Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
484 lines (341 sloc) 13.2 KB
#
# HTACCESS : useful tips & tricks
# uses a lot of good ideas from html5-boilerplate https://github.com/h5bp
# https://github.com/h5bp/server-configs-apache
#
# made by Nicolas (@nico3333fr)
# under WTFPL license
# no warranty: can’t be responsible for anything if you use it
# "great power involves great responsibility"
#
#
# ------------------------------------------------------------------------------
# | UTF-8 encoding |
# ------------------------------------------------------------------------------
<IfModule mod_mime.c>
AddCharset utf-8 .atom .scss .css .js .json .jsonld .rss .vtt .webapp .xml .txt .svg .webmanifest .html .htm .md
</IfModule>
# ------------------------------------------------------------------------------
# | Password protection |
# ------------------------------------------------------------------------------
#AuthUserFile /home/your_path/.htpasswd
#AuthGroupFile /dev/null
#AuthName " Restricted access "
#AuthType basic
#<Limit GET POST>
# Order Deny,Allow
# Deny From All
# Allow From 192.168.1.0/24
# require valid-user
# Satisfy Any
#</Limit>
# ------------------------------------------------------------------------------
# | Additionnal charset/types/etc. |
# ------------------------------------------------------------------------------
<IfModule mod_mime.c>
# Audio
AddType audio/mp4 m4a f4a f4b
AddType audio/mpeg mp3
AddType audio/ogg oga ogg opus
AddType audio/wav wav
AddType audio/webm webma
# Data interchange
AddType application/json json map
AddType application/ld+json jsonld
# JavaScript
# Normalize to standard type.
# http://tools.ietf.org/html/rfc4329#section-7.2
AddType application/javascript js
# Video
AddType video/mp4 f4v f4p m4v mp4
AddType video/ogg ogv
AddType video/webm webm
AddType video/x-flv flv
# Web fonts
AddType application/font-woff woff
AddType application/vnd.ms-fontobject eot
AddType application/x-font-ttf ttc ttf
AddType application/x-font-woff woff
AddType application/font-woff2 .woff2
AddType font/opentype otf
# Make SVGZ fonts work on the iPad.
# https://twitter.com/FontSquirrel/status/14855840545
AddType image/svg+xml svgz
AddEncoding gzip svgz
# Other
AddType application/octet-stream safariextz
AddType application/x-chrome-extension crx
AddType application/x-opera-extension oex
AddType application/x-web-app-manifest+json webapp
AddType application/x-xpinstall xpi
AddType application/xml atom rdf rss xml
AddType image/webp webp
AddType image/x-icon cur
AddType image/vnd.microsoft.icon .ico
AddType text/cache-manifest appcache manifest
AddType text/css .css
AddType image/svg+xml svg
AddType text/vtt vtt
AddType text/x-component htc
AddType text/x-vcard vcf
AddType application/vnd.openxmlformats .docx .pptx .xlsx .xltx . xltm .dotx .potx .ppsx
AddType image/webp .webp
AddType application/manifest+json .webmanifest
</IfModule>
# ------------------------------------------------------------------------------
# | force download |
# ------------------------------------------------------------------------------
# for xslx
#<FilesMatch "\.(xlsx)$">
# ForceType application/octet-stream
# Header set Content-Disposition attachment
#</FilesMatch>
# ------------------------------------------------------------------------------
# | for uploadify or upload component |
# ------------------------------------------------------------------------------
#php_value max_execution_time 1800
#php_value upload_max_filesize 99M
#php_value post_max_size 99M
#php_value memory_limit 99M
#php_value max_input_time 3600
# for some strange cases/components, uncomment only if there is no other way
#<IfModule mod_security.c>
# SecFilterEngine Off
# SecFilterScanPOST Off
#</IfModule>
# ------------------------------------------------------------------------------
# | Custom error messages / pages |
# ------------------------------------------------------------------------------
# lost & found
ErrorDocument 404 /404.php
# niet
ErrorDocument 403 /403.php
# oops, internal server error
ErrorDocument 500 /500.php
# unauthorized
ErrorDocument 401 /401.php
# not implemented
#ErrorDocument 418 /418.php
# ------------------------------------------------------------------------------
# | File access |
# ------------------------------------------------------------------------------
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# no listing for directories
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# prevent accessing to all files excepted those mentionned (be careful to uppercase)
#<FilesMatch "(?<!\.png|\.jpg|\.gif|\.jpeg|\.svg|\.ico)$">
# Apache 2.2
# deny from all
# Apache 2.4
# Require all denied
#</FilesMatch>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# prevent executing PHP file in a folder
# Warning : do NEVER uncomment this in general htaccess, only in folders that need it !
#RemoveHandler .php .phtml .php3 .php4 .php5
#RemoveType .php .phtml .php3 .php4 .php5
#php_flag engine off
# To deny PHPs
#<Files ~ "\.(php3|php4|php5|phtml|pl|cgi)$">
# Apache 2.2
# deny from all
# Apache 2.4
# Require all denied
#</Files>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# block access to hidden files & directories
<IfModule mod_rewrite.c>
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
</IfModule>
# ------------------------------------------------------------------------------
# | Rewrite engine |
# ------------------------------------------------------------------------------
<IfModule mod_rewrite.c>
Options +FollowSymlinks
# Options +SymLinksIfOwnerMatch
RewriteEngine On
# RewriteBase /
</IfModule>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# examples
<IfModule mod_rewrite.c>
# /page/plop?toto=tutu -> /page.php?page=plop&toto=tutu
# RewriteRule /pages/(.+) /page.php?page=$1 [QSA]
# my-ass -> my-ass.php
Options -MultiViews
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [L]
# sitemaps
#RewriteRule ^sitemap\.xml$ sitemap.php [L]
# security.txt
RewriteRule ^.well-known/security\.txt$ security.txt [L]
# to avoid 404 errors generated by iOS
# see http://www.creativejuiz.fr/blog/veille-technologique/ios-provoque-404-site-web-apple-touch-icon for reference
#RewriteRule ^apple-touch-icon-(.+)\.png apple-touch-icon.png [L]
# Cache busting for CSS/JS
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule ^(.+)_(\d+)\.(js|css)$ $1.$3 [L]
</IfModule>
# ------------------------------------------------------------------------------
# | Suppressing / Forcing the `www.` at the beginning of URLs |
# ------------------------------------------------------------------------------
# IMPORTANT: NEVER USE THESE RULES AT THE SAME TIME!
# UNCOMMENT THE GOOD ONE ONLY
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# HTTPS
# whatever, go to HTTPS
#<IfModule mod_rewrite.c>
# RewriteCond %{HTTPS} !=on
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#</IfModule>
# Option 1: rewrite www.example.com → example.com
#<IfModule mod_rewrite.c>
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteCond %{SERVER_ADDR} !=127.0.0.1
# RewriteCond %{SERVER_ADDR} !=::1
# RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
#</IfModule>
# Option 2: rewrite example.com → www.example.com
#<IfModule mod_rewrite.c>
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteCond %{SERVER_ADDR} !=127.0.0.1
# RewriteCond %{SERVER_ADDR} !=::1
# RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#</IfModule>
# Option 3: whatever → www.example.com
#<IfModule mod_rewrite.c>
# RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
# RewriteCond %{SERVER_ADDR} !=127.0.0.1
# RewriteCond %{SERVER_ADDR} !=::1
# RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L]
#</IfModule>
# HTTP
# Option 1: rewrite www.example.com → example.com
#<IfModule mod_rewrite.c>
# RewriteCond %{HTTPS} !=on
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
#</IfModule>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Option 2: rewrite example.com → www.example.com
#<IfModule mod_rewrite.c>
# RewriteCond %{HTTPS} !=on
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteCond %{SERVER_ADDR} !=127.0.0.1
# RewriteCond %{SERVER_ADDR} !=::1
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#</IfModule>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Option 3: whatever → www.example.com
#<IfModule mod_rewrite.c>
# RewriteCond %{HTTPS} !=on
# RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
# RewriteCond %{SERVER_ADDR} !=127.0.0.1
# RewriteCond %{SERVER_ADDR} !=::1
# RewriteRule ^ http://www.example.com%{REQUEST_URI} [R=301,L]
#</IfModule>
# ------------------------------------------------------------------------------
# | Compression |
# ------------------------------------------------------------------------------
<IfModule mod_deflate.c>
AddOutputFilter INCLUDES;DEFLATE js
AddOutputFilter INCLUDES;DEFLATE css
AddOutputFilter INCLUDES;DEFLATE php
AddOutputFilter INCLUDES;DEFLATE html
AddOutputFilter INCLUDES;DEFLATE xml
AddOutputFilter INCLUDES;DEFLATE ico
# webfonts
AddOutputFilter INCLUDES;DEFLATE eot
AddOutputFilter INCLUDES;DEFLATE svg
AddOutputFilter INCLUDES;DEFLATE ttf
# others
AddOutputFilter INCLUDES;DEFLATE vtt
AddOutputFilter INCLUDES;DEFLATE webmanifest
</IfModule>
# ------------------------------------------------------------------------------
# | Security |
# ------------------------------------------------------------------------------
# Stops a browser from trying to MIME-sniff
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
# Avoid Clickjacking and enable XSS-protection for browsers
<FilesMatch "\.(pl|php|cgi|spl)$">
<IfModule mod_headers.c>
# security
Header set X-Frame-Options "DENY"
Header set X-XSS-Protection "1; mode=block"
</IfModule>
</FilesMatch>
# CORS
#<IfModule mod_headers.c>
# Header set Access-Control-Allow-Origin "*"
#</IfModule>
# ------------------------------------------------------------------------------
# | Cache + |
# ------------------------------------------------------------------------------
# CACHE + ETags
<FilesMatch "\.(flv|gif|jpg|jpeg|png|ico|swf|ogv|mp4|webm|svg|ttf|woff|woff2|eot|js|css|pdf|txt|webp|webmanifest)$">
<IfModule mod_headers.c>
Header unset Set-Cookie
Header set Cache-Control "max-age=21772800"
header set vary "Accept-Encoding"
header append vary "User-Agent"
header append Cache-Control "public"
header append Keep-Alive "timeout=5, max=100"
header append Connection "Keep-Alive"
FileETag None
</IfModule>
</FilesMatch>
# 10 minutes = HTML, XML (RSS)
<FilesMatch "\.(html|htm|xml)$">
<IfModule mod_headers.c>
Header set Cache-Control "max-age=600"
header set vary "Accept-Encoding"
header append vary "User-Agent"
header append Cache-Control "private"
FileETag None
</IfModule>
</FilesMatch>
# DONT CACHE = NO CACHE FOR PHP
<FilesMatch "\.(pl|php|cgi|spl)$">
<IfModule mod_headers.c>
Header unset Cache-Control
Header unset Expires
Header unset Last-Modified
Header unset Pragma
#BrowserMatch "MSIE" force-no-vary
FileETag None
header set vary "Accept-Encoding"
header append vary "User-Agent"
header append Cache-Control "private"
#Header set X-UA-Compatible "IE=edge"
</IfModule>
</FilesMatch>
# ------------------------------------------------------------------------------
# | Redirects |
# ------------------------------------------------------------------------------
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# permanent
# RedirectPermanent /old-page.php http://www.mysite.com/new-page.php
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# temporary
# RedirectTemp /old-page.php http://www.mysite.com/new-page.php
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# other examples
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#
# URL with querystring to new one keeping the querystring (301 = permanent)
# RewriteCond %{QUERY_STRING} id=(\w+)
# RewriteRule ^old_path/index\.php http://www.new_site.com/new_path/index.php?id=%1 [L,R=301]
# URL to a hash fragment /some-path/whatever/ => /some-path/#whatever
# RewriteRule ^/some-path/(.*)/?$ /some-path/#$1 [R=301,L,NE]
# Rewrite short URL noooo to a file
# RewriteRule ^noooo$ /images/nooo.gif [L]