# ============================================================ # you-on-tv.com - Canonical redirects + cleanup + hardening # ============================================================ RewriteEngine On # ------------------------------------------------------------ # 0) ERROR DOCUMENTS # ------------------------------------------------------------ ErrorDocument 404 /404.html ErrorDocument 403 /403.html # Bots often probe /403.shtml; keep it from becoming noise RewriteRule ^403\.shtml$ /403.html [L,R=301] # ------------------------------------------------------------ # 1a) ALLOW ACME CHALLENGE (Let's Encrypt) if ever needed # ------------------------------------------------------------ RewriteRule ^\.well-known/acme-challenge/ - [L] # ------------------------------------------------------------ # 1) CANONICAL: Force HTTPS + NON-WWW (single hop) # ------------------------------------------------------------ RewriteCond %{HTTPS} !=on [OR] RewriteCond %{HTTP_HOST} ^www\.you-on-tv\.com$ [NC] RewriteRule ^ https://you-on-tv.com%{REQUEST_URI} [L,R=301] # ------------------------------------------------------------ # 2) RETIRED PAGES: mark old FrontPage /id* pages as GONE (410) # Examples: /id15.html, /id200.htm # ------------------------------------------------------------ RewriteRule ^id[0-9]+\.html?$ - [G,L] # ------------------------------------------------------------ # 3) THEATRE: redirect dead theatre URLs to the current landing # ------------------------------------------------------------ RewriteRule ^theatre/index\.html$ https://you-on-tv.com/theatre.html [L,R=301] RewriteRule ^theatre/mike\.html$ https://you-on-tv.com/theatre.html [L,R=301] # ------------------------------------------------------------ # 4) CANONICAL: Force root instead of /index.html # ------------------------------------------------------------ RewriteRule ^index\.html$ https://you-on-tv.com/ [L,R=301] # ------------------------------------------------------------ # 5) BASIC HARDENING (safe rules; low risk on shared hosting) # ------------------------------------------------------------ ServerSignature Off Options -Indexes # Block common WordPress/probe junk (return 403) RewriteRule ^wp-admin(?:/.*)?$ - [F,L] RewriteRule ^wp-login\.php$ - [F,L] RewriteRule ^wordpress(?:/.*)?$ - [F,L] RewriteRule ^xmlrpc\.php$ - [F,L] RewriteRule ^\.vscode(?:/.*)?$ - [F,L] RewriteRule ^_next(?:/.*)?$ - [F,L] RewriteRule ^admin(?:/.*)?$ - [F,L] RewriteRule ^backup(?:/.*)?$ - [F,L] RewriteRule ^old(?:/.*)?$ - [F,L] RewriteRule ^new(?:/.*)?$ - [F,L] # Block dotfiles (like .env) and obvious backup/archive extensions (403) RewriteRule (^|/)\. - [F,L] RewriteRule \.(env|ini|sql|bak|old|zip|tar|gz)$ - [F,L]