/
etc
/
apache2
/
sites-enabled
/
Upload FileeE
HOME
# ========================= # HTTP (port 80) # ========================= <VirtualHost *:80> ServerName uaetiming.com ServerAlias www.uaetiming.com DocumentRoot /var/www/html/uaetiming.com ErrorLog /var/log/apache2/uaetiming.com.error.log CustomLog /var/log/apache2/uaetiming.com.access.log combined # ====== PHP-FPM Handler ====== <FilesMatch "\.php$"> SetHandler "proxy:unix:/run/php/php8.3-uaetiming.com-fpm.sock|fcgi://localhost/" </FilesMatch> # ====== Blokir file sensitif ====== <FilesMatch "\.(log|ini|env|bak|conf|sql|sh|git|htaccess)$"> Require all denied </FilesMatch> # ====== Blokir direktori yang tidak boleh diakses ====== <DirectoryMatch "^/.*/(\.git|backup|logs|tmp|private)/"> Require all denied </DirectoryMatch> # ====== Nonaktifkan override (hindari .htaccess backdoor) ====== <Directory /var/www/html/uaetiming.com> AllowOverride All Options -Indexes -ExecCGI -FollowSymLinks Require all granted </Directory> # ====== Redirect semua HTTP → HTTPS ====== RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=301] </VirtualHost> # ========================= # HTTPS (port 443) # ========================= <IfModule mod_ssl.c> <VirtualHost *:443> ServerName uaetiming.com ServerAlias www.uaetiming.com DocumentRoot /var/www/html/uaetiming.com ErrorLog /var/log/apache2/uaetiming.com.error.log CustomLog /var/log/apache2/uaetiming.com.access.log combined # ====== SSL Configuration ====== Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/uaetiming.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/uaetiming.com/privkey.pem # ====== PHP-FPM ====== <FilesMatch "\.php$"> SetHandler "proxy:unix:/run/php/php8.3-uaetiming.com-fpm.sock|fcgi://localhost/" </FilesMatch> # ====== Security Headers ====== <IfModule mod_headers.c> Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header always set X-XSS-Protection "1; mode=block" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()" Header always set Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self';" </IfModule> # ====== Disable directory listing & .htaccess ====== <Directory /var/www/html/uaetiming.com> AllowOverride All Options Indexes FollowSymLinks Require all granted </Directory> # ====== Block file types & hidden files ====== <FilesMatch "\.(log|ini|env|bak|conf|sql|sh|git|htaccess)$"> Require all denied </FilesMatch> <DirectoryMatch "^/.*/(\.git|backup|logs|tmp|private)/"> Require all denied </DirectoryMatch> # ====== Limit request size (anti upload exploit) ====== LimitRequestBody 10485760 # ====== Timeout settings (optional) ====== Timeout 60 </VirtualHost> </IfModule>