 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/soundstudiopro.com/private_html/ |
# ══════════════════════════════════════════════════════════════
# SECURITY HEADERS - Added Dec 13, 2025
# ══════════════════════════════════════════════════════════════
<IfModule mod_headers.c>
# Prevent clickjacking - only allow framing from same origin
Header always set X-Frame-Options "SAMEORIGIN"
# Prevent MIME type sniffing
Header always set X-Content-Type-Options "nosniff"
# Control referrer information
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Prevent XSS attacks in older browsers
Header always set X-XSS-Protection "1; mode=block"
# Only send cookies over HTTPS
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>
# ══════════════════════════════════════════════════════════════
# BROWSER CACHING - Performance Optimization
# ══════════════════════════════════════════════════════════════
<IfModule mod_expires.c>
ExpiresActive On
# Default expiration: 1 month
ExpiresDefault "access plus 1 month"
# HTML - no cache (dynamic content)
ExpiresByType text/html "access plus 0 seconds"
# CSS and JavaScript - 1 year
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType text/javascript "access plus 1 year"
# Images - 1 year
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
# Fonts - 1 year
ExpiresByType font/woff "access plus 1 year"
ExpiresByType font/woff2 "access plus 1 year"
ExpiresByType application/font-woff "access plus 1 year"
ExpiresByType application/font-woff2 "access plus 1 year"
ExpiresByType font/ttf "access plus 1 year"
ExpiresByType font/otf "access plus 1 year"
ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
# Audio - NO CACHING (protected content served via PHP)
# Audio files go through play_audio.php which handles access control
</IfModule>
<IfModule mod_headers.c>
# Cache-Control headers for static assets (NOT audio - protected content)
<FilesMatch "\.(css|js|jpg|jpeg|png|gif|webp|svg|ico|woff|woff2|ttf|eot)$">
Header set Cache-Control "public, max-age=31536000, immutable"
</FilesMatch>
# No cache for PHP and HTML
<FilesMatch "\.(php|html)$">
Header set Cache-Control "no-cache, no-store, must-revalidate"
</FilesMatch>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# BLOCK ATTACKER IPs - CRITICAL SECURITY
RewriteCond %{REMOTE_ADDR} ^198\.204\.236\.234$
RewriteRule ^ - [F,L]
RewriteCond %{REMOTE_ADDR} ^162\.248\.77\.100$
RewriteRule ^ - [F,L]
RewriteCond %{REMOTE_ADDR} ^176\.97\.123\.28$
RewriteRule ^ - [F,L]
RewriteCond %{REMOTE_ADDR} ^63\.141\.227\.138$
RewriteRule ^ - [F,L]
RewriteCond %{REMOTE_ADDR} ^198\.181\.40\.166$
RewriteRule ^ - [F,L]
# BLOCK 445367 directory (was used for attacks)
RewriteCond %{REQUEST_URI} ^/445367
RewriteRule ^ - [F,L]
# BLOCK config directory (contains sensitive credentials)
RewriteCond %{REQUEST_URI} ^/config
RewriteRule ^ - [F,L]
# Allow auth directory PHP files
RewriteCond %{REQUEST_URI} ^/auth/.*\.php$
RewriteRule ^ - [L]
# Allow API directory PHP files
RewriteCond %{REQUEST_URI} ^/api/.*\.php$
RewriteRule ^ - [L]
# Allow utils/play_audio.php - CRITICAL for audio playback
RewriteCond %{REQUEST_URI} ^/utils/play_audio\.php
RewriteRule ^ - [L]
# ============================================
# ARTIST/USER PROFILE ROUTING
# ============================================
# Artist profile by ID: /artist/123 -> artist_profile_clean.php?id=123
RewriteRule ^artist/([0-9]+)/?$ artist_profile_clean.php?id=$1 [L,QSA]
# Track page: /track/123 -> track.php?id=123
RewriteRule ^track/([0-9]+)/?$ track.php?id=$1 [L,QSA]
# Crate page: /crate/123 -> crate.php?id=123
RewriteRule ^crate/([0-9]+)/?$ crate.php?id=$1 [L,QSA]
# Username/Custom URL routing: /drumahon -> artist_profile_clean.php?custom_url=drumahon
# Only matches if NOT a file, NOT a directory, and looks like a username (alphanumeric + hyphens)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(api|auth|utils|admin|assets|uploads|radio|config|includes|components|js|css|lang|vendor|migrations|cron|webhooks|hls|studio|cache|database|logs|audio_files|task_results|admin_includes|artist_includes)/
RewriteCond %{REQUEST_URI} !\.php$
RewriteCond %{REQUEST_URI} !\.html$
RewriteCond %{REQUEST_URI} !\.css$
RewriteCond %{REQUEST_URI} !\.js$
RewriteCond %{REQUEST_URI} !\.ico$
RewriteCond %{REQUEST_URI} !\.png$
RewriteCond %{REQUEST_URI} !\.jpg$
RewriteCond %{REQUEST_URI} !\.gif$
RewriteCond %{REQUEST_URI} !\.svg$
RewriteCond %{REQUEST_URI} !\.woff2?$
RewriteCond %{REQUEST_URI} !\.ttf$
RewriteCond %{REQUEST_URI} !\.eot$
RewriteRule ^([a-zA-Z0-9][-a-zA-Z0-9]*)/?$ artist_profile_clean.php?custom_url=$1 [L,QSA]
# ============================================
# DEFAULT ROUTING
# ============================================
# Don't rewrite index.php itself
RewriteRule ^index\.php$ - [L]
# Don't rewrite existing files or directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite everything else to index.php
RewriteRule . /index.php [L]
</IfModule>