github.com/krum110487/go-htaccess@v0.0.0-20240316004156-60641c8e7598/tests/data/htaccessFiles/.htaccess9 (about) 1 # ---------------------------------------------------------------------- 2 # .htaccess 3 # 4 # In Apache HTTP servers, .htaccess (access) is the 5 # configuration file that allows for web server configuration. 6 # 7 # This document includes a number of best practice server rules for 8 # making web pages fast and secure. Adapted from HTML5 Boilerplate. 9 # http://html5boilerplate.com/ 10 # ---------------------------------------------------------------------- 11 12 13 # ---------------------------------------------------------------------- 14 # CORS-enabled images (@crossorigin) 15 # ---------------------------------------------------------------------- 16 17 # Send CORS headers if browsers request them; enabled by default for images. 18 # developer.mozilla.org/en/CORS_Enabled_Image 19 # blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html 20 # hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/ 21 # wiki.mozilla.org/Security/Reviews/crossoriginAttribute 22 23 <IfModule mod_setenvif.c> 24 <IfModule mod_headers.c> 25 # mod_headers, y u no match by Content-Type?! 26 <FilesMatch "\.(gif|ico|jpe?g|png|svg|svgz|webp)$"> 27 SetEnvIf Origin ":" IS_CORS 28 Header set Access-Control-Allow-Origin "*" env=IS_CORS 29 </FilesMatch> 30 </IfModule> 31 </IfModule> 32 33 34 35 36 37 # ---------------------------------------------------------------------- 38 # Webfont access 39 # ---------------------------------------------------------------------- 40 41 # Allow access from all domains for webfonts. 42 # Alternatively you could only whitelist your 43 # subdomains like "subdomain.example.com". 44 45 <IfModule mod_headers.c> 46 <FilesMatch "\.(eot|font.css|otf|ttc|ttf|woff)$"> 47 Header set Access-Control-Allow-Origin "*" 48 </FilesMatch> 49 </IfModule> 50 51 52 53 54 55 # ---------------------------------------------------------------------- 56 # Proper MIME type for all files 57 # ---------------------------------------------------------------------- 58 59 # JavaScript 60 # Normalize to standard type (it's sniffed in IE anyways) 61 # tools.ietf.org/html/rfc4329#section-7.2 62 AddType application/javascript js jsonp 63 AddType application/json json 64 65 # Audio 66 AddType audio/mp4 m4a f4a f4b 67 AddType audio/ogg oga ogg 68 69 # Video 70 AddType video/mp4 mp4 m4v f4v f4p 71 AddType video/ogg ogv 72 AddType video/webm webm 73 AddType video/x-flv flv 74 75 # SVG 76 # Required for svg webfonts on iPad 77 # twitter.com/FontSquirrel/status/14855840545 78 AddType image/svg+xml svg svgz 79 AddEncoding gzip svgz 80 81 # Webfonts 82 AddType application/vnd.ms-fontobject eot 83 AddType application/x-font-ttf ttf ttc 84 AddType application/x-font-woff woff 85 AddType font/opentype otf 86 87 # Assorted types 88 AddType application/octet-stream safariextz 89 AddType application/x-chrome-extension crx 90 AddType application/x-opera-extension oex 91 AddType application/x-shockwave-flash swf 92 AddType application/x-web-app-manifest+json webapp 93 AddType application/x-xpinstall xpi 94 AddType application/xml rss atom xml rdf 95 AddType image/webp webp 96 AddType image/x-icon ico 97 AddType text/cache-manifest appcache manifest 98 AddType text/vtt vtt 99 AddType text/x-component htc 100 AddType text/x-vcard vcf 101 102 103 104 105 106 # ---------------------------------------------------------------------- 107 # Gzip compression 108 # ---------------------------------------------------------------------- 109 110 <IfModule mod_deflate.c> 111 112 # Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/ 113 <IfModule mod_setenvif.c> 114 <IfModule mod_headers.c> 115 SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding 116 RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding 117 </IfModule> 118 </IfModule> 119 120 # Compress all output labeled with one of the following MIME-types 121 # (Apache versions below 2.3.7, you don't need to enable `mod_filter` 122 # and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines as 123 # `AddOutputFilterByType` is still in the core directives) 124 <IfModule mod_filter.c> 125 AddOutputFilterByType DEFLATE application/atom+xml \ 126 application/javascript \ 127 application/json \ 128 application/rss+xml \ 129 application/vnd.ms-fontobject \ 130 application/x-font-ttf \ 131 application/xhtml+xml \ 132 application/xml \ 133 font/opentype \ 134 image/svg+xml \ 135 image/x-icon \ 136 text/css \ 137 text/html \ 138 text/plain \ 139 text/x-component \ 140 text/xml 141 </IfModule> 142 143 </IfModule> 144 145 146 147 148 149 # ---------------------------------------------------------------------- 150 # Expires headers (better cache control) 151 # ---------------------------------------------------------------------- 152 153 # These are pretty far-future expires headers. 154 # They assume you control versioning with filename-based cache busting 155 # Additionally, consider that outdated proxies may miscache 156 # www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/ 157 158 # If you don't use filenames to version, lower the CSS and JS to something like 159 # "access plus 1 week". 160 161 <IfModule mod_expires.c> 162 ExpiresActive on 163 164 # Perhaps better to whitelist expires rules? Perhaps. 165 ExpiresDefault "access plus 1 month" 166 167 # cache.appcache needs re-requests in FF 3.6 (Remy ~Introducing HTML5) 168 ExpiresByType text/cache-manifest "access plus 0 seconds" 169 170 # Your document html 171 ExpiresByType text/html "access plus 0 seconds" 172 173 # Data 174 ExpiresByType application/json "access plus 0 seconds" 175 ExpiresByType application/xml "access plus 0 seconds" 176 ExpiresByType text/xml "access plus 0 seconds" 177 178 # Feed 179 ExpiresByType application/atom+xml "access plus 1 hour" 180 ExpiresByType application/rss+xml "access plus 1 hour" 181 182 # Favicon (be renamed) 183 ExpiresByType image/x-icon "access plus 1 week" 184 185 # Media: images, video, audio 186 ExpiresByType audio/ogg "access plus 1 month" 187 ExpiresByType image/gif "access plus 1 month" 188 ExpiresByType image/jpeg "access plus 1 month" 189 ExpiresByType image/png "access plus 1 month" 190 ExpiresByType video/mp4 "access plus 1 month" 191 ExpiresByType video/ogg "access plus 1 month" 192 ExpiresByType video/webm "access plus 1 month" 193 194 # HTC files (css3pie) 195 ExpiresByType text/x-component "access plus 1 month" 196 197 # Webfonts 198 ExpiresByType application/vnd.ms-fontobject "access plus 1 month" 199 ExpiresByType application/x-font-ttf "access plus 1 month" 200 ExpiresByType application/x-font-woff "access plus 1 month" 201 ExpiresByType font/opentype "access plus 1 month" 202 ExpiresByType image/svg+xml "access plus 1 month" 203 204 # CSS and JavaScript 205 ExpiresByType application/javascript "access plus 1 year" 206 ExpiresByType text/css "access plus 1 year" 207 208 </IfModule> 209 210 # ---------------------------------------------------------------------- 211 # Built-in filename-based cache busting 212 # ---------------------------------------------------------------------- 213 # <IfModule mod_rewrite.c> 214 # RewriteCond %{REQUEST_FILENAME} !-f 215 # RewriteCond %{REQUEST_FILENAME} !-d 216 # RewriteRule ^(.+)\.(\d+)\.(js|css|png|jpg|gif)$ $1.$3 [L] 217 # </IfModule> 218 219 220 221 222 223 # ---------------------------------------------------------------------- 224 # Prevent mobile network providers from modifying your site 225 # ---------------------------------------------------------------------- 226 227 # The following header prevents modification of your code over 3G on some 228 # European providers. 229 # This is the official 'bypass' suggested by O2 in the UK. 230 231 <IfModule mod_headers.c> 232 Header set Cache-Control "no-transform" 233 </IfModule> 234 235 236 237 238 239 # ---------------------------------------------------------------------- 240 # ETag removal 241 # ---------------------------------------------------------------------- 242 243 # FileETag None is not enough for every server. 244 <IfModule mod_headers.c> 245 Header unset ETag 246 </IfModule> 247 248 # Since we're sending far-future expires, we don't need ETags for 249 # static content. 250 # developer.yahoo.com/performance/rules.html#etags 251 FileETag None 252 253 254 255 256 257 # ---------------------------------------------------------------------- 258 # UTF-8 encoding 259 # ---------------------------------------------------------------------- 260 261 # Use UTF-8 encoding for anything served text/plain or text/html 262 AddDefaultCharset utf-8 263 264 # Force UTF-8 for a number of file formats 265 AddCharset utf-8 .atom .css .js .json .rss .vtt .xml 266 267 268 269 270 271 # ---------------------------------------------------------------------- 272 # A little more security 273 # ---------------------------------------------------------------------- 274 275 # "-Indexes" will have Apache block users from browsing folders without a 276 # default document Usually you should leave this activated, because you 277 # shouldn't allow everybody to surf through every folder on your server (which 278 # includes rather private places like CMS system folders). 279 <IfModule mod_autoindex.c> 280 Options -Indexes 281 </IfModule> 282 283 # Block access to "hidden" directories or files whose names begin with a 284 # period. This includes directories used by version control systems such as 285 # Subversion or Git. 286 <IfModule mod_rewrite.c> 287 RewriteCond %{SCRIPT_FILENAME} -d [OR] 288 RewriteCond %{SCRIPT_FILENAME} -f 289 RewriteRule "(^|/)\." - [F] 290 </IfModule> 291 292 # Block access to backup and source files. These files may be left by some 293 # text/html editors and pose a great security danger, when anyone can access 294 # them. 295 <FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$"> 296 Order allow,deny 297 Deny from all 298 Satisfy All 299 </FilesMatch> 300 301 # Increase cookie security 302 <IfModule mod_php5.c> 303 php_value session.cookie_httponly true 304 </IfModule>