htaccess that can protect an environment

.htaccess

# 
#  .htaccess
#  Apache Configuration File
# 
#  This code has been assembed from various places. A LOT of it came from
#  the HTML boilerplate. See their awesome stuff here: http://html5boilerplate.com/
#  
#  Created by Jesse Bunch on 2011-04-15.
#  Copyright 2011 Jesse Bunch (www.GetBunch.com). All rights reserved.
# 


# Force the latest IE version, in various cases when it may fall back to IE7 mode
#  github.com/rails/rails/commit/123eb25#commitcomment-118920
<IfModule mod_setenvif.c>
     <IfModule mod_headers.c>
          BrowserMatch MSIE ie
          Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
     </IfModule>
</IfModule>


# hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
# Disabled. Uncomment to serve cross-domain ajax requests
#<IfModule mod_headers.c>
     #  Header set Access-Control-Allow-Origin "*"
#</IfModule>

# allow access from all domains for webfonts
# alternatively you could only whitelist
#   your subdomains like "sub.domain.com"

<FilesMatch "\.(ttf|otf|eot|woff|font.css)$">
     <IfModule mod_headers.c>
          Header set Access-Control-Allow-Origin "*"
     </IfModule>
</FilesMatch>

# HTC Files (for IE hacks)
AddType text/x-component .htc

# video
AddType video/ogg  ogg ogv
AddType video/mp4  mp4
AddType video/webm webm

# Proper svg serving. Required for svg webfonts on iPad
#   twitter.com/FontSquirrel/status/14855840545
AddType image/svg+xml                 svg svgz

# webfonts
AddType application/vnd.ms-fontobject eot
AddType font/ttf                      ttf
AddType font/otf                      otf
AddType font/x-woff                   woff

AddType text/cache-manifest           manifest

# gzip compression.
<IfModule mod_deflate.c>
     # html, xml, css, and js:
     AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript text/javascript application/javascript application/json text/js

     # webfonts and svg:
     <FilesMatch "\.(ttf|otf|eot|svg)$" >
          SetOutputFilter DEFLATE
     </FilesMatch>
</IfModule>

# Far-Future Expires Headers
# Uncomment when you go-live
# <IfModule mod_expires.c>
#      Header set cache-control: public
#      ExpiresActive on
# 
#      # Perhaps better to whitelist expires rules? Perhaps.
#      ExpiresDefault                          "access plus 1 month"
# 
#      # cache.manifest needs re-reqeusts in FF 3.6 (thx Remy ~Introducing HTML5)
#      ExpiresByType text/cache-manifest       "access plus 0 seconds"
# 
#      # your document html
#      ExpiresByType text/html                  "access"
# 
#      # rss feed
#      ExpiresByType application/rss+xml       "access plus 1 hour"
# 
#      # favicon (cannot be renamed)
#      ExpiresByType image/vnd.microsoft.icon  "access plus 1 week"
# 
#      # media: images, video, audio
#      ExpiresByType image/png                 "access plus 1 month"
#      ExpiresByType image/jpg                 "access plus 1 month"
#      ExpiresByType image/jpeg                "access plus 1 month"
#      ExpiresByType video/ogg                 "access plus 1 month"
#      ExpiresByType audio/ogg                 "access plus 1 month"
#      ExpiresByType video/mp4                 "access plus 1 month"
# 
#      # webfonts
#      ExpiresByType font/ttf                  "access plus 1 month"
#      ExpiresByType font/woff                 "access plus 1 month"
#      ExpiresByType image/svg+xml             "access plus 1 month"
# 
#      # css and javascript
#      ExpiresByType text/css                  "access plus 1 week"
#      ExpiresByType application/javascript    "access plus 1 week"
#      ExpiresByType text/javascript           "access plus 1 week"
# </IfModule>

# Since we're sending far-future expires, we don't need ETags for
# static content.
#   developer.yahoo.com/performance/rules.html#etags
FileETag None

RewriteEngine On
RewriteBase /

# Vanity URLs (use these instead of Redirect 301)
# See this thread: http://stackoverflow.com/questions/5517420/apache-added-a-in-htaccess-301-redirect
# RewriteRule ^expandyourtaste[\/]?$ http://domain.com/mobile/expandyourtaste/ [R=301,L,NC]

# Whitelist allowed IPs into the staging environment
# Keeps search engines away
RewriteCond %{REMOTE_ADDR} !^10\.1\.10\.[0-9]*$
RewriteCond %{REMOTE_ADDR} !^22\.33\.44\.55$
RewriteCond %{HTTP_HOST} ^staging.domain.com
RewriteRule ^(.*)$ http://domain.com/$1 [R=301,L]

# remove the www
# RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC]
# RewriteRule ^(.*)$ http://domain.com/$1 [R=301,L]

# add the www
# RewriteCond %{HTTP_HOST} ^domain.com$ [NC]
# RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

# Add a trailing slash to paths without an extension
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$
RewriteRule ^(.*)$ $1/ [L,R=301]

# Enable SEO Friendly URLs in EE or CodeIgniter
RewriteCond %{QUERY_STRING} !^(ACT=.*)$ [NC]
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5})$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} ^/(ee|template|groups|here|site|P[0-9]{2,8}) [NC]
RewriteRule ^(.*)$ /index.php/$1 [L]

# -Indexes will have Apache block users from browsing folders without a default document
Options -Indexes

# custom 404 page
ErrorDocument 404 /misc/404/

# use utf-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8

# force utf-8 for a number of file formats
AddCharset utf-8 .html .css .js .xml .json .rss

# Slip PHP some crack...
php_value upload_max_filesize 100M
php_value post_max_size 200M
php_value memory_limit 256M