# BEGIN HMWP_RULES
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 month"
# Feed
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/atom+xml "access plus 1 hour"
# CSS, JavaScript
ExpiresByType text/css "access plus 1 year"
ExpiresByType text/javascript "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"

# Webfonts
ExpiresByType font/ttf "access plus 1 year"
ExpiresByType font/otf "access plus 1 year"
ExpiresByType font/woff "access plus 1 year"
ExpiresByType font/woff2 "access plus 1 year"
ExpiresByType application/vnd.ms-fontobject "access plus 1 year"

# Images
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"

# Video
ExpiresByType video/mp4 "access plus 1 year"
ExpiresByType video/mpeg "access plus 1 year"
ExpiresByType video/webm "access plus 1 year"
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^([_0-9a-zA-Z-]+/)?ajax-call$ /wp-admin/admin-ajax.php [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?ghost-admin/(.*) /wp-admin/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?login$ /wp-login.php [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?login/(.*) /wp-login.php$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?lostpass$ /wp-login.php?action=lostpassword [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?register$ /wp-login.php?action=register [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?logout$ /wp-login.php?action=logout [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/kotisivulle404/(.*) /wp-content/plugins/all-404-redirect-to-homepage/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/varauskirja/(.*) /wp-content/plugins/bookly-responsive-appointment-booking-tool/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/palvelut/(.*) /wp-content/plugins/bookly-addon-collaborative-services/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/erikoismerkkit/(.*) /wp-content/plugins/bookly-addon-custom-fields/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/erikoiserat/(.*) /wp-content/plugins/bookly-addon-custom-statuses/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/pro/(.*) /wp-content/plugins/bookly-addon-pro/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/erikoispaivat/(.*) /wp-content/plugins/bookly-addon-special-days/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/henkilokunta/(.*) /wp-content/plugins/bookly-addon-staff-cabinet/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/snippetit/(.*) /wp-content/plugins/code-snippets/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/kekseja/(.*) /wp-content/plugins/cookie-notice/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/kirjauduperemmalle/(.*) /wp-content/plugins/feather-login-page/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukkoapi/(.*) /wp-content/plugins/formidable-api/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-aweber/(.*) /wp-content/plugins/formidable-aweber/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-paivat/(.*) /wp-content/plugins/formidable-dates/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-vastaaaja/(.*) /wp-content/plugins/formidable-autoresponder/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko/(.*) /wp-content/plugins/formidable/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-pro/(.*) /wp-content/plugins/formidable-pro/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-logit/(.*) /wp-content/plugins/formidable-logs/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-sahkoposti/(.*) /wp-content/plugins/formidable-mailchimp/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-twilio/(.*) /wp-content/plugins/formidable-twilio/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-views/(.*) /wp-content/plugins/formidable-views/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-zapier/(.*) /wp-content/plugins/formidable-zapier/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/shh/(.*) /wp-content/plugins/hide-my-wp/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/alayrita/(.*) /wp-content/plugins/limit-login-attempts-reloaded/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/keksi-setuppi/(.*) /wp-content/plugins/litespeed-cache/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/oikeusjakohtuus/(.*) /wp-content/plugins/members/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/(.*) /wp-content/plugins/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?views/urheiluakipt09/urheiluaki.css$ /wp-content/themes/twentytwentytwo/style.css [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?views/urheiluakipt09/(.*) /wp-content/themes/twentytwentytwo/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?views/urheiluakipt10/urheiluaki.css$ /wp-content/themes/zakra/style.css [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?views/urheiluakipt10/(.*) /wp-content/themes/zakra/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?views/(.*) /wp-content/themes/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?storage/(.*) /wp-content/uploads/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/(.*) /wp-content/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?lib/(.*) /wp-includes/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?comments/(.*) /wp-comments-post.php$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?writer/(.*) /author/$2 [QSA,L]
</IfModule>

# END HMWP_RULES
# BEGIN HMWP_VULNERABILITY
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !/wp-admin [NC]
RewriteCond %{QUERY_STRING} ^author=\d+ [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>

<IfModule mod_headers.c>
Header always unset x-powered-by
Header always unset server
ServerSignature Off
</IfModule>

<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=63072000"
Header set Content-Security-Policy "object-src 'none'"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_|hmwp_logged_in_|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]
RewriteCond %{REQUEST_URI} ^/wp-content/$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-content/[^\.]+/?$ [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/plugins/[^\.]+(\.css|\.scss|\.js|\.php|\.htm|\.html|\.rtf|\.rtx|\.txt|\.xsd|\.xml|\.json|\.lock) [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/themes/[^\.]+(\.css|\.scss|\.js|\.php|\.htm|\.html|\.rtf|\.rtx|\.txt|\.xsd|\.xml|\.json|\.lock)    [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/uploads/[^\.]+(\.css|\.scss|\.js|\.php|\.htm|\.html|\.rtf|\.rtx|\.txt|\.xsd|\.xml|\.json|\.lock) [NC,OR]
RewriteCond %{THE_REQUEST} /wp-includes(/.*)? [NC,OR]
RewriteCond %{THE_REQUEST} /([_0-9a-zA-Z-]+/)?(wp-config-sample\.php|readme\.html|readme\.txt|install\.php|license\.txt|php\.ini|bb-config\.php|error_log) [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} /(wp-config-sample\.php|readme\.html|readme\.txt|install\.php|license\.txt|php\.ini|bb-config\.php|error_log) [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>

<Files xmlrpc.php>
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from *.wordpress.com
Allow from 192.0.64.0/18
Allow from 185.64.140.0/22
Allow from 2a04:fa80::/29
Allow from 76.74.255.0/22
Allow from 192.0.65.0/22
Allow from 192.0.80.0/22
Allow from 192.0.96.0/22
Allow from 192.0.123.0/22
Satisfy All 
ErrorDocument 404 /
</Files>

# END HMWP_VULNERABILITY

#HTTPS-ohjaus: data.urheiluaki.fi
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^data.urheiluaki.fi [NC,OR]
RewriteCond %{HTTP_HOST} ^www.data.urheiluaki.fi [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
#HTTPS-ohjaus loppuu
#BEGIN Really Simple SSL LETS ENCRYPT
RewriteRule ^.well-known/(.*)$ - [L]
#END Really Simple SSL LETS ENCRYPT
#HTTPS-ohjaus: urheiluaki.fi
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^urheiluaki.fi [NC,OR]
RewriteCond %{HTTP_HOST} ^www.urheiluaki.fi [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
#HTTPS-ohjaus loppuu
# BEGIN rlrssslReallySimpleSSL rsssl_version[4.0.14]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL
# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
<IfModule LiteSpeed>
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]
RewriteRule \.litespeed_conf\.dat - [F,L]

### marker DROPQS start ###
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:utm*
CacheKeyModify -qs:_ga
### marker DROPQS end ###

</IfModule>
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN NON_LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END NON_LSCACHE
# BEGIN WordPress
# Rivit, jotka ovat "BEGIN WordPress" ja "END WordPress" välissä on luotu dynaamisesti ja niitä tulee muokata vain WordPressin filttereillä. Kaikki manuaaliset muutokset riveihin tullaan yliajamaan.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?ajax-call$ /wp-admin/admin-ajax.php [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?ghost-admin/(.*) /wp-admin/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?login$ /wp-login.php [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?login/(.*) /wp-login.php$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?lostpass$ /wp-login.php?action=lostpassword [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?register$ /wp-login.php?action=register [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?logout$ /wp-login.php?action=logout [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/kotisivulle404/(.*) /wp-content/plugins/all-404-redirect-to-homepage/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/varauskirja/(.*) /wp-content/plugins/bookly-responsive-appointment-booking-tool/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/palvelut/(.*) /wp-content/plugins/bookly-addon-collaborative-services/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/erikoismerkkit/(.*) /wp-content/plugins/bookly-addon-custom-fields/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/erikoiserat/(.*) /wp-content/plugins/bookly-addon-custom-statuses/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/pro/(.*) /wp-content/plugins/bookly-addon-pro/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/erikoispaivat/(.*) /wp-content/plugins/bookly-addon-special-days/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/henkilokunta/(.*) /wp-content/plugins/bookly-addon-staff-cabinet/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/snippetit/(.*) /wp-content/plugins/code-snippets/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/kekseja/(.*) /wp-content/plugins/cookie-notice/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/kirjauduperemmalle/(.*) /wp-content/plugins/feather-login-page/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukkoapi/(.*) /wp-content/plugins/formidable-api/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-aweber/(.*) /wp-content/plugins/formidable-aweber/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-paivat/(.*) /wp-content/plugins/formidable-dates/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-vastaaaja/(.*) /wp-content/plugins/formidable-autoresponder/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko/(.*) /wp-content/plugins/formidable/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-pro/(.*) /wp-content/plugins/formidable-pro/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-logit/(.*) /wp-content/plugins/formidable-logs/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-sahkoposti/(.*) /wp-content/plugins/formidable-mailchimp/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-twilio/(.*) /wp-content/plugins/formidable-twilio/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-views/(.*) /wp-content/plugins/formidable-views/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/taulukko-zapier/(.*) /wp-content/plugins/formidable-zapier/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/shh/(.*) /wp-content/plugins/hide-my-wp/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/alayrita/(.*) /wp-content/plugins/limit-login-attempts-reloaded/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/keksi-setuppi/(.*) /wp-content/plugins/litespeed-cache/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/oikeusjakohtuus/(.*) /wp-content/plugins/members/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?modules/(.*) /wp-content/plugins/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?views/urheiluakipt09/urheiluaki.css$ /wp-content/themes/twentytwentytwo/style.css [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?views/urheiluakipt09/(.*) /wp-content/themes/twentytwentytwo/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?views/urheiluakipt10/urheiluaki.css$ /wp-content/themes/zakra/style.css [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?views/urheiluakipt10/(.*) /wp-content/themes/zakra/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?views/(.*) /wp-content/themes/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?storage/(.*) /wp-content/uploads/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/(.*) /wp-content/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?lib/(.*) /wp-includes/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?comments/(.*) /wp-comments-post.php$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?writer/(.*) /author/$2 [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN FRedirect_ErrorDocument
# Rivit, jotka ovat "BEGIN FRedirect_ErrorDocument" ja "END FRedirect_ErrorDocument" välissä on luotu dynaamisesti ja niitä tulee muokata vain WordPressin filttereillä. Kaikki manuaaliset muutokset riveihin tullaan yliajamaan.
ErrorDocument 404 /index.php?error=404
# END FRedirect_ErrorDocument
RewriteCond %{HTTP_HOST} ^ad\.urheiluaki\.fi$
RewriteRule ^/?$ "https\:\/\/www\.urheiluaki\.fi\/" [R=301,L]

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
RewriteCond %{HTTP_HOST} ^urheiluaki\.fi$ [OR]
RewriteCond %{HTTP_HOST} ^www\.urheiluaki\.fi$
RewriteRule ^\.well\-known\/matrix\/server$ "https\:\/\/matrix\.urheiluaki\.fi\/\.well\-known\/matrix\/server" [R=301,L]
RewriteCond %{HTTP_HOST} ^urheiluaki\.fi$ [OR]
RewriteCond %{HTTP_HOST} ^www\.urheiluaki\.fi$
RewriteRule ^\.well\-known\/matrix\/client$ "https\:\/\/matrix\.urheiluaki\.fi\/\.well\-known\/matrix\/client" [R=301,L]
RewriteCond %{HTTP_HOST} ^urheiluaki\.fi$ [OR]
RewriteCond %{HTTP_HOST} ^www\.urheiluaki\.fi$
RewriteRule ^\.well\-known\/matrix\/$ "https\:\/\/matrix\.urheiluaki\.fi\/\.well\-known\/matrix\/" [R=301,L]