# ReWrite Regeln für hyrarchische Seitenstruktur
  # CMSms
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.+)$ index.php?page=$1 [QSA]
# RewriteRule ^(.+).htm$ index.php?page=$1 [QSA]


# Beginn CMSMS Security Einstellungen.
# Directory Browsing abschalten
Options -Indexes


# Zugriff auf config.php verbieten.

<Files ~ "config.php|CHANGELOG.txt">
    order allow,deny
    deny from all
    </Files>

    <Files ~ "tinyconfig.php">
    order allow,deny
    allow from all
    </Files>

# No sense advertising what we are running
ServerSignature Off

# Spambots nach User_agent aussperren
RewriteCond %{HTTP_USER_AGENT} ^.*Whacker.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*FileHound.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*TurnitinBot.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*JoBo.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*adressendeutschland.*$
RewriteRule ^.* - [F]

# 1. unterbindet, das fremde Seiten geladen werden
RewriteCond %{QUERY_STRING} ^(.*)=http://(.*) [OR]

# 2. blockiert libwww (Ausgangspunkt für diverse Hackversuche)
RewriteCond %{HTTP_USER_AGENT} ^libwww [OR]

# Blockiert Skripte, die versuchen, base64 encodierten Unsinn via URL zu versenden
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]

# Blockiert Skripte, die einen a ********** Tag in der URL enthalten
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

# Blockiert Skripte, die versuchen, PHP GLOBALS Variablen via URL zu verändern
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]


# PageSpeed Optimierungen

# Disable ETags
Header unset ETag
FileEtag None


<IfModule mod_deflate.c>
# Apache Modul zum Komprimieren der Text-Dateien (CSS/HTML/JS)
AddOutputFilterByType DEFLATE text/html text/css text/plain text/xml image/gif image/jpeg image/png application/x-javascript application/json
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png|ico|flv|swf|mpg|mpeg)$ no-gzip dont-vary
Header append Vary Accept-Encoding
</IfModule>

# Apache Modul fürs Cachen von Dateien
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/html "access plus 2 hours"
ExpiresByType text/css "access plus 2 hours"
ExpiresByType text/js "access plus 2 hours"
ExpiresByType text/x-js "access plus 2 hours"
ExpiresByType text/javascript "access plus 2 hours"
ExpiresByType text/xml "access plus 2 hours"
ExpiresByType image/gif "access plus 1 years"
ExpiresByType image/jpg "access plus 1 years"
ExpiresByType image/jpeg "access plus 1 years"
ExpiresByType image/png "access plus 1 years"
ExpiresByType image/ico "access plus 1 years"
ExpiresByType audio/mpeg "access plus 1 years"
ExpiresByType application/javascript "access plus 2 hours"
ExpiresByType text/js "access plus 2 hours"
ExpiresByType application/x-javascript "access plus 2 hours"
ExpiresByType text/x-js "access plus 2 hours"
ExpiresByType application/pdf "access plus 2 hours"
ExpiresByType application/xml "modification plus 2 hours"
ExpiresByType application/x-shockwave-flash "access plus 2 hours"
</IfModule>

<IfModule mod_headers.c>
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>

<FilesMatch "\.(js|xml|txt)$">
Header set Cache-Control "max-age=2678400, private"
</FilesMatch>
</IfModule>

<FilesMatch "backup-.*(?=-files)-files-[\d_]+\.zip|backup-.*(?=-db-)-db-[\w+-[\d_]+\.gz">
order deny,allow
deny  from all
</FilesMatch>

<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
AuthName "MySQLDumper"
AuthType Basic
AuthUserFile "/home/name/public_html/mysqldumper/.htpasswd"
require valid-user