Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Update this with changes from HTML5 boilerplate

  • Loading branch information...
commit 6597dad0af6f735d7261651f299802b7b1defa04 1 parent abcec4e
@mrmartineau mrmartineau authored
Showing with 102 additions and 92 deletions.
  1. +102 −92 .htaccess
View
194 .htaccess
@@ -1,8 +1,8 @@
# Apache configuration file
# httpd.apache.org/docs/2.2/mod/quickreference.html
-# Note .htaccess files are an overhead, this logic should be in your Apache config if possible
-# httpd.apache.org/docs/2.2/howto/htaccess.html
+# Note .htaccess files are an overhead, this logic should be in your Apache
+# config if possible: httpd.apache.org/docs/2.2/howto/htaccess.html
# Techniques in here adapted from all over, including:
# Kroc Camen: camendesign.com/.htaccess
@@ -10,13 +10,6 @@
# Sample .htaccess file of CMS MODx: modxcms.com
-###
-### If you run a webserver other than Apache, consider:
-### github.com/h5bp/server-configs
-###
-
-
-
# ----------------------------------------------------------------------
# Better website experience for IE users
# ----------------------------------------------------------------------
@@ -28,7 +21,7 @@
<IfModule mod_headers.c>
Header set X-UA-Compatible "IE=Edge,chrome=1"
# mod_headers can't match by content-type, but we don't want to send this header on *everything*...
- <FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >
+ <FilesMatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svg|svgz|ttf|vcf|webm|webp|woff|xml|xpi)$">
Header unset X-UA-Compatible
</FilesMatch>
</IfModule>
@@ -60,7 +53,7 @@
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
# mod_headers, y u no match by Content-Type?!
- <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
+ <FilesMatch "\.(gif|ico|jpe?g|png|svg|svgz|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
@@ -77,18 +70,16 @@
# subdomains like "subdomain.example.com".
<IfModule mod_headers.c>
- <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
+ <FilesMatch "\.(eot|font.css|otf|ttc|ttf|woff)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
-
# ----------------------------------------------------------------------
# Proper MIME type for all files
# ----------------------------------------------------------------------
-
# JavaScript
# Normalize to standard type (it's sniffed in IE anyways)
# tools.ietf.org/html/rfc4329#section-7.2
@@ -96,12 +87,12 @@ AddType application/javascript js jsonp
AddType application/json json
# Audio
-AddType audio/ogg oga ogg
AddType audio/mp4 m4a f4a f4b
+AddType audio/ogg oga ogg
# Video
-AddType video/ogg ogv
AddType video/mp4 mp4 m4v f4v f4p
+AddType video/ogg ogv
AddType video/webm webm
AddType video/x-flv flv
@@ -114,24 +105,23 @@ AddEncoding gzip svgz
# Webfonts
AddType application/vnd.ms-fontobject eot
AddType application/x-font-ttf ttf ttc
-AddType font/opentype otf
AddType application/x-font-woff woff
+AddType font/opentype otf
# Assorted types
-AddType image/x-icon ico
-AddType image/webp webp
-AddType text/cache-manifest appcache manifest
-AddType text/x-component htc
-AddType application/xml rss atom xml rdf
+AddType application/octet-stream safariextz
AddType application/x-chrome-extension crx
AddType application/x-opera-extension oex
-AddType application/x-xpinstall xpi
-AddType application/octet-stream safariextz
-AddType application/x-web-app-manifest+json webapp
-AddType text/x-vcard vcf
AddType application/x-shockwave-flash swf
+AddType application/x-web-app-manifest+json webapp
+AddType application/x-xpinstall xpi
+AddType application/xml rss atom xml rdf
+AddType image/webp webp
+AddType image/x-icon ico
+AddType text/cache-manifest appcache manifest
AddType text/vtt vtt
-
+AddType text/x-component htc
+AddType text/x-vcard vcf
# ----------------------------------------------------------------------
@@ -151,6 +141,7 @@ AddType text/vtt vtt
# AddOutputFilterByType INCLUDES application/javascript application/json
# SetOutputFilter INCLUDES
#</FilesMatch>
+
#<FilesMatch "\.combined\.css$">
# Options +Includes
# AddOutputFilterByType INCLUDES text/css
@@ -173,6 +164,9 @@ AddType text/vtt vtt
</IfModule>
# Compress all output labeled with one of the following MIME-types
+ # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
+ # and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines as
+ # `AddOutputFilterByType` is still in the core directives)
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/atom+xml \
application/javascript \
@@ -204,8 +198,8 @@ AddType text/vtt vtt
# Additionally, consider that outdated proxies may miscache
# www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
-# If you don't use filenames to version, lower the CSS and JS to something like
-# "access plus 1 week" or so.
+# If you don't use filenames to version, lower the CSS and JS to something like
+# "access plus 1 week".
<IfModule mod_expires.c>
ExpiresActive on
@@ -220,44 +214,55 @@ AddType text/vtt vtt
ExpiresByType text/html "access plus 0 seconds"
# Data
- ExpiresByType text/xml "access plus 0 seconds"
- ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"
+ ExpiresByType application/xml "access plus 0 seconds"
+ ExpiresByType text/xml "access plus 0 seconds"
# Feed
- ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/atom+xml "access plus 1 hour"
+ ExpiresByType application/rss+xml "access plus 1 hour"
# Favicon (cannot be renamed)
ExpiresByType image/x-icon "access plus 1 week"
# Media: images, video, audio
+ ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
- ExpiresByType image/png "access plus 1 month"
- ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
- ExpiresByType video/ogg "access plus 1 month"
- ExpiresByType audio/ogg "access plus 1 month"
+ ExpiresByType image/png "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
+ ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
# HTC files (css3pie)
ExpiresByType text/x-component "access plus 1 month"
# Webfonts
+ ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType application/x-font-ttf "access plus 1 month"
- ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
+ ExpiresByType font/opentype "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
- ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
# CSS and JavaScript
- ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
+ ExpiresByType text/css "access plus 1 year"
</IfModule>
+# ----------------------------------------------------------------------
+# Prevent mobile network providers from modifying your site
+# ----------------------------------------------------------------------
+
+# The following header prevents modification of your code over 3G on some
+# European providers.
+# This is the official 'bypass' suggested by O2 in the UK.
+
+# <IfModule mod_headers.c>
+# Header set Cache-Control "no-transform"
+# </IfModule>
+
# ----------------------------------------------------------------------
# ETag removal
@@ -274,14 +279,12 @@ AddType text/vtt vtt
FileETag None
-
# ----------------------------------------------------------------------
# Stop screen flicker in IE on CSS rollovers
# ----------------------------------------------------------------------
# The following directives stop screen flicker in IE on CSS rollovers - in
-# combination with the "ExpiresByType" rules for images (see above). If
-# needed, un-comment the following rules.
+# combination with the "ExpiresByType" rules for images (see above).
# BrowserMatch "MSIE" brokenvary=1
# BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
@@ -289,57 +292,75 @@ FileETag None
# SetEnvIf brokenvary 1 force-no-vary
+# ----------------------------------------------------------------------
+# Set Keep-Alive Header
+# ----------------------------------------------------------------------
+
+# Keep-Alive allows the server to send multiple requests through one
+# TCP-connection. Be aware of possible disadvantages of this setting. Turn on
+# if you serve a lot of static content.
+
+# <IfModule mod_headers.c>
+# Header set Connection Keep-Alive
+# </IfModule>
+
# ----------------------------------------------------------------------
# Cookie setting from iframes
# ----------------------------------------------------------------------
# Allow cookies to be set from iframes (for IE only)
-# If needed, uncomment and specify a path or regex in the Location directive
+# If needed, specify a path or regex in the Location directive.
# <IfModule mod_headers.c>
# Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
# </IfModule>
-
# ----------------------------------------------------------------------
# Start rewrite engine
# ----------------------------------------------------------------------
-# Turning on the rewrite engine is necessary for the following rules and features.
-# FollowSymLinks must be enabled for this to work.
-#
+# Turning on the rewrite engine is necessary for the following rules and
+# features. FollowSymLinks must be enabled for this to work.
+
# Some cloud hosting services require RewriteBase to be set: goo.gl/HOcPN
-# If using the h5bp in a subdirectory, use `RewriteBase /foo` instead where 'foo' is your directory.
+# If using the h5bp in a subdirectory, use `RewriteBase /foo` instead where
+# 'foo' is your directory.
+
+# If your web host doesn't allow the FollowSymlinks option, you may need to
+# comment it out and use `Options +SymLinksIfOwnerMatch`, but be aware of the
+# performance impact: http://goo.gl/Mluzd
<IfModule mod_rewrite.c>
Options +FollowSymlinks
+# Options +SymLinksIfOwnerMatch
RewriteEngine On
# RewriteBase /
</IfModule>
-
# ----------------------------------------------------------------------
# Suppress or force the "www." at the beginning of URLs
# ----------------------------------------------------------------------
-# The same content should never be available under two different URLs - especially not with and
-# without "www." at the beginning, since this can cause SEO problems (duplicate content).
-# That's why you should choose one of the alternatives and redirect the other one.
+# The same content should never be available under two different URLs -
+# especially not with and without "www." at the beginning, since this can cause
+# SEO problems (duplicate content). That's why you should choose one of the
+# alternatives and redirect the other one.
-# By default option 1 (no "www.") is activated. Remember: Shorter URLs are sexier.
+# By default option 1 (no "www.") is activated.
# no-www.org/faq.php?q=class_b
-# If you rather want to use option 2, just comment out all option 1 lines
+# If you'd prefer to use option 2, just comment out all option 1 lines
# and uncomment option 2.
+
# IMPORTANT: NEVER USE BOTH RULES AT THE SAME TIME!
# ----------------------------------------------------------------------
# Option 1:
-# Rewrite "www.example.com -> example.com"
+# Rewrite "www.example.com -> example.com".
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
@@ -350,9 +371,9 @@ FileETag None
# ----------------------------------------------------------------------
# Option 2:
-# To rewrite "example.com -> www.example.com" uncomment the following lines.
-# Be aware that the following rule might not be a good idea if you
-# use "real" subdomains for certain parts of your website.
+# Rewrite "example.com -> www.example.com".
+# Be aware that the following rule might not be a good idea if you use "real"
+# subdomains for certain parts of your website.
# <IfModule mod_rewrite.c>
# RewriteCond %{HTTPS} !=on
@@ -361,19 +382,17 @@ FileETag None
# </IfModule>
-
# ----------------------------------------------------------------------
# Built-in filename-based cache busting
# ----------------------------------------------------------------------
# If you're not using the build script to manage your filename version revving,
# you might want to consider enabling this, which will route requests for
-# /css/style.20110203.css to /css/style.css
+# `/css/style.20110203.css` to `/css/style.css`.
# To understand why this is important and a better idea than all.css?v1231,
-# read: github.com/h5bp/html5-boilerplate/wiki/cachebusting
+# please refer to the bundled documentation about `.htaccess`.
-# Uncomment to enable.
# <IfModule mod_rewrite.c>
# RewriteCond %{REQUEST_FILENAME} !-f
# RewriteCond %{REQUEST_FILENAME} !-d
@@ -381,14 +400,12 @@ FileETag None
# </IfModule>
-
# ----------------------------------------------------------------------
# Prevent SSL cert warnings
# ----------------------------------------------------------------------
# Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent
# https://www.example.com when your cert only allows https://secure.example.com
-# Uncomment the following lines to use this feature.
# <IfModule mod_rewrite.c>
# RewriteCond %{SERVER_PORT} !^443
@@ -396,18 +413,17 @@ FileETag None
# </IfModule>
-
# ----------------------------------------------------------------------
# Prevent 404 errors for non-existing redirected folders
# ----------------------------------------------------------------------
-# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist
-# e.g. /blog/hello : webmasterworld.com/apache/3808792.htm
+# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the
+# same name does not exist.
+# webmasterworld.com/apache/3808792.htm
Options -MultiViews
-
# ----------------------------------------------------------------------
# Custom 404 page
# ----------------------------------------------------------------------
@@ -418,7 +434,6 @@ Options -MultiViews
ErrorDocument 404 /404.html
-
# ----------------------------------------------------------------------
# UTF-8 encoding
# ----------------------------------------------------------------------
@@ -427,54 +442,49 @@ ErrorDocument 404 /404.html
AddDefaultCharset utf-8
# Force UTF-8 for a number of file formats
-AddCharset utf-8 .css .js .xml .json .rss .atom
-
+AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
# ----------------------------------------------------------------------
# A little more security
# ----------------------------------------------------------------------
-
-# Do we want to advertise the exact version number of Apache we're running?
-# Probably not.
-## This can only be enabled if used in httpd.conf - It will not work in .htaccess
+# To avoid displaying the exact version number of Apache being used, add the
+# following to httpd.conf (it will not work in .htaccess):
# ServerTokens Prod
-
-# "-Indexes" will have Apache block users from browsing folders without a default document
-# Usually you should leave this activated, because you shouldn't allow everybody to surf through
-# every folder on your server (which includes rather private places like CMS system folders).
+# "-Indexes" will have Apache block users from browsing folders without a
+# default document Usually you should leave this activated, because you
+# shouldn't allow everybody to surf through every folder on your server (which
+# includes rather private places like CMS system folders).
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
-
-# Block access to "hidden" directories whose names begin with a period. This
-# includes directories used by version control systems such as Subversion or Git.
+# Block access to "hidden" directories or files whose names begin with a
+# period. This includes directories used by version control systems such as
+# Subversion or Git.
<IfModule mod_rewrite.c>
- RewriteCond %{SCRIPT_FILENAME} -d
+ RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
</IfModule>
-
-# Block access to backup and source files
-# This files may be left by some text/html editors and
-# pose a great security danger, when someone can access them
-<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
+# Block access to backup and source files. These files may be left by some
+# text/html editors and pose a great security danger, when anyone can access
+# them.
+<FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
-
# If your server is not already configured as such, the following directive
# should be uncommented in order to set PHP's register_globals option to OFF.
# This closes a major security hole that is abused by most XSS (cross-site
# scripting) attacks. For more information: http://php.net/register_globals
#
-# IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :
+# IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS:
#
# Your server does not allow PHP directives to be set via .htaccess. In that
# case you must make this change in your php.ini file instead. If you are
@@ -528,6 +538,6 @@ AddCharset utf-8 .css .js .xml .json .rss .atom
# php_value error_append_string " "
# Increase cookie security
-<IfModule php5_module>
+<IfModule mod_php5.c>
php_value session.cookie_httponly true
-</IfModule>
+</IfModule>
Please sign in to comment.
Something went wrong with that request. Please try again.