ServerName www.z1rhelmets.com ServerAlias z1r.com ServerAlias z1rhelmets.com ServerAlias www.z1rapparel.com ServerAlias z1rapparel.com ServerAlias z1r-clothing.com ServerAlias www.z1r-clothing.com ServerAlias z1r-apparel.com www.z1r-apparel.com DocumentRoot /var/www/z1rwp RewriteEngine On RewriteRule ^/?(.*) https://www.z1r.com/$1 [L,R=301,NE] ServerName www.z1r.com DocumentRoot /var/www/z1rwp Header set Access-Control-Allow-Origin "*" #WP Site Configuration Include "/var/www/configs/z1rwp/z1r-var.conf" SetEnv WP_SITEURL "https://www.z1r.com" SetEnv WP_HOME "https://www.z1r.com" SetEnv WPENV "prod" SetEnv WPSVCENV prd SetEnv MEDIATOR_PATH "http://clst-camel/mediator-service/dm/11/" SetEnv NEW_MEDIATOR_PATH "http://clst-camel/mediator-service/api/v1/dm/11/" SetEnv WPDBHOST prd-mariadb01vm.lemanscorp.com #END WP Site Configuration Options -Indexes +FollowSymLinks #AllowOverride all Require all granted ##Wordpress base rewrite rule to enable page slugs RewriteEngine On RewriteRule ^svc/subscribe_newsletter http://clst-camel/mediator-service/api/v1/dm/11/domain/11/form/z1r_newsletter/submit [P,L] # XSS protection RewriteCond %{QUERY_STRING} (\<|%3C).*(script|iframe|object).*(\>|%3E) [NC] RewriteRule ^(.*)$ /index.php [R,L,QSD] # Cross-site Tracing protection RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* / [F,R,QSD] RewriteCond %{REQUEST_URI} ^/wp-content/uploads.* RewriteCond %{QUERY_STRING} ^..*$ RewriteRule ^wp-content/uploads(.*) http://asset.lemanscorp.com/wp/z1r/wp-content/uploads$1 [P,L] # Pathing for WP API and Admin RewriteRule ^(wp-json.*) /index.php/$1 [L] RewriteRule ^wp-admin/admin-ajax.php.* wp-admin/admin-ajax.php [QSA,L] RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.html [L] # Ref. for the following rule: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection Header set X-XSS-Protection "1; mode=block" # Ref. for the following rule: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Frame-Options Header always append X-Frame-Options SAMEORIGIN # Ref. for the following rule: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Content-Type-Options Header set X-Content-Type-Options nosniff ProxyPass http://clst-camel/mediator-service/dm/11/ps Require all granted Require all denied Require all granted Require all denied Require all granted ServerName www.z1r.com DocumentRoot /var/www/z1rwp SSLEngine On SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on #SSLCACertificateFile /etc/apache2/ssl/certs/DigiCertCA.crt SSLCertificateFile /mnt/sec/prod/letsencrypt/live/z1r.com/fullchain.pem SSLCertificateKeyFile /mnt/sec/prod/letsencrypt/live/z1r.com/privkey.pem Options -Indexes +FollowSymLinks #AllowOverride all Require all granted ##Wordpress base rewrite rule to enable page slugs RewriteEngine On RewriteRule ^svc/subscribe_newsletter http://clst-camel/mediator-service/api/v1/dm/11/domain/11/form/z1r_newsletter/submit [P,L] # XSS protection RewriteCond %{QUERY_STRING} (\<|%3C).*(script|iframe|object).*(\>|%3E) [NC] RewriteRule ^(.*)$ /index.php [R,L,QSD] # Cross-site Tracing protection RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* / [F,R,QSD] RewriteCond %{REQUEST_URI} ^/wp-content/uploads.* RewriteCond %{QUERY_STRING} ^..*$ RewriteRule ^wp-content/uploads(.*) http://asset.lemanscorp.com/wp/z1r/wp-content/uploads$1 [P,L] # Pathing for WP API and Admin RewriteRule ^(wp-json.*) /index.php/$1 [L] RewriteRule ^wp-admin/admin-ajax.php.* wp-admin/admin-ajax.php [QSA,L] RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.html [L] # Ref. for the following rule: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection Header set X-XSS-Protection "1; mode=block" # Ref. for the following rule: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Frame-Options Header always append X-Frame-Options SAMEORIGIN # Ref. for the following rule: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Content-Type-Options Header set X-Content-Type-Options nosniff ProxyPass http://clst-camel/mediator-service/dm/11/ps Require all granted Require all denied Require all granted Require all denied Require all granted