The best security configuration file for domains on the server!
Jan 10, 2026
167 views
I will walk you through the best htaccess code to protect the domain from attacks, prevent browsing sensitive files and folders, and allow certain specific settings.
In the FilesMatch line, you can specify your important files in order to protect them.
RewriteEngine On
Options -Indexes
<FilesMatch "\.(php|html|css|js|png|jpg|jpeg|gif|webp|svg|json)$">
Require all granted
</FilesMatch>
<FilesMatch "(\.env|\.htaccess|config\.php|db_credentials\.php|process_order\.php)$">
Require all denied
</FilesMatch>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
</IfModule>
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
In the FilesMatch line, you can specify your important files in order to protect them.
Replies (11)
123
test4
45
657567
--088
Edited by Saleh
•
Feb 12, 2026
at 22:24
685
thx!
thx!
99
3234099
Edited by king
•
Feb 24, 2026
at 02:47
Page 1 of 2
Prev
Next
Join the Conversation
You must be logged in to post a reply and participate.