HEX
Server: LiteSpeed
System: Linux s3.sitechai.com 4.18.0-553.51.1.lve.1.el8.x86_64 #1 SMP Wed May 14 14:34:57 UTC 2025 x86_64
User: workzeni (2217)
PHP: 8.1.32
Disabled: mail, show_source, system, shell_exec, passthru, exec, eval, shell
$ pwd: /home/workzeni/stream-flix.workzenix.com/public/
Upload Files
File: /home/workzeni/stream-flix.workzenix.com/public/.htaccess
# <IfModule mod_rewrite.c>
#     <IfModule mod_negotiation.c>
#         Options -MultiViews -Indexes
#     </IfModule>

#     RewriteEngine On

#     # Handle Authorization Header
#     RewriteCond %{HTTP:Authorization} .
#     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

#     # Handle X-XSRF-Token Header
#     RewriteCond %{HTTP:x-xsrf-token} .
#     RewriteRule .* - [E=HTTP_X_XSRF_TOKEN:%{HTTP:X-XSRF-Token}]

#     # Redirect Trailing Slashes If Not A Folder...
#     RewriteCond %{REQUEST_FILENAME} !-d
#     RewriteCond %{REQUEST_URI} (.+)/$
#     RewriteRule ^ %1 [L,R=301]

#     # Send Requests To Front Controller...
#     RewriteCond %{REQUEST_FILENAME} !-d
#     RewriteCond %{REQUEST_FILENAME} !-f
#     RewriteRule ^ index.php [L]
# </IfModule>

# new

# Disable directory listing
Options -Indexes

# --- Deny directory-only access to /hash_uploads ---
# If the request URI is exactly /hash_uploads or /hash_uploads/ return 403
RewriteEngine On


RewriteCond %{REQUEST_URI} ^/hash_uploads/?$ [NC]
RewriteRule ^ - [F]

# --- Prevent executing PHP files in uploads (safety) ---
<IfModule mod_php7.c>
    <FilesMatch "^(.*\.php)$">
        Require all denied
    </FilesMatch>
</IfModule>
<IfModule mod_php.c>
    <FilesMatch "^(.*\.php)$">
        Require all denied
    </FilesMatch>
</IfModule>

# If running Apache 2.2, fallback (older):
<IfModule !mod_authz_core.c>
    <FilesMatch "^(.*\.php)$">
        Order allow,deny
        Deny from all
    </FilesMatch>
</IfModule>

# --- Basic security headers (optional but recommended) ---
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
    # Content-Security-Policy is powerful — add only after testing your app.
    # Header set Content-Security-Policy "default-src 'self';"
</IfModule>

# --- Laravel default rewrite (keep after our short-circuit rules) ---
# (Keep the rest of the standard Laravel rewrite rules below)
<IfModule mod_rewrite.c>
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
@ Telegram