Require all denied RewriteEngine On # Redirect HTTP ke HTTPS (jika SSL aktif) RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Arahkan ke index.php jika bukan file/folder nyata RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^ index.php [L] # Blokir akses ke /komentar RewriteCond %{REQUEST_URI} ^/komentar [NC] RewriteRule ^ - [F] # Blok akses folder penting RedirectMatch 403 ^/(vendor|bootstrap|node_modules)/ # Nonaktifkan directory listing Options -Indexes # Blok file sensitif Require all denied Require all denied Require all denied Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header always set X-XSS-Protection "1; mode=block" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()" Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header always set Content-Security-Policy " default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.ckeditor.com https://code.jquery.com https://cdnjs.cloudflare.com https://platform-api.sharethis.com https://connect.facebook.net https://static.addtoany.com https://pagead2.googlesyndication.com https://jsc.monetag.com https://pl22050247.effectivegatecpm.com; /* ADSTERRA */ style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.ckeditor.com; img-src 'self' data: https://www.voicepapua.com https://platform-api.sharethis.com https://pagead2.googlesyndication.com https://facebook.com https://fbcdn.net https://twitter.com https://pbs.twimg.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://www.facebook.com https://platform.twitter.com https://www.youtube.com https://static.addtoany.com https://jsc.monetag.com https://pl22050247.effectivegatecpm.com; /* ADSTERRA */ connect-src 'self' https://platform-api.sharethis.com https://ws.sharethis.com https://www.google-analytics.com; " # Proteksi bot buruk kecuali Facebook dan Twitter crawler SetEnvIfNoCase User-Agent "facebookexternalhit" is_facebook SetEnvIfNoCase User-Agent "Twitterbot" is_twitter SetEnvIfNoCase User-Agent "AhrefsBot" bad_bot SetEnvIfNoCase User-Agent "SemrushBot" bad_bot SetEnvIfNoCase User-Agent "MJ12bot" bad_bot SetEnvIfNoCase User-Agent "DotBot" bad_bot SetEnvIfNoCase User-Agent "^EmailCollector" bad_bot Require all granted Require not env bad_bot Order Deny,Allow Deny from env=bad_bot Allow from all