Edan Power
Contact
Edan Power
Blog Speak to an Expert
Find Us

Our Locations

Discover our offices and service centers across the UK. Visit us for expert energy solutions and personalized consultations.

No locations found. Check back soon for updates!

######################################################## # LARAVEL PRODUCTION .HTACCESS # Optimized for: Security, Performance & Functionality ######################################################## # Disable server signature for security ServerSignature Off # Enable rewrite engine RewriteEngine On RewriteBase / ######################################################## # 1. PUBLIC STORAGE ACCESS (Must be FIRST) ######################################################## # Serve files from storage/app/public/ when accessed via /storage/ RewriteCond %{REQUEST_URI} ^/storage/(.*)$ [NC] RewriteCond %{DOCUMENT_ROOT}/storage/app/public/%1 -f RewriteRule ^storage/(.*)$ storage/app/public/$1 [L] ######################################################## # 2. SECURITY: BLOCK SENSITIVE FILES ######################################################## # Environment files RewriteRule ^\.env - [F,L,NC] RewriteRule ^\.env\. - [F,L,NC] RewriteRule ^\.htaccess$ - [F,L,NC] RewriteRule ^\.htpasswd$ - [F,L,NC] # Git & Version Control RewriteRule ^\.git - [F,L,NC] RewriteRule ^\.gitignore - [F,L,NC] RewriteRule ^\.gitattributes - [F,L,NC] # Composer & NPM files RewriteRule ^composer\.(json|lock)$ - [F,L,NC] RewriteRule ^package(-lock)?\.json$ - [F,L,NC] RewriteRule ^yarn\.lock$ - [F,L,NC] RewriteRule ^npm-shrinkwrap\.json$ - [F,L,NC] # Laravel specific files RewriteRule ^artisan$ - [F,L,NC] RewriteRule ^server\.php$ - [F,L,NC] RewriteRule ^webpack\.mix\.js$ - [F,L,NC] RewriteRule ^vite\.config\.js$ - [F,L,NC] # Config & XML files RewriteRule ^phpunit\.xml$ - [F,L,NC] RewriteRule ^\.editorconfig$ - [F,L,NC] RewriteRule ^\.styleci\.yml$ - [F,L,NC] ######################################################## # 3. SECURITY: BLOCK CORE DIRECTORIES ######################################################## RewriteRule ^app/ - [F,L,NC] RewriteRule ^bootstrap/ - [F,L,NC] RewriteRule ^config/ - [F,L,NC] RewriteRule ^database/ - [F,L,NC] RewriteRule ^resources/ - [F,L,NC] RewriteRule ^routes/ - [F,L,NC] RewriteRule ^vendor/ - [F,L,NC] RewriteRule ^tests/ - [F,L,NC] RewriteRule ^node_modules/ - [F,L,NC] # Block storage except public (backup protection) RewriteCond %{REQUEST_URI} ^/storage/ [NC] RewriteCond %{REQUEST_URI} !^/storage/app/public/ [NC] RewriteRule ^storage/ - [F,L] ######################################################## # 4. HANDLE AUTHORIZATION HEADERS ######################################################## RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteCond %{HTTP:X-XSRF-Token} . RewriteRule .* - [E=HTTP_X_XSRF_TOKEN:%{HTTP:X-XSRF-Token}] ######################################################## # 5. REDIRECT TO PUBLIC FOLDER ######################################################## # Don't rewrite if already in public RewriteCond %{REQUEST_URI} !^/public/ # Don't rewrite actual files/directories in root (if any) RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # Redirect everything to public RewriteRule ^(.*)$ public/$1 [L] ######################################################## # 6. BLOCK HIDDEN FILES & DIRECTORIES ######################################################## Order allow,deny Deny from all # Block access to backup and temp files Order allow,deny Deny from all ######################################################## # 7. MIME TYPES & CHARSET ######################################################## AddDefaultCharset UTF-8 # Ensure proper MIME types AddType application/javascript .js AddType text/css .css AddType image/webp .webp AddType image/svg+xml .svg AddType application/font-woff2 .woff2 AddType application/font-woff .woff AddType application/x-font-ttf .ttf ######################################################## # 8. PERFORMANCE: COMPRESSION (GZIP) ######################################################## # Compress HTML, CSS, JavaScript, Text, XML and fonts AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/vnd.ms-fontobject AddOutputFilterByType DEFLATE application/x-font AddOutputFilterByType DEFLATE application/x-font-opentype AddOutputFilterByType DEFLATE application/x-font-otf AddOutputFilterByType DEFLATE application/x-font-truetype AddOutputFilterByType DEFLATE application/x-font-ttf AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE font/opentype AddOutputFilterByType DEFLATE font/otf AddOutputFilterByType DEFLATE font/ttf AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE image/x-icon AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml # Remove browser bugs BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html Header append Vary User-Agent ######################################################## # 9. PERFORMANCE: BROWSER CACHING ######################################################## ExpiresActive On ExpiresDefault "access plus 1 month" # Images ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/webp "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType image/x-icon "access plus 1 year" # CSS & JavaScript ExpiresByType text/css "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType text/javascript "access plus 1 month" # Fonts ExpiresByType font/ttf "access plus 1 year" ExpiresByType font/otf "access plus 1 year" ExpiresByType font/woff "access plus 1 year" ExpiresByType font/woff2 "access plus 1 year" ExpiresByType application/font-woff "access plus 1 year" ExpiresByType application/font-woff2 "access plus 1 year" # Documents ExpiresByType application/pdf "access plus 1 month" ExpiresByType text/html "access plus 1 hour" # Cache control headers Header set Cache-Control "public, max-age=31536000, immutable" Header set Cache-Control "public, max-age=2592000" # Remove X-Powered-By header Header unset X-Powered-By Header always unset X-Powered-By ######################################################## # 10. SECURITY HEADERS ######################################################## # X-Frame-Options: Prevent clickjacking Header always set X-Frame-Options "SAMEORIGIN" # X-Content-Type-Options: Prevent MIME sniffing Header always set X-Content-Type-Options "nosniff" # X-XSS-Protection: Legacy XSS protection Header always set X-XSS-Protection "1; mode=block" # Referrer-Policy: Control referrer information Header always set Referrer-Policy "strict-origin-when-cross-origin" # Permissions-Policy: Restrict browser features Header always set Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=()" ######################################################## # 11. PHP SETTINGS (cPanel Shared Hosting) ######################################################## php_flag display_errors Off php_flag log_errors On php_value error_log logs/php_error.log php_value memory_limit 512M php_value upload_max_filesize 64M php_value post_max_size 64M php_value max_execution_time 120 php_value max_input_time 120 php_value max_input_vars 3000 php_flag session.cookie_httponly On php_flag session.cookie_secure On php_flag session.use_only_cookies On php_flag display_errors Off php_flag log_errors On php_value error_log logs/php_error.log php_value memory_limit 512M php_value upload_max_filesize 64M php_value post_max_size 64M php_value max_execution_time 120 ######################################################## # 12. DISABLE DIRECTORY BROWSING ######################################################## Options -Indexes ######################################################## # 13. PREVENT ACCESS TO SPECIFIC FILE TYPES ######################################################## Order allow,deny Deny from all