\[|\]|\^|\`|\{|\}|\~).* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(\'|%0A|%0D|%27|%3C|%3E|%00).* [NC]

########## BLOCKS OUT ILLEGAL OR UNSAFE CHARACTERS IN ANY COOKIE ASSOCIATED WITH THE HTTP REQUEST 
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 

########## BLOCKS OUT ILLEGAL OR UNSAFE CHARACTERS IN URI OR USE OF MALFORMED URI 
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR] 

########## BLOCKS OUT USE OF EMPTY USERAGENT STRINGS
########## NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal 
# RewriteCond %{HTTP_USER_AGENT} ^$ [OR] 

########## BLOCKS OUT USE OF ILLEGAL OR UNSAFE CHARACTERS IN THE USERAGENT VARIABLE 
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
RewriteRule .* - [F,L]

########## REQUIRE HTTP 1.1 OR 2.0 FOR POSTS
# RewriteCond %{THE_REQUEST} ^POST(.*)HTTP/(0\.9|1\.0)$ [NC]
RewriteCond %{REQUEST_METHOD} ^POST [NC]
RewriteCond %{THE_REQUEST} !HTTP/1\.1$ [NC]
RewriteCond %{THE_REQUEST} !HTTP/2\.0$
RewriteRule .* - [F,L]

########## DISABLE HTTP 0dot9 AND 1dot0 PROTOCOL - STOPS SECURITY WEAKNESS FOR SESSION HIJACKING
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteCond %{THE_REQUEST} !HTTP/2.0$
RewriteRule .* - [F]

########## MEASURES TO BLOCK OUT SQL INJECTION ATTACKS 
RewriteRule ^.*EXEC\(@.*$ - [R=404,L,NC]
RewriteRule ^.*CAST\(.*$ - [R=404,L,NC] 
RewriteRule ^.*DECLARE.*$ - [R=404,L,NC]  
RewriteRule ^.*DECLARE%20.*$ - [R=404,L,NC]
RewriteRule ^.*NVARCHAR.*$ - [R=404,L,NC]  
RewriteRule ^.*sp_password.*$ - [R=404,L,NC]
RewriteRule ^.*%20xp_.*$ - [R=404,L,NC]

########## XSS PROTECTION - SCRIPT INJECTIONS - MOSCONFIG - BASE64 - ATTEMPTS TO MODIFY PHP GLOBALS AND REQUEST VARIABLES
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ - [F,L]

# BLOCK MySQL INJECTIONS RFI base64 ETC
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|meta|script|truncate|set|exec|nvarchar|sp_password|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|meta|script|truncate|set|exec|nvarchar|sp_password|md5|benchmark|encode).* [NC,OR] 
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F,L]

########## BLOCKS OUT REFERENCE TO localhost IN THE QUERY STRING 
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR] 

########## BLOCKS OUT USE OF ILLEGAL OR UNSAFE CHARACTERS IN THE QUERY STRING VARIABLE 
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]

########## FILE INJECTION PROTECTION
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http%3A%2F%2F [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]

########## DROP RANGE HEADER WHEN MORE THAN 5 PAGES - CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

########## PHP-CGI VULNERABILITY
RewriteCond %{QUERY_STRING} ^(%2d|\-)[^=]+$ [NC]
RewriteRule (.*) - [F,L]

########## SECURE DIRECTORY BY DISABLING SCRIPT EXECUTION
AddHandler .pl .py .jsp .asp .htm .shtml .sh
Options -ExecCGI

########## PASS THE DEFAULT CHARACTER SET
AddDefaultCharset utf-8

########## DISABLE CACHES AND BROWSERS TO VALIDATE FILES - FORCED TO REPLY ON OUR CACHE-CONTROL AND EXPIRES HEADER
Header unset ETag

########## ONLY ALLOW TO SECURE WHOLE DIRECTORY OR WEBSITE
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

########## PREVENT MIME BASED ATTACKS
Header set X-Content-Type-Options "nosniff"

########## SET XSS PROTECTION HEADER
Header set X-XSS-Protection "1; mode=block"

########## DONT ALLOW ANY PAGES TO BE FRAMED - older browsers - CSRF AND CLICKJACKING PROTECTION
Header set X-Frame-Options "DENY"

########## OPENS SUPPORT TO OLDER BROWSERS THAT SUPPORT X-Content-Security-Policy BUT NOT Content-Security-Policy
Header unset X-Content-Security-Policy
# Header add X-Content-Security-Policy "default-src 'self'"

########## ONLY ALLOW JAVASCRIPT FROM SAME DOMAIN TO BE RUN - DONT ALLOW INLINE JAVASCRIPT TO BE RUN
Header set X-Content-Security-Policy "default-src 'self';"

Header always set Referrer-Policy "no-referrer"

Header always set Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; usb 'none'"

########## SMART ASS COMMENT TO THOSE INVESTIGATING OR ATTEMPTING TO HACK SITE
Header set X-Now-I-See-You "Come on, Robin. To the Bat Cave! There is not a moment to lose!"
Header set X-I-Want-You "Be smart and join the fun! Email us and get your dream job"
Header set X-Lurker "Careful, Robin. Both hands on the Bat-rope :)"
<IfModule mod_headers.c>
Header always unset Server
Header unset Server
Header set Server "Gotham"
Header always unset X-Powered-By
Header unset X-Powered-By
Header set X-Powered-By "Bat Cave"
Header unset X-CF-Powered-By
Header unset X-Mod-Pagespeed
Header unset X-Pingback
</IfModule>

########## MITIGATE SLOW HTTP DOS ATTACKS
<IfModule mod_reqtimeout.c>
  RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>
<IfModule mod_qos.c>
   ########## HANDLE CONNECTIONS OF UP TO 100000 UNIQUE IPs
   QS_ClientEntries 100000
   ########## ALLOW ONLY 50 CONNECTIONS PER IP
   QS_SrvMaxConnPerIP 50
   ########## LIMIT MAX NUMBER OF ACTIVE TCP CONNECTIONS TO 256
   MaxClients 256
   ########## DISABLES KEEP-ALIVE WHEN 180 TCP CONNECTIONS ARE COPIED
   QS_SrvMaxConnClose 180
   ########## MIN REQUEST OR RESPONSE SPEED - DENY SLOW CLIENTS BLOCKING THE SERVER AND KEEP CONNECTIONS OPEN WITHOUT REQUESTING ANYTHING
   QS_SrvMinDataRate 150 1200
</IfModule>

########## SECURE FILE UPLOAD BY ONLY ALLOWING EXTENSIONS
# deny from all
<Files ~ "^w+.(gif|jpe?g|png|pdf)$">
order deny,allow
allow from all
</Files>
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php56” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php56 .php .php5 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit