Options All -Indexes
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
#clean URL buat admin
RewriteRule ^cek-forgot-password/ ./model/email-forgot.php [nc]
RewriteRule ^cek-forgot-password-admin/ ./model/email-forgot-admin.php [nc]
RewriteRule ^forgot-password/ ./view/forgot-password.php [nc]
RewriteRule ^register/ ./view/register.php [nc]
RewriteRule ^password-admin/ ./view/forgot-password-admin.php [nc]
RewriteRule ^ceklogin3/ ./model/ceklogin3.php [nc]
RewriteRule ^ceklogin2/ ./model/ceklogin2.php [nc]
RewriteRule ^ceklogin/ ./model/ceklogin.php [nc]
RewriteRule ^login/ index.php [nc]
RewriteRule ^login-admin ./view/login-admin.php [nc]
RewriteRule ^admin/page/(.*) admin.php?page=$1 [nc] 
RewriteRule admin/page/(.*)/(.*) admin.php?page=$1&aksi=$2
RewriteRule page/(.*)/(.*)/(.*) admin.php?page=$1&id=$2&aksi=$3
RewriteRule page/(.*)/(.*) admin.php?page=$1&aksi=$2
RewriteRule page/(.*)/no/(.*) admin.php?page=$1&no_trans=$2
RewriteRule page/(.*)/no/(.*)/(.*) admin.php?page=$1&no_trans=$2&aksi=$3

#akses distributor
RewriteRule ^distributor/mod/(.*) distributor.php?page=$1 [nc] 
RewriteRule mod/(.*)/(.*)/(.*) distributor.php?page=$1&id=$2&aksi=$3
RewriteRule mod/(.*)/(.*) distributor.php?page=$1&aksi=$2
RewriteRule mod/(.*)/no/(.*) distributor.php?page=$1&no_trans=$2
RewriteRule mod/(.*)/wly/(.*) distributor.php?page=$1&wly=$2
RewriteRule mod/(.*)/notrx/(.*)/(.*) distributor.php?page=$1&no_trans=$2&wly=$3
RewriteRule mod/(.*)/no/(.*)/(.*) distributor.php?page=$1&no_trans=$2&aksi=$3
RewriteRule mod/(.*)/resi/(.*)/kurir/(.*) distributor.php?page=$1&noresi=$2&kurir=$3
#proc/self/environ? no way!

RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR]
 ########## Begin - File injection protection, by SigSiu.net

RewriteCond %{REQUEST_METHOD} GET

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]

RewriteRule .* - [F]

########## End - File injection protection
#redirect http to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
<IfModule mod_expires.c>
ExpiresActive On
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|js|css|gif|jpg|jpeg|png|swf)$">
ExpiresDefault A2419200
</FilesMatch>
</IfModule>
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
</IfModule>
<IfModule mod_mime.c>

AddType text/css .css
AddType text/javascript .js
AddType image/jpeg .jpg
AddType image/png .png
AddType image/gif .gif

</IfModule>


# 6G FIREWALL/BLACKLIST
# @ https://perishablepress.com/6g/

# 6G:[QUERY STRING]
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
	RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
	RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
	RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
	RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
	RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
	RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
	RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
	RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC]
	RewriteRule .* - [F]
</IfModule>

# 6G:[REQUEST METHOD]
<IfModule mod_rewrite.c>
	RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
	RewriteRule .* - [F]
</IfModule>




## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 7 days"
</IfModule>
## EXPIRES CACHING ##
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>