Last active
December 3, 2019 01:30
-
-
Save Tantumonium/6875dc12c164408b61b8f5927518edde to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ###################################################################### | |
| # # WordPress # | |
| # ###################################################################### | |
| # BEGIN WordPress | |
| # The directives (lines) between `BEGIN WordPress` and `END WordPress` are | |
| # dynamically generated, and should only be modified via WordPress filters. | |
| # Any changes to the directives between these markers will be overwritten. | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteRule ^index\.php$ - [L] | |
| RewriteCond %{REQUEST_FILENAME} !-f | |
| RewriteCond %{REQUEST_FILENAME} !-d | |
| RewriteRule . /index.php [L] | |
| </IfModule> | |
| # END WordPress | |
| # ###################################################################### | |
| # # CROSS-ORIGIN # | |
| # ###################################################################### | |
| # ---------------------------------------------------------------------- | |
| # | Cross-origin requests | | |
| # ---------------------------------------------------------------------- | |
| # Allow cross-origin requests. | |
| # | |
| # https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS | |
| # http://enable-cors.org/ | |
| # http://www.w3.org/TR/cors/ | |
| # <IfModule mod_headers.c> | |
| # Header set Access-Control-Allow-Origin "*" | |
| # </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Cross-origin images | | |
| # ---------------------------------------------------------------------- | |
| # Send the CORS header for images when browsers request it. | |
| <IfModule mod_setenvif.c> | |
| <IfModule mod_headers.c> | |
| <FilesMatch "\.(bmp|cur|gif|ico|jpe?g|png|svgz?|webp)$"> | |
| SetEnvIf Origin ":" IS_CORS | |
| Header set Access-Control-Allow-Origin "*" env=IS_CORS | |
| </FilesMatch> | |
| </IfModule> | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Cross-origin web fonts | | |
| # ---------------------------------------------------------------------- | |
| # Allow cross-origin access to web fonts. | |
| # <IfModule mod_headers.c> | |
| # <FilesMatch "\.(eot|otf|tt[cf]|woff2?)$"> | |
| # Header set Access-Control-Allow-Origin "*" | |
| # </FilesMatch> | |
| # </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Cross-origin resource timing | | |
| # ---------------------------------------------------------------------- | |
| # Allow cross-origin access to the timing information for all resources. | |
| # <IfModule mod_headers.c> | |
| # Header set Timing-Allow-Origin: "*" | |
| # </IfModule> | |
| # ###################################################################### | |
| # # ERRORS # | |
| # ###################################################################### | |
| # ---------------------------------------------------------------------- | |
| # | Custom error messages/pages | | |
| # ---------------------------------------------------------------------- | |
| # Customize what Apache returns to the client in case of an error. | |
| # ErrorDocument 404 /404.html | |
| # ---------------------------------------------------------------------- | |
| # | Error prevention | | |
| # ---------------------------------------------------------------------- | |
| # Disable the pattern matching based on filenames. | |
| Options -MultiViews | |
| # ###################################################################### | |
| # # MEDIA TYPES AND CHARACTER ENCODINGS # | |
| # ###################################################################### | |
| # ---------------------------------------------------------------------- | |
| # | Media types | | |
| # ---------------------------------------------------------------------- | |
| # Serve resources with the proper media types (f.k.a. MIME types). | |
| <IfModule mod_mime.c> | |
| AddType text/css css | |
| AddType application/atom+xml atom | |
| AddType application/json json map topojson | |
| AddType application/ld+json jsonld | |
| AddType application/rss+xml rss | |
| AddType application/vnd.geo+json geojson | |
| AddType application/xml rdf xml | |
| AddType application/javascript js | |
| AddType application/manifest+json webmanifest | |
| AddType application/x-web-app-manifest+json webapp | |
| AddType text/cache-manifest appcache | |
| AddType audio/mp4 f4a f4b m4a | |
| AddType audio/ogg oga ogg opus | |
| AddType image/bmp bmp | |
| AddType image/svg+xml svg svgz | |
| AddType image/webp webp | |
| AddType video/mp4 f4v f4p m4v mp4 | |
| AddType video/ogg ogv | |
| AddType video/webm webm | |
| AddType video/x-flv flv | |
| AddType image/x-icon cur ico | |
| AddType application/font-woff woff | |
| AddType application/font-woff2 woff2 | |
| AddType application/vnd.ms-fontobject eot | |
| AddType application/x-font-ttf ttc ttf | |
| AddType font/opentype otf | |
| AddType application/octet-stream safariextz | |
| AddType application/x-bb-appworld bbaw | |
| AddType application/x-chrome-extension crx | |
| AddType application/x-opera-extension oex | |
| AddType application/x-xpinstall xpi | |
| AddType text/vcard vcard vcf | |
| AddType text/vnd.rim.location.xloc xloc | |
| AddType text/vtt vtt | |
| AddType text/x-component htc | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Character encodings | | |
| # ---------------------------------------------------------------------- | |
| # Serve the following file types as 'utf-8'. | |
| AddDefaultCharset utf-8 | |
| <IfModule mod_mime.c> | |
| AddCharset utf-8 .atom \ | |
| .bbaw \ | |
| .css \ | |
| .geojson \ | |
| .js \ | |
| .json \ | |
| .jsonld \ | |
| .manifest \ | |
| .rdf \ | |
| .rss \ | |
| .topojson \ | |
| .vtt \ | |
| .webapp \ | |
| .webmanifest \ | |
| .xloc \ | |
| .xml | |
| </IfModule> | |
| # ###################################################################### | |
| # # REWRITES # | |
| # ###################################################################### | |
| # ---------------------------------------------------------------------- | |
| # | Rewrite engine | | |
| # ---------------------------------------------------------------------- | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| # Set %{ENV:PROTO} variable. | |
| RewriteCond %{HTTPS} =on | |
| RewriteRule ^ - [env=proto:https] | |
| RewriteCond %{HTTPS} !=on | |
| RewriteRule ^ - [env=proto:http] | |
| # Enable the `FollowSymLinks` option if it isn't already. | |
| Options +FollowSymlinks | |
| # If your site is running in a VirtualDocumentRoot at http://example.com/. | |
| # RewriteBase / | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Forcing `http://` or `https://` | | |
| # ---------------------------------------------------------------------- | |
| # (!) NEVER USE BOTH RULES AT THE SAME TIME! | |
| # Redirect from the `http://` to the `https://` version of the URL. | |
| # <IfModule mod_rewrite.c> | |
| # RewriteEngine On | |
| # RewriteCond %{HTTPS} off | |
| # RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] | |
| # </IfModule> | |
| # Redirect from the `https://` to the `http://` version of the URL. | |
| # <IfModule mod_rewrite.c> | |
| # RewriteEngine On | |
| # RewriteCond %{HTTPS} on | |
| # RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L] | |
| # </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Suppressing / Forcing the `www.` at the beginning of URLs | | |
| # ---------------------------------------------------------------------- | |
| # (!) NEVER USE BOTH RULES AT THE SAME TIME! | |
| # Option 1: rewrite www.example.com → example.com | |
| # <IfModule mod_rewrite.c> | |
| # RewriteEngine On | |
| # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] | |
| # RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L] | |
| # </IfModule> | |
| # Option 2: rewrite example.com → www.example.com | |
| # <IfModule mod_rewrite.c> | |
| # RewriteEngine On | |
| # RewriteCond %{HTTP_HOST} !^www\. [NC] | |
| # RewriteCond %{SERVER_ADDR} !=127.0.0.1 | |
| # RewriteCond %{SERVER_ADDR} !=::1 | |
| # RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | |
| # </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Authorization HTTP header | | |
| # ---------------------------------------------------------------------- | |
| # Make sure Authorization HTTP header is available to PHP. | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{HTTP:Authorization} . | |
| RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | CUSTOM REWRITES. | | |
| # ---------------------------------------------------------------------- | |
| <IfModule mod_rewrite.c> | |
| # Redirect Trailing Slashes If Not A Folder... | |
| RewriteCond %{REQUEST_FILENAME} !-d | |
| RewriteRule ^(.*)/$ /$1 [L,R=301] | |
| # Route everything to index.php | |
| RewriteCond %{REQUEST_FILENAME} !-d | |
| RewriteCond %{REQUEST_FILENAME} !-f | |
| RewriteCond %{REQUEST_URI} !=/favicon.ico | |
| RewriteRule ^ index.php [L] | |
| </IfModule> | |
| # ###################################################################### | |
| # # SECURITY # | |
| # ###################################################################### | |
| # ---------------------------------------------------------------------- | |
| # | File access | | |
| # ---------------------------------------------------------------------- | |
| # Block access to directories without a default document. | |
| <IfModule mod_autoindex.c> | |
| Options -Indexes | |
| </IfModule> | |
| # Block access to all hidden files and directories with the exception of | |
| # the visible content from within the `/.well-known/` hidden directory. | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteCond %{REQUEST_URI} "!(^|/)\.well-known/([^./]+./?)+$" [NC] | |
| RewriteCond %{SCRIPT_FILENAME} -d [OR] | |
| RewriteCond %{SCRIPT_FILENAME} -f | |
| RewriteRule "(^|/)\." - [F] | |
| </IfModule> | |
| # Block access to files that can expose sensitive information. | |
| <FilesMatch "(^#.*#|\.(bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$"> | |
| # Apache < 2.3 | |
| <IfModule !mod_authz_core.c> | |
| Order allow,deny | |
| Deny from all | |
| Satisfy All | |
| </IfModule> | |
| # Apache ≥ 2.3 | |
| <IfModule mod_authz_core.c> | |
| Require all denied | |
| </IfModule> | |
| </FilesMatch> | |
| # ---------------------------------------------------------------------- | |
| # | Reducing MIME type security risks | | |
| # ---------------------------------------------------------------------- | |
| # Prevent some browsers from MIME-sniffing the response. | |
| <IfModule mod_headers.c> | |
| Header set X-Content-Type-Options "nosniff" | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Server-side technology information | | |
| # ---------------------------------------------------------------------- | |
| # Remove the `X-Powered-By` response header. | |
| <IfModule mod_headers.c> | |
| Header unset X-Powered-By | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Server software information | | |
| # ---------------------------------------------------------------------- | |
| # Prevent Apache from adding a trailing footer line containing | |
| # information about the server to the server-generated documents | |
| # (e.g.: error messages, directory listings, etc.). | |
| ServerSignature Off | |
| # ###################################################################### | |
| # # WEB PERFORMANCE # | |
| # ###################################################################### | |
| # ---------------------------------------------------------------------- | |
| # | Compression | | |
| # ---------------------------------------------------------------------- | |
| <IfModule mod_deflate.c> | |
| # Force compression for mangled `Accept-Encoding` request headers | |
| <IfModule mod_setenvif.c> | |
| <IfModule mod_headers.c> | |
| SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding | |
| RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding | |
| </IfModule> | |
| </IfModule> | |
| # Compress all output labeled with one of the following media types. | |
| AddOutputFilterByType DEFLATE "application/atom+xml" \ | |
| "application/javascript" \ | |
| "application/json" \ | |
| "application/ld+json" \ | |
| "application/manifest+json" \ | |
| "application/rdf+xml" \ | |
| "application/rss+xml" \ | |
| "application/schema+json" \ | |
| "application/vnd.geo+json" \ | |
| "application/vnd.ms-fontobject" \ | |
| "application/x-font" \ | |
| "application/x-font-opentype" \ | |
| "application/x-font-otf" \ | |
| "application/x-font-truetype" \ | |
| "application/x-font-ttf" \ | |
| "application/x-javascript" \ | |
| "application/x-web-app-manifest+json" \ | |
| "application/xhtml+xml" \ | |
| "application/xml" \ | |
| "font/eot" \ | |
| "font/opentype" \ | |
| "font/truetype" \ | |
| "font/ttf" \ | |
| "image/bmp" \ | |
| "image/svg+xml" \ | |
| "image/vnd.microsoft.icon" \ | |
| "image/x-icon" \ | |
| "text/cache-manifest" \ | |
| "text/css" \ | |
| "text/html" \ | |
| "text/javascript" \ | |
| "text/plain" \ | |
| "text/vcard" \ | |
| "text/vnd.rim.location.xloc" \ | |
| "text/vtt" \ | |
| "text/x-component" \ | |
| "text/x-cross-domain-policy" \ | |
| "text/xml" | |
| # Remove browser bugs (only needed for really old browsers) | |
| BrowserMatch ^Mozilla/4 gzip-only-text/html | |
| BrowserMatch ^Mozilla/4\.0[678] no-gzip | |
| BrowserMatch \bMSIE !no-gzip !gzip-only-text/html | |
| Header append Vary User-Agent | |
| # Map the following filename extensions to the specified | |
| # encoding type in order to make Apache serve the file types | |
| # with the appropriate `Content-Encoding` response header. | |
| <IfModule mod_mime.c> | |
| AddType image/svg+xml svg svgz | |
| AddEncoding gzip svgz | |
| </IfModule> | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Content transformation | | |
| # ---------------------------------------------------------------------- | |
| # Prevent intermediate caches or proxies (e.g.: such as the ones | |
| # used by mobile network providers) from modifying the website's | |
| # content. | |
| # <IfModule mod_headers.c> | |
| # Header merge Cache-Control "no-transform" | |
| # </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | ETags | | |
| # ---------------------------------------------------------------------- | |
| # Remove `ETags` as resources are sent with far-future expires headers. | |
| <IfModule mod_headers.c> | |
| Header unset ETag | |
| </IfModule> | |
| FileETag None | |
| # ---------------------------------------------------------------------- | |
| # | Expires headers | | |
| # ---------------------------------------------------------------------- | |
| <IfModule mod_expires.c> | |
| ExpiresActive on | |
| ExpiresDefault "access plus 1 month" | |
| ExpiresByType text/html "access plus 0 seconds" | |
| ExpiresByType application/json "access plus 0 seconds" | |
| ExpiresByType application/ld+json "access plus 0 seconds" | |
| ExpiresByType application/schema+json "access plus 0 seconds" | |
| ExpiresByType application/vnd.geo+json "access plus 0 seconds" | |
| ExpiresByType application/xml "access plus 0 seconds" | |
| ExpiresByType text/xml "access plus 0 seconds" | |
| ExpiresByType text/css "access plus 1 year" | |
| ExpiresByType application/javascript "access plus 1 year" | |
| ExpiresByType application/x-javascript "access plus 1 year" | |
| ExpiresByType text/javascript "access plus 1 year" | |
| ExpiresByType application/manifest+json "access plus 1 week" | |
| ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" | |
| ExpiresByType text/cache-manifest "access plus 0 seconds" | |
| ExpiresByType application/atom+xml "access plus 1 hour" | |
| ExpiresByType application/rdf+xml "access plus 1 hour" | |
| ExpiresByType application/rss+xml "access plus 1 hour" | |
| ExpiresByType image/vnd.microsoft.icon "access plus 1 week" | |
| ExpiresByType image/x-icon "access plus 1 week" | |
| ExpiresByType audio/ogg "access plus 1 month" | |
| ExpiresByType image/bmp "access plus 1 month" | |
| ExpiresByType image/gif "access plus 1 month" | |
| ExpiresByType image/jpeg "access plus 1 month" | |
| ExpiresByType image/png "access plus 1 month" | |
| ExpiresByType image/svg+xml "access plus 1 month" | |
| ExpiresByType image/webp "access plus 1 month" | |
| ExpiresByType video/mp4 "access plus 1 month" | |
| ExpiresByType video/ogg "access plus 1 month" | |
| ExpiresByType video/webm "access plus 1 month" | |
| ExpiresByType application/vnd.ms-fontobject "access plus 1 month" | |
| ExpiresByType font/eot "access plus 1 month" | |
| ExpiresByType font/opentype "access plus 1 month" | |
| ExpiresByType application/x-font-ttf "access plus 1 month" | |
| ExpiresByType application/font-woff "access plus 1 month" | |
| ExpiresByType application/x-font-woff "access plus 1 month" | |
| ExpiresByType font/woff "access plus 1 month" | |
| ExpiresByType application/font-woff2 "access plus 1 month" | |
| ExpiresByType text/x-cross-domain-policy "access plus 1 week" | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment