# Apache配置文件 # 用于URL重写和安全设置 # 启用重写引擎 RewriteEngine On # URL重写规则 RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php [QSA,L] # 安全设置 - 禁止访问敏感目录 Order Allow,Deny Deny from all Order Allow,Deny Deny from all Order Allow,Deny Deny from all # 禁止访问敏感文件 Order Allow,Deny Deny from all # 禁止访问隐藏文件 Order Allow,Deny Deny from all # 禁止访问安装文件（安装完成后） Order Allow,Deny Deny from all # 设置默认字符集 AddDefaultCharset UTF-8 # 启用GZIP压缩 AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript # 设置缓存策略 ExpiresActive On ExpiresByType text/css "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/jpg "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/ico "access plus 1 month" ExpiresByType image/icon "access plus 1 month" ExpiresByType text/plain "access plus 1 month" ExpiresByType application/pdf "access plus 1 month" # 安全头设置 Header always set X-Content-Type-Options nosniff Header always set X-Frame-Options DENY Header always set X-XSS-Protection "1; mode=block" Header always set Referrer-Policy "strict-origin-when-cross-origin"