PHP and Apache like to advertise themselves in the HTTP headers of every connection. It's probably best not to advertise your versions. You can disable that with these configuration entries:
# In /etc/php.ini
expose_php = Off# In your Apache config
ServerTokens Prod
ServerSignature OffMy templating system uses .stpl files for it's definitions. I do not want to serve these files directly to my users so I used an .htaccess file to block them.
<Files ~ "\.stpl$">
Order allow,deny
Deny from all
</Files>If you want to redirect all HTTP requests to HTTPS it's pretty simple:
<VirtualHost *:80>
ServerName domain.com
Redirect permanent / https://domain.com/
</VirtualHost>I needed to do an HTTPS redirection, but exclude my /api directory to make things simpler and faster for my ESP8266/ESP32 boards. This is slighly more complicated but still doable:
<VirtualHost *:80>
ServerName domain.com
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !/api
RewriteRule /(.*) https://domain.com/$1
</VirtualHost>