ErrorDocument 404 /404.php

RewriteEngine on
RewriteBase /
Options +FollowSymLinks

Order deny,allow
Deny from RU

#
# Redirect to index.php only on www.phpformbuilder.pro or localhost
#

RewriteCond %{HTTP_HOST} ^www\.phpformbuilder.pro$ [OR]
RewriteCond %{HTTP_HOST} ^phpformbuilder$ [NC]
RewriteRule ^index.html$ /index.php [QSA,L]
Redirect 301 /drag-n-drop-form-generator/index.php https://www.phpformbuilder.pro/drag-n-drop-form-builder/index.php
Redirect 301 /drag-n-drop-form-builder/index.html https://www.phpformbuilder.pro/drag-n-drop-form-builder/index.php

Redirect 301 /documentation/jquery-plugins.php https://www.phpformbuilder.pro/documentation/javascript-plugins.php
Redirect 301 /documentation/db-help.php https://www.powerlitepdo.com/
Redirect 301 /documentation/php-pdo-database-class.php https://www.powerlitepdo.com/

# Exclude requests with a query string from redirection
RewriteCond %{QUERY_STRING} ^$
# Redirect requests from /templates/index.php/anything to /templates/index.php, if there's no query string
RewriteCond %{REQUEST_URI} ^/templates/index\.php/.+$
RewriteRule ^templates/index\.php/.* /templates/index.php? [R=301,L]

# Redirect Russians to https://www.amnesty.org on POST
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{ENV:IP2LOCATION_COUNTRY_SHORT} ^RU$
RewriteRule ^(.*)$ https://www.phpformbuilder.pro/russian-redirection.php [L]

<IfModule mod_brotli.c>
    AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
</IfModule>

<IfModule pagespeed_module>
    Modpagespeed Off
</IfModule>

# <IfModule mod_rewrite.c>
# block facebook crawler
#   RewriteEngine On
#   RewriteCond %{HTTP_USER_AGENT} facebookexternalhit [NC]
#   RewriteRule ^ - [F,L]
# </IfModule>

# -----------
# Pagespeed admin
# -----------
# <Directory "/home/phpformbuilder/public_html/pagespeed_admin">
# Order Deny,Allow
# Deny from all
# allow from 88.161.164.39
# </Directory>
# -----------
# WEBP images
# -----------

<IfModule mod_setenvif.c>
  # Vary: Accept for all the requests to jpeg and png
  SetEnvIf Request_URI "\.(jpg|jpeg|png)$" REQUEST_image
</IfModule>

<IfModule mod_rewrite.c>

  # Check if browser supports WebP images
  RewriteCond %{HTTP_ACCEPT} image/webp

  RewriteCond %{REQUEST_URI} !/admin
  RewriteCond %{REMOTE_ADDR} !127.0.0.1

  # Serve WebP image instead
  RewriteRule ^(.*)\.(jpg|jpeg|png)$ webp_generator.php?file=$1&ext=$2 [NC,L]
</IfModule>

<IfModule mod_headers.c>
  #Header append Vary Accept env=REQUEST_image
  SetEnvIf REDIRECT_accept 1 accept=1
  Header append Vary Accept env=accept
</IfModule>

<IfModule mod_mime.c>
  AddType image/webp .webp
</IfModule>

# ----------------------------------------------------------------------
# Force Download of files
# ----------------------------------------------------------------------

<FilesMatch "\.(?i:docx)$">
  ForceType application/octet-stream
  Header set Content-Disposition attachment
</FilesMatch>
<FilesMatch "\.(?i:doc)$">
  ForceType application/octet-stream
  Header set Content-Disposition attachment
</FilesMatch>
<FilesMatch "\.(?i:pdf)$">
  ForceType application/octet-stream
  Header set Content-Disposition attachment
</FilesMatch>

# ----------------------------------------------------------------------
# Content-Security-Policy
# ----------------------------------------------------------------------

<IfModule mod_headers.c>
  Header set Content-Security-Policy "default-src 'self' ; img-src 'self' data: https://www.miglisoft.com *.google-analytics.com *.tawk.to *.googleusercontent.com *.ggpht.com *.ytimg.com *.hardenize.com; style-src 'self' 'unsafe-inline' *.envato-static.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com https://cdn.jsdelivr.net *.tawk.to https://hcaptcha.com https://*.hcaptcha.com https://*.altcha.org; font-src 'self' *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com https://cdn.jsdelivr.net data: *.gstatic.com *.tawk.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.bootstrapcdn.com *.google.com *.gstatic.com https://ipinfo.io/ *.jquery.com https://cdn.jsdelivr.net https://hcaptcha.com https://*.hcaptcha.com *.facebook.net *.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.youtube.com *.doubleclick.net *.tawk.to *.tailwindcss.com; child-src 'self' *.phpcrudgenerator.com *.codecanyon.net *.moz.com *.google.com *.youtube.com *.facebook.com; object-src *.youtube.com; connect-src 'self' https://www.amnesty.org https://ipinfo.io *.youtube.com https://www.google-analytics.com *.tawk.to wss://*.tawk.to https://hcaptcha.com https://*.hcaptcha.com https://*.altcha.org; frame-src 'self' https://www.google.com https://hcaptcha.com https://*.hcaptcha.com; worker-src 'self' blob:"
  Header set X-Content-Type-Options nosniff
  Header always edit Set-Cookie (.*) "$1; HTTPOnly"
  Header always edit Set-Cookie (.*) "$1; Secure"
  Header set X-XSS-Protection "1; mode=block"
  Header set Access-Control-Allow-Origin https://cdpn.io
  Header set Access-Control-Allow-Credentials true
</IfModule>

# ----------------------------------------------------------------------
# CORS-enabled images (@crossorigin)
# ----------------------------------------------------------------------

# Send CORS headers if browsers request them; enabled by default for images.
# developer.mozilla.org/en/CORS_Enabled_Image
# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
# wiki.mozilla.org/Security/Reviews/crossoriginAttribute

<IfModule mod_setenvif.c>
  <IfModule mod_headers.c>
    # mod_headers, y u no match by Content-Type?!
    <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|ttf|woff|woff2|webp)$">
      SetEnvIf Origin ":" IS_CORS
      Header set Access-Control-Allow-Origin "*" env=IS_CORS
    </FilesMatch>
  </IfModule>
</IfModule>

# ----------------------------------------------------------------------
# Proper MIME type for all files
# ----------------------------------------------------------------------

# JavaScript
#   Normalize to standard type (it's sniffed in IE anyways)
#   tools.ietf.org/html/rfc4329#section-7.2
AddType application/javascript         js jsonp
AddType application/json               json

# Audio
AddType audio/ogg                      oga ogg
AddType audio/mp4                      m4a f4a f4b

# Video
AddType video/ogg                      ogv
AddType video/mp4                      mp4 m4v f4v f4p
AddType video/webm                     webm
AddType video/x-flv                    flv

# SVG
#   Required for svg webfonts on iPad
#   twitter.com/FontSquirrel/status/14855840545
AddType     image/svg+xml              svg svgz
AddEncoding gzip                       svgz

# Webfonts
AddType application/vnd.ms-fontobject  eot
AddType application/x-font-ttf         ttf ttc
AddType font/opentype                  otf
AddType application/x-font-woff        woff
AddType font/woff2                     woff2

# Assorted types
AddType image/x-icon                        ico
AddType text/cache-manifest                 appcache manifest
AddType text/x-component                    htc
AddType application/xml                     rss atom xml rdf
AddType application/x-chrome-extension      crx
AddType application/x-opera-extension       oex
AddType application/x-xpinstall             xpi
AddType application/octet-stream            safariextz
AddType application/x-web-app-manifest+json webapp
AddType text/x-vcard                        vcf
AddType application/x-shockwave-flash       swf
AddType text/vtt                            vtt

# ----------------------------------------------------------------------
# Gzip compression
# ----------------------------------------------------------------------

<IfModule mod_deflate.c>
  # Compress HTML, CSS, JavaScript, Text, XML and fonts
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-font-woff
  AddOutputFilterByType DEFLATE font/opentype
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE font/woff2
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml

  # Remove browser bugs (only needed for really old browsers)
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  Header append Vary User-Agent
</IfModule>

# ----------------------------------------------------------------------
# Expires headers (for better cache control)
# ----------------------------------------------------------------------

# These are pretty far-future expires headers.
# They assume you control versioning with filename-based cache busting
# Additionally, consider that outdated proxies may miscache
#   www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/

# If you don't use filenames to version, lower the CSS and JS to something like
# "access plus 1 week".

<IfModule mod_expires.c>
  ExpiresActive on

# Perhaps better to whitelist expires rules? Perhaps.
  ExpiresDefault                          "access plus 1 year"

# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
  ExpiresByType text/cache-manifest       "access plus 0 seconds"

# Your document html
  ExpiresByType text/html                 "access plus 0 seconds"

# Data
  ExpiresByType text/xml                  "access plus 0 seconds"
  ExpiresByType application/xml           "access plus 0 seconds"
  ExpiresByType application/json          "access plus 0 seconds"

# Feed
  ExpiresByType application/rss+xml       "access plus 1 hour"
  ExpiresByType application/atom+xml      "access plus 1 hour"

# Favicon (cannot be renamed)
  ExpiresByType image/x-icon              "access plus 1 week"

# Media: images, video, audio
  ExpiresByType image/gif                 "access plus 1 year"
  ExpiresByType image/png                 "access plus 1 year"
  ExpiresByType image/jpeg                "access plus 1 year"
  ExpiresByType video/ogg                 "access plus 1 year"
  ExpiresByType audio/ogg                 "access plus 1 year"
  ExpiresByType video/mp4                 "access plus 1 year"
  ExpiresByType video/webm                "access plus 1 year"
  ExpiresByType image/svg+xml             "access plus 1 year"

# HTC files  (css3pie)
  ExpiresByType text/x-component          "access plus 1 year"

# Webfonts
  ExpiresByType application/x-font-ttf    "access plus 1 year"
  ExpiresByType font/opentype             "access plus 1 year"
  ExpiresByType application/x-font-woff   "access plus 1 year"
  ExpiresByType font/woff2                "access plus 1 year"
  ExpiresByType image/svg+xml             "access plus 1 year"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 year"

# CSS and JavaScript
  ExpiresByType text/css                  "access plus 1 year"
  ExpiresByType text/javascript           "access plus 1 year"

</IfModule>

# ----------------------------------------------------------------------
# Cache-Control Headers
# ----------------------------------------------------------------------

<IfModule mod_headers.c>
  <FilesMatch "\.(ico|jpe?g|png|gif|swf|css|gz|svg)$">
    Header set Cache-Control "max-age=2592000, public"
  </FilesMatch>
  <FilesMatch "\.(js)$">
    Header set Cache-Control "max-age=2592000, private"
  </FilesMatch>
  <filesMatch "\.(html|htm)$">
    Header set Cache-Control "max-age=7200, public"
  </filesMatch>
  <FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
    Header unset Cache-Control
  </FilesMatch>
</IfModule>

# ----------------------------------------------------------------------
# force https + "www." at the beginning of URLs
# ----------------------------------------------------------------------

<IfModule mod_rewrite.c>
  RewriteCond %{REMOTE_ADDR} !127.0.0.1
  RewriteCond %{HTTP_HOST} !^www\.(.+)$ [NC]
  RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  RewriteEngine On
  RewriteCond %{REMOTE_ADDR} !127.0.0.1
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301]
</IfModule>


# ----------------------------------------------------------------------
# Prevent 404 errors for non-existing redirected folders
# ----------------------------------------------------------------------

# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the
# same name does not exist.
# webmasterworld.com/apache/3808792.htm

Options -MultiViews

# ----------------------------------------------------------------------
# UTF-8 encoding
# ----------------------------------------------------------------------

# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8

# Force UTF-8 for a number of file formats
AddCharset utf-8 .atom .css .js .json .rss .vtt .xml


# ----------------------------------------------------------------------
# A little more security
# ----------------------------------------------------------------------

# deny htaccess files
<Files ~ "^.*\.([Hh][Tt][Aa])">
 order allow,deny
 deny from all
 satisfy all
</Files>

# To avoid displaying the exact version number of Apache being used, add the
# following to httpd.conf (it will not work in .htaccess):
# ServerTokens Prod

# "-Indexes" will have Apache block users from browsing folders without a
# default document Usually you should leave this activated, because you
# shouldn't allow everybody to surf through every folder on your server (which
# includes rather private places like CMS system folders).
<IfModule mod_autoindex.c>
  Options -Indexes
</IfModule>

# Block access to "hidden" directories or files whose names begin with a
# period. This includes directories used by version control systems such as
# Subversion or Git.
<IfModule mod_rewrite.c>
  RewriteCond %{SCRIPT_FILENAME} -d [OR]
  RewriteCond %{SCRIPT_FILENAME} -f
  RewriteRule "(^|/)\." - [F]
</IfModule>

# Block access to backup and source files. These files may be left by some
# text/html editors and pose a great security danger, when anyone can access
# them.
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
  Order allow,deny
  Deny from all
  Satisfy All
</FilesMatch>

# Increase cookie security
<IfModule php5_module>
  #php_value session.cookie_httponly 1
  #php_value session.cookie_secure 1
</IfModule>

# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php7_module>
   php_flag display_errors On
   php_value max_execution_time 300
   php_value max_input_time 600
   php_value max_input_vars 10000
   php_value memory_limit 256M
   php_value post_max_size 64M
   php_value session.gc_maxlifetime 1440
   php_value upload_max_filesize 64M
   php_flag zlib.output_compression On
</IfModule>
<IfModule lsapi_module>
   php_flag display_errors On
   php_value max_execution_time 300
   php_value max_input_time 600
   php_value max_input_vars 10000
   php_value memory_limit 256M
   php_value post_max_size 64M
   php_value session.gc_maxlifetime 1440
   php_value upload_max_filesize 64M
   php_flag zlib.output_compression On
</IfModule>
# END cPanel-generated php ini directives, do not edit


# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php82” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php82 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php8_module>
   php_flag display_errors On
   php_value max_execution_time 300
   php_value max_input_time 600
   php_value max_input_vars 10000
   php_value memory_limit 256M
   php_value post_max_size 64M
   php_value session.gc_maxlifetime 1440
   php_value upload_max_filesize 64M
   php_flag zlib.output_compression On
</IfModule>
<IfModule lsapi_module>
   php_flag display_errors On
   php_value max_execution_time 300
   php_value max_input_time 600
   php_value max_input_vars 10000
   php_value memory_limit 256M
   php_value post_max_size 64M
   php_value session.gc_maxlifetime 1440
   php_value upload_max_filesize 64M
   php_flag zlib.output_compression On
</IfModule>
# END cPanel-generated php ini directives, do not edit
