Created
August 28, 2013 14:48
-
-
Save CEscorcio/6366843 to your computer and use it in GitHub Desktop.
.htaccess wordpress from boilarplate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Apache Server Configs v2.2.0 | MIT License | |
# https://github.com/h5bp/server-configs-apache | |
# (!) Using `.htaccess` files slows down Apache, therefore, if you have access | |
# to the main server config file (usually called `httpd.conf`), you should add | |
# this logic there: http://httpd.apache.org/docs/current/howto/htaccess.html. | |
# ------------------------------------------------------------------------------ | |
# | CORS-enabled images | | |
# ------------------------------------------------------------------------------ | |
# Send the CORS header for images when browsers request it. | |
# https://developer.mozilla.org/en-US/docs/HTML/CORS_Enabled_Image | |
# http://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html | |
# http://hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/ | |
<IfModule mod_setenvif.c> | |
<IfModule mod_headers.c> | |
<FilesMatch "\.(cur|gif|ico|jpe?g|png|svgz?|webp)$"> | |
SetEnvIf Origin ":" IS_CORS | |
Header set Access-Control-Allow-Origin "*" env=IS_CORS | |
</FilesMatch> | |
</IfModule> | |
</IfModule> | |
# ------------------------------------------------------------------------------ | |
# | Web fonts access | | |
# ------------------------------------------------------------------------------ | |
# Allow access to web fonts from all domains. | |
<IfModule mod_headers.c> | |
<FilesMatch "\.(eot|otf|tt[cf]|woff)$"> | |
Header set Access-Control-Allow-Origin "*" | |
</FilesMatch> | |
</IfModule> | |
Options -MultiViews | |
# ------------------------------------------------------------------------------ | |
# | Custom error messages / pages | | |
# ------------------------------------------------------------------------------ | |
# Customize what Apache returns to the client in case of an error. | |
# http://httpd.apache.org/docs/current/mod/core.html#errordocument | |
ErrorDocument 404 /404.html | |
# ############################################################################## | |
# # INTERNET EXPLORER # | |
# ############################################################################## | |
# ------------------------------------------------------------------------------ | |
# | Better website experience | | |
# ------------------------------------------------------------------------------ | |
# Force Internet Explorer to render pages in the highest available mode | |
# in the various cases when it may not. | |
# http://hsivonen.iki.fi/doctype/ie-mode.pdf | |
<IfModule mod_headers.c> | |
Header set X-UA-Compatible "IE=edge" | |
# `mod_headers` cannot match based on the content-type, however, this | |
# header should be send only for HTML pages and not for the other resources | |
<FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$"> | |
Header unset X-UA-Compatible | |
</FilesMatch> | |
</IfModule> | |
# ############################################################################## | |
# # MIME TYPES AND ENCODING # | |
# ############################################################################## | |
# ------------------------------------------------------------------------------ | |
# | Proper MIME types for all files | | |
# ------------------------------------------------------------------------------ | |
<IfModule mod_mime.c> | |
# Audio | |
AddType audio/mp4 m4a f4a f4b | |
AddType audio/ogg oga ogg opus | |
# Data interchange | |
AddType application/json json map | |
AddType application/ld+json jsonld | |
# JavaScript | |
# Normalize to standard type. | |
# http://tools.ietf.org/html/rfc4329#section-7.2 | |
AddType application/javascript js | |
# Video | |
AddType video/mp4 f4v f4p m4v mp4 | |
AddType video/ogg ogv | |
AddType video/webm webm | |
AddType video/x-flv flv | |
# Web fonts | |
AddType application/font-woff woff | |
AddType application/vnd.ms-fontobject eot | |
# Browsers usually ignore the font MIME types and simply sniff the bytes | |
# to figure out the font type. | |
# http://mimesniff.spec.whatwg.org/#matching-a-font-type-pattern | |
# Chrome however, shows a warning if any other MIME types are used for | |
# the following fonts. | |
AddType application/x-font-ttf ttc ttf | |
AddType font/opentype otf | |
# Make SVGZ fonts work on the iPad. | |
# https://twitter.com/FontSquirrel/status/14855840545 | |
AddType image/svg+xml svgz | |
AddEncoding gzip svgz | |
# Other | |
AddType application/octet-stream safariextz | |
AddType application/x-chrome-extension crx | |
AddType application/x-opera-extension oex | |
AddType application/x-web-app-manifest+json webapp | |
AddType application/x-xpinstall xpi | |
AddType application/xml atom rdf rss xml | |
AddType image/webp webp | |
AddType image/x-icon cur | |
AddType text/cache-manifest appcache manifest | |
AddType text/vtt vtt | |
AddType text/x-component htc | |
AddType text/x-vcard vcf | |
</IfModule> | |
# ------------------------------------------------------------------------------ | |
# | UTF-8 encoding | | |
# ------------------------------------------------------------------------------ | |
# Use UTF-8 encoding for anything served as `text/html` or `text/plain`. | |
AddDefaultCharset utf-8 | |
# Force UTF-8 for certain file formats. | |
<IfModule mod_mime.c> | |
AddCharset utf-8 .atom .css .js .json .jsonld .rss .vtt .webapp .xml | |
</IfModule> | |
# ############################################################################## | |
# # URL REWRITES # | |
# ############################################################################## | |
# ------------------------------------------------------------------------------ | |
# | Rewrite engine | | |
# ------------------------------------------------------------------------------ | |
# Turn on the rewrite engine and enable the `FollowSymLinks` option (this is | |
# necessary in order for the following directives to work). | |
# If your web host doesn't allow the `FollowSymlinks` option, you may need to | |
# comment it out and use `Options +SymLinksIfOwnerMatch`, but be aware of the | |
# performance impact. | |
# http://httpd.apache.org/docs/current/misc/perf-tuning.html#symlinks | |
# Also, some cloud hosting services require `RewriteBase` to be set. | |
# http://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-mod-rewrite-not-working-on-my-site | |
<IfModule mod_rewrite.c> | |
Options +FollowSymlinks | |
# Options +SymLinksIfOwnerMatch | |
RewriteEngine On | |
# RewriteBase / | |
</IfModule> | |
# ------------------------------------------------------------------------------ | |
# | Suppressing / Forcing the `www.` at the beginning of URLs | | |
# ------------------------------------------------------------------------------ | |
# The same content should never be available under two different URLs, | |
# especially not with and without `www.` at the beginning. This can cause | |
# SEO problems (duplicate content), and therefore, you should choose one | |
# of the alternatives and redirect the other one. | |
# By default `Option 1` (no `www.`) is activated. | |
# http://no-www.org/faq.php?q=class_b | |
# If you would prefer to use `Option 2`, just comment out all the lines | |
# from `Option 1` and uncomment the ones from `Option 2`. | |
# IMPORTANT: NEVER USE BOTH RULES AT THE SAME TIME! | |
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
# Option 1: rewrite www.example.com → example.com | |
<IfModule mod_rewrite.c> | |
RewriteCond %{HTTPS} !=on | |
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] | |
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L] | |
</IfModule> | |
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
# Option 2: rewrite example.com → www.example.com | |
# Be aware that the following might not be a good idea if you use "real" | |
# subdomains for certain parts of your website. | |
# <IfModule mod_rewrite.c> | |
# RewriteCond %{HTTPS} !=on | |
# RewriteCond %{HTTP_HOST} !^www\. [NC] | |
# RewriteCond %{SERVER_ADDR} !=127.0.0.1 | |
# RewriteCond %{SERVER_ADDR} !=::1 | |
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | |
# </IfModule> | |
# ############################################################################## | |
# # SECURITY # | |
# ############################################################################## | |
# ------------------------------------------------------------------------------ | |
# | File access | | |
# ------------------------------------------------------------------------------ | |
# Block access to directories without a default document. | |
# You should leave the following uncommented, as you shouldn't allow anyone to | |
# surf through every directory on your server (which may includes rather private | |
# places such as the CMS's directories). | |
<IfModule mod_autoindex.c> | |
Options -Indexes | |
</IfModule> | |
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
# Block access to hidden files and directories. | |
# This includes directories used by version control systems such as Git and SVN. | |
<IfModule mod_rewrite.c> | |
RewriteCond %{SCRIPT_FILENAME} -d [OR] | |
RewriteCond %{SCRIPT_FILENAME} -f | |
RewriteRule "(^|/)\." - [F] | |
</IfModule> | |
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
# Block access to files that can expose sensitive information. | |
# By default, block access to backup and source files that may be left by some | |
# text editors and can pose a security risk when anyone has access to them. | |
# http://feross.org/cmsploit/ | |
# IMPORTANT: Update the `<FilesMatch>` regular expression from below to include | |
# any files that might end up on your production server and can expose sensitive | |
# information about your website. These files may include: configuration files, | |
# files that contain metadata about the project (e.g.: project dependencies), | |
# build scripts, etc.. | |
<FilesMatch "(^#.*#|\.(bak|config|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$"> | |
# Apache < 2.3 | |
<IfModule !mod_authz_core.c> | |
Order allow,deny | |
Deny from all | |
Satisfy All | |
</IfModule> | |
# Apache ≥ 2.3 | |
<IfModule mod_authz_core.c> | |
Require all denied | |
</IfModule> | |
</FilesMatch> | |
# ------------------------------------------------------------------------------ | |
# | Server software information | | |
# ------------------------------------------------------------------------------ | |
# Avoid displaying the exact Apache version number, the description of the | |
# generic OS-type and the information about Apache's compiled-in modules. | |
# ADD THIS DIRECTIVE IN THE `httpd.conf` AS IT WILL NOT WORK IN THE `.htaccess`! | |
# ServerTokens Prod | |
# ############################################################################## | |
# # WEB PERFORMANCE # | |
# ############################################################################## | |
# ------------------------------------------------------------------------------ | |
# | Compression | | |
# ------------------------------------------------------------------------------ | |
<IfModule mod_deflate.c> | |
# Force compression for mangled headers. | |
# http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping | |
<IfModule mod_setenvif.c> | |
<IfModule mod_headers.c> | |
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding | |
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding | |
</IfModule> | |
</IfModule> | |
# Compress all output labeled with one of the following MIME-types | |
# (for Apache versions below 2.3.7, you don't need to enable `mod_filter` | |
# and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines | |
# as `AddOutputFilterByType` is still in the core directives). | |
<IfModule mod_filter.c> | |
AddOutputFilterByType DEFLATE application/atom+xml \ | |
application/javascript \ | |
application/json \ | |
application/ld+json \ | |
application/rss+xml \ | |
application/vnd.ms-fontobject \ | |
application/x-font-ttf \ | |
application/x-web-app-manifest+json \ | |
application/xhtml+xml \ | |
application/xml \ | |
font/opentype \ | |
image/svg+xml \ | |
image/x-icon \ | |
text/css \ | |
text/html \ | |
text/plain \ | |
text/x-component \ | |
text/xml | |
</IfModule> | |
</IfModule> | |
# ------------------------------------------------------------------------------ | |
# | Content transformations | | |
# ------------------------------------------------------------------------------ | |
# Prevent mobile network providers from modifying the website's content. | |
# http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.5. | |
# <IfModule mod_headers.c> | |
# Header set Cache-Control "no-transform" | |
# </IfModule> | |
# ------------------------------------------------------------------------------ | |
# | ETags | | |
# ------------------------------------------------------------------------------ | |
# Remove `ETags` as resources are sent with far-future expires headers. | |
# http://developer.yahoo.com/performance/rules.html#etags. | |
# `FileETag None` doesn't work in all cases. | |
<IfModule mod_headers.c> | |
Header unset ETag | |
</IfModule> | |
FileETag None | |
# ------------------------------------------------------------------------------ | |
# | Expires headers | | |
# ------------------------------------------------------------------------------ | |
# The following expires headers are set pretty far in the future. If you | |
# don't control versioning with filename-based cache busting, consider | |
# lowering the cache time for resources such as style sheets and JavaScript | |
# files to something like one week. | |
<IfModule mod_expires.c> | |
ExpiresActive on | |
ExpiresDefault "access plus 1 month" | |
# CSS | |
ExpiresByType text/css "access plus 1 year" | |
# Data interchange | |
ExpiresByType application/json "access plus 0 seconds" | |
ExpiresByType application/ld+json "access plus 0 seconds" | |
ExpiresByType application/xml "access plus 0 seconds" | |
ExpiresByType text/xml "access plus 0 seconds" | |
# Favicon (cannot be renamed!) and cursor images | |
ExpiresByType image/x-icon "access plus 1 week" | |
# HTML components (HTCs) | |
ExpiresByType text/x-component "access plus 1 month" | |
# HTML | |
ExpiresByType text/html "access plus 0 seconds" | |
# JavaScript | |
ExpiresByType application/javascript "access plus 1 year" | |
# Manifest files | |
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" | |
ExpiresByType text/cache-manifest "access plus 0 seconds" | |
# Media | |
ExpiresByType audio/ogg "access plus 1 month" | |
ExpiresByType image/gif "access plus 1 month" | |
ExpiresByType image/jpeg "access plus 1 month" | |
ExpiresByType image/png "access plus 1 month" | |
ExpiresByType video/mp4 "access plus 1 month" | |
ExpiresByType video/ogg "access plus 1 month" | |
ExpiresByType video/webm "access plus 1 month" | |
# Web feeds | |
ExpiresByType application/atom+xml "access plus 1 hour" | |
ExpiresByType application/rss+xml "access plus 1 hour" | |
# Web fonts | |
ExpiresByType application/font-woff "access plus 1 month" | |
ExpiresByType application/vnd.ms-fontobject "access plus 1 month" | |
ExpiresByType application/x-font-ttf "access plus 1 month" | |
ExpiresByType font/opentype "access plus 1 month" | |
ExpiresByType image/svg+xml "access plus 1 month" | |
</IfModule> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment