# ══════════════════════════════════════════════════════════════════
# Driver & Butler — .htaccess Complet
# Sécurité + Core Web Vitals + Cache + Compression + Anti-DevTools
# ══════════════════════════════════════════════════════════════════

# ── 1. SÉCURITÉ D&B ───────────────────────────────────────────────
# BEGIN Sécurité D&B

# Désactiver l'affichage du contenu des dossiers
Options -Indexes

# Bloquer l'accès direct à wp-config.php
<Files wp-config.php>
    Order Allow,Deny
    Deny from all
</Files>

# Bloquer l'accès direct à xmlrpc.php
<Files xmlrpc.php>
    Order Allow,Deny
    Deny from all
</Files>

# Bloquer les fichiers sensibles
<FilesMatch "(^#.*#|\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Bloquer l'accès au fichier .htaccess lui-même
<Files .htaccess>
    Order Allow,Deny
    Deny from all
</Files>

# Bloquer les user-agents malveillants connus
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC]
RewriteRule .* - [F,L]
</IfModule>

# Headers de sécurité HTTP
<IfModule mod_headers.c>
    # Forcer HTTPS
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    # Empêcher le clickjacking
    Header always set X-Frame-Options "SAMEORIGIN"
    # Empêcher le sniffing MIME
    Header always set X-Content-Type-Options "nosniff"
    # Protection XSS
    Header always set X-XSS-Protection "1; mode=block"
    # Referrer policy
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    # Permissions policy — désactiver accès caméra/micro/géoloc non sollicités
    Header always set Permissions-Policy "camera=(), microphone=(), geolocation=(self)"
</IfModule>

# END Sécurité D&B

# ── 2. COMPRESSION GZIP + BROTLI ──────────────────────────────────
# BEGIN Compression

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
    AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript
    AddOutputFilterByType DEFLATE application/json application/xml application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml application/atom+xml
    AddOutputFilterByType DEFLATE image/svg+xml font/ttf font/otf font/woff font/woff2
    # Pas de compression sur les fichiers déjà compressés
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|webp|zip|gz|bz2)$ no-gzip dont-vary
</IfModule>

# Brotli si disponible (prioritaire sur Gzip)
<IfModule mod_brotli.c>
    AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css
    AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript
    AddOutputFilterByType BROTLI_COMPRESS application/json application/xml
    AddOutputFilterByType BROTLI_COMPRESS image/svg+xml font/woff font/woff2
</IfModule>

# END Compression

# ── 3. CACHE NAVIGATEUR ────────────────────────────────────────────
# BEGIN Cache

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault                              "access plus 1 month"

    # HTML — pas de cache (contenu dynamique)
    ExpiresByType text/html                     "access plus 0 seconds"

    # CSS & JavaScript
    ExpiresByType text/css                      "access plus 1 year"
    ExpiresByType application/javascript        "access plus 1 year"
    ExpiresByType text/javascript               "access plus 1 year"

    # Images
    ExpiresByType image/jpeg                    "access plus 1 year"
    ExpiresByType image/png                     "access plus 1 year"
    ExpiresByType image/gif                     "access plus 1 year"
    ExpiresByType image/webp                    "access plus 1 year"
    ExpiresByType image/svg+xml                 "access plus 1 year"
    ExpiresByType image/x-icon                  "access plus 1 year"

    # Fonts
    ExpiresByType font/ttf                      "access plus 1 year"
    ExpiresByType font/otf                      "access plus 1 year"
    ExpiresByType font/woff                     "access plus 1 year"
    ExpiresByType font/woff2                    "access plus 1 year"
    ExpiresByType application/font-woff         "access plus 1 year"

    # JSON / XML
    ExpiresByType application/json              "access plus 0 seconds"
    ExpiresByType application/xml               "access plus 0 seconds"
    ExpiresByType text/xml                      "access plus 0 seconds"

    # PDF
    ExpiresByType application/pdf               "access plus 1 month"

    # Manifeste PWA
    ExpiresByType application/manifest+json     "access plus 1 week"
</IfModule>

<IfModule mod_headers.c>
    # Cache-Control par type
    <FilesMatch "\.(css|js|woff|woff2|ttf|otf)$">
        Header set Cache-Control "public, max-age=31536000, immutable"
    </FilesMatch>
    <FilesMatch "\.(jpg|jpeg|png|gif|webp|svg|ico)$">
        Header set Cache-Control "public, max-age=31536000"
    </FilesMatch>
    <FilesMatch "\.(html|php)$">
        Header set Cache-Control "no-cache, no-store, must-revalidate"
        Header set Pragma "no-cache"
        Header set Expires "0"
    </FilesMatch>
    # Vary: Accept-Encoding pour la compression
    Header append Vary Accept-Encoding
</IfModule>

# END Cache

# ── 4. PERFORMANCE ────────────────────────────────────────────────
# BEGIN Performance

# Keep-Alive
<IfModule mod_headers.c>
    Header set Connection keep-alive
</IfModule>

# ETags — désactiver pour éviter les conflits avec Cache-Control
<IfModule mod_headers.c>
    Header unset ETag
</IfModule>
FileETag None

# END Performance

# ── 5. ANTI COPIER/COLLER + DEVTOOLS ──────────────────────────────
# BEGIN Anti-DevTools
# Note : protection côté serveur limitée — le JS dans footer.php
# reste la méthode principale pour bloquer F12, clic droit, sélection.
# Ce bloc ajoute une couche headers pour compliquer l'inspection.

<IfModule mod_headers.c>
    # Désactiver le cache sur les pages pour compliquer View Source
    Header set X-Robots-Tag "all"
    # Header custom D&B
    Header set X-Powered-By "Driver-and-Butler"
    Header unset X-Powered-By
    # Bloquer l'embedding dans des iframes externes (anti-scraping)
    Header always set Content-Security-Policy "frame-ancestors 'self'"
</IfModule>

# END Anti-DevTools

# ── 6. STRIPE CHECKOUT ────────────────────────────────────────────
# BEGIN Stripe Checkout

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^stripe-checkout/?$ /stripe/create-checkout-session.php [L,QSA]
</IfModule>

# END Stripe Checkout

# ── 7. WORDPRESS ──────────────────────────────────────────────────
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type="text/xsl" href="//www.driverandbutler.com/wp-content/plugins/wordpress-seo/css/main-sitemap.xsl"?>
<sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
	<sitemap>
		<loc>https://www.driverandbutler.com/page-sitemap.xml</loc>
		<lastmod>2026-05-08T18:05:00+00:00</lastmod>
	</sitemap>
</sitemapindex>
<!-- XML Sitemap generated by Yoast SEO -->