Update config files

Author: OSPanel

resources/modules/Apache/conf/errors.conf

@@ -22,22 +22,22 @@
     Include "${SRVROOT}/conf/languages.conf"
 </Directory>
 
-ErrorDocument 400 /_error_pages/400.html%{ENV:_error_lang}
-ErrorDocument 401 /_error_pages/401.html%{ENV:_error_lang}
-ErrorDocument 402 /_error_pages/402.html%{ENV:_error_lang}
-ErrorDocument 403 /_error_pages/403.html%{ENV:_error_lang}
-ErrorDocument 404 /_error_pages/404.html%{ENV:_error_lang}
-ErrorDocument 405 /_error_pages/405.html%{ENV:_error_lang}
-ErrorDocument 408 /_error_pages/408.html%{ENV:_error_lang}
-ErrorDocument 410 /_error_pages/410.html%{ENV:_error_lang}
-ErrorDocument 413 /_error_pages/413.html%{ENV:_error_lang}
-ErrorDocument 414 /_error_pages/414.html%{ENV:_error_lang}
-ErrorDocument 415 /_error_pages/415.html%{ENV:_error_lang}
-ErrorDocument 429 /_error_pages/429.html%{ENV:_error_lang}
-ErrorDocument 431 /_error_pages/431.html%{ENV:_error_lang}
-ErrorDocument 451 /_error_pages/451.html%{ENV:_error_lang}
-ErrorDocument 500 /_error_pages/500.html%{ENV:_error_lang}
-ErrorDocument 501 /_error_pages/501.html%{ENV:_error_lang}
-ErrorDocument 502 /_error_pages/502.html%{ENV:_error_lang}
-ErrorDocument 503 /_error_pages/503.html%{ENV:_error_lang}
-ErrorDocument 504 /_error_pages/504.html%{ENV:_error_lang}
+ErrorDocument 400 /_error_pages/400.html
+ErrorDocument 401 /_error_pages/401.html
+ErrorDocument 402 /_error_pages/402.html
+ErrorDocument 403 /_error_pages/403.html
+ErrorDocument 404 /_error_pages/404.html
+ErrorDocument 405 /_error_pages/405.html
+ErrorDocument 408 /_error_pages/408.html
+ErrorDocument 410 /_error_pages/410.html
+ErrorDocument 413 /_error_pages/413.html
+ErrorDocument 414 /_error_pages/414.html
+ErrorDocument 415 /_error_pages/415.html
+ErrorDocument 429 /_error_pages/429.html
+ErrorDocument 431 /_error_pages/431.html
+ErrorDocument 451 /_error_pages/451.html
+ErrorDocument 500 /_error_pages/500.html
+ErrorDocument 501 /_error_pages/501.html
+ErrorDocument 502 /_error_pages/502.html
+ErrorDocument 503 /_error_pages/503.html
+ErrorDocument 504 /_error_pages/504.html

resources/modules/Apache/conf/snippets/block_hidden_files.conf

@@ -0,0 +1,5 @@
+# Block access to hidden files and folders except .well-known
+
+<FilesMatch "^\.((?!well-known/).)*$">
+    Require all denied
+</FilesMatch>

resources/modules/Apache/conf/snippets/block_sensitive_files.conf

@@ -0,0 +1,5 @@
+# Block access to backup, config, command, and log files
+
+<FilesMatch "\.(bak|conf|config|cnf|ini|inc|log|sh|sql|tar|tgz)$|~$">
+    Require all denied
+</FilesMatch>

resources/modules/Apache/conf/snippets/compression.conf

@@ -0,0 +1,90 @@
+# ======================================================================
+# Dynamic compression only: Brotli + Deflate by Content-Type
+# Correct headers (Vary)
+#
+# Requires: mod_filter; mod_headers; plus mod_brotli and/or mod_deflate
+# ======================================================================
+
+<IfModule mod_filter.c>
+
+  <IfModule mod_brotli.c>
+    BrotliCompressionQuality 3
+    AddOutputFilterByType BROTLI_COMPRESS \
+      text/html \
+      text/css \
+      text/plain \
+      text/csv \
+      text/markdown \
+      text/calendar \
+      text/vcard \
+      text/vtt \
+      text/cache-manifest \
+      text/javascript \
+      text/x-component \
+      application/javascript \
+      application/json \
+      application/ld+json \
+      application/schema+json \
+      application/geo+json \
+      application/xml \
+      application/rdf+xml \
+      application/rss+xml \
+      application/atom+xml \
+      application/xhtml+xml \
+      application/xslt+xml \
+      application/manifest+json \
+      application/x-web-app-manifest+json \
+      application/rtf \
+      application/x-x509-ca-cert \
+      application/wasm \
+      image/svg+xml \
+      application/vnd.ms-fontobject \
+      font/ttf \
+      font/collection \
+      font/otf
+  </IfModule>
+
+  <IfModule mod_deflate.c>
+    DeflateCompressionLevel 3
+    AddOutputFilterByType DEFLATE \
+      text/html \
+      text/css \
+      text/plain \
+      text/csv \
+      text/markdown \
+      text/calendar \
+      text/vcard \
+      text/vtt \
+      text/cache-manifest \
+      text/javascript \
+      text/x-component \
+      application/javascript \
+      application/json \
+      application/ld+json \
+      application/schema+json \
+      application/geo+json \
+      application/xml \
+      application/rdf+xml \
+      application/rss+xml \
+      application/atom+xml \
+      application/xhtml+xml \
+      application/xslt+xml \
+      application/manifest+json \
+      application/x-web-app-manifest+json \
+      application/rtf \
+      application/x-x509-ca-cert \
+      application/wasm \
+      image/svg+xml \
+      application/vnd.ms-fontobject \
+      font/ttf \
+      font/collection \
+      font/otf
+  </IfModule>
+
+</IfModule>
+
+<IfModule mod_headers.c>
+  <FilesMatch "\.(html?|css|js|mjs|json|xml|svg|txt|csv|map|webmanifest|vtt|wasm|eot|ttf|otf)$">
+    Header merge Vary Accept-Encoding
+  </FilesMatch>
+</IfModule>

resources/modules/Apache/conf/snippets/force_https.conf

@@ -0,0 +1,9 @@
+<If "%{HTTPS} == 'off' && %{HTTP:X-Forwarded-Proto} !~ /(^|,\s*)https($|,\s*)/ && %{QUERY_STRING} != ''">
+    Redirect 301 / https://0.0.0.0/
+    Header always set Location "expr=https://%{HTTP_HOST}%{REQUEST_URI}?%{QUERY_STRING}"
+</If>
+
+<If "%{HTTPS} == 'off' && %{HTTP:X-Forwarded-Proto} !~ /(^|,\s*)https($|,\s*)/ && %{QUERY_STRING} == ''">
+    Redirect 301 / https://0.0.0.0/
+    Header always set Location "expr=https://%{HTTP_HOST}%{REQUEST_URI}"
+</If>

resources/modules/Apache/conf/snippets/force_non_www.conf

@@ -0,0 +1,23 @@
+# Requires:
+#   mod_alias
+#   mod_headers
+
+<If "%{HTTP_HOST} =~ m#(?i)^www\.# && ( %{HTTP:X-Forwarded-Proto} =~ /(^|,\s*)https($|,\s*)/ || (%{HTTPS} == 'on' && %{HTTP:X-Forwarded-Proto} == '') ) && %{QUERY_STRING} != ''">
+    Redirect permanent / http://0.0.0.0/
+    Header always set Location "expr='https://' + replace(%{req:Host}, '(?i)^www\.', '') + %{REQUEST_URI} + '?' + %{QUERY_STRING}"
+</If>
+
+<If "%{HTTP_HOST} =~ m#(?i)^www\.# && ( %{HTTP:X-Forwarded-Proto} =~ /(^|,\s*)https($|,\s*)/ || (%{HTTPS} == 'on' && %{HTTP:X-Forwarded-Proto} == '') ) && %{QUERY_STRING} == ''">
+    Redirect permanent / http://0.0.0.0/
+    Header always set Location "expr='https://' + replace(%{req:Host}, '(?i)^www\.', '') + %{REQUEST_URI}"
+</If>
+
+<If "%{HTTP_HOST} =~ m#(?i)^www\.# && !( %{HTTP:X-Forwarded-Proto} =~ /(^|,\s*)https($|,\s*)/ || (%{HTTPS} == 'on' && %{HTTP:X-Forwarded-Proto} == '') ) && %{QUERY_STRING} != ''">
+    Redirect permanent / http://0.0.0.0/
+    Header always set Location "expr='http://' + replace(%{req:Host}, '(?i)^www\.', '') + %{REQUEST_URI} + '?' + %{QUERY_STRING}"
+</If>
+
+<If "%{HTTP_HOST} =~ m#(?i)^www\.# && !( %{HTTP:X-Forwarded-Proto} =~ /(^|,\s*)https($|,\s*)/ || (%{HTTPS} == 'on' && %{HTTP:X-Forwarded-Proto} == '') ) && %{QUERY_STRING} == ''">
+    Redirect permanent / http://0.0.0.0/
+    Header always set Location "expr='http://' + replace(%{req:Host}, '(?i)^www\.', '') + %{REQUEST_URI}"
+</If>

resources/modules/Apache/conf/snippets/quiet_static_logs.conf

@@ -0,0 +1,5 @@
+# Disable logs for favicon.ico and robots.txt
+
+<FilesMatch "^(favicon\.ico|robots\.txt)$">
+    SetEnv dontlog 1
+</FilesMatch>

resources/modules/Apache/conf/snippets/static_cache_control.conf

@@ -0,0 +1,8 @@
+        <FilesMatch "\.(svg|png|jpe?g|gif|webp|avif|jxl|ico|tiff?|heic|css|js|mjs|map|webmanifest|wasm|json|jsonld|geojson|xml|txt|csv|pdf|eot|otf|ttf|ttc|woff2?|mp4|mov|webm|mpe?g|avi|ogv|mp3|wav|ogg|m4a|aac|mid|midi)$">
+            # Only for PROD environments
+            # Header always set Cache-Control "public, max-age=3600, must-revalidate"
+            # Only if ?v= is used for versioning
+            # Header always set Cache-Control "public, max-age=31536000, immutable"
+            # Only for DEV environments
+            Header always set Cache-Control "max-age=0, must-revalidate"
+        </FilesMatch>