Created
January 3, 2015 13:01
-
-
Save coolbung/47e439599e259cc2088d to your computer and use it in GitHub Desktop.
Starter htaccess for caching and security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### =========================================================================== | |
### Security Enhanced & Highly Optimized .htaccess File for Joomla! | |
### automatically generated by Admin Tools 3.1.1 on 2014-10-17 14:40:12 GMT | |
### Auto-detected Apache version: 2.5 (best guess) | |
### =========================================================================== | |
### | |
### The contents of this file are based on the same author's work "Master | |
### .htaccess", published on http://snipt.net/nikosdion/the-master-htaccess | |
### | |
### Admin Tools is Free Software, distributed under the terms of the GNU | |
### General Public License version 3 or, at your option, any later version | |
### published by the Free Software Foundation. | |
### | |
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |
### !! !! | |
### !! If you get an Internal Server Error 500 or a blank page when trying !! | |
### !! to access your site, remove this file and try tweaking its settings !! | |
### !! in the back-end of the Admin Tools component. !! | |
### !! !! | |
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |
### | |
##### RewriteEngine enabled - BEGIN | |
RewriteEngine On | |
##### RewriteEngine enabled - END | |
##### RewriteBase set - BEGIN | |
RewriteBase / | |
##### RewriteBase set - END | |
##### Custom Rules (Top of File) -- BEGIN | |
RewriteCond %{HTTPS} off | |
# First rewrite to HTTPS: | |
# Don't put www. here. If it is already there it will be included, if not | |
# the subsequent rule will catch it. | |
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] | |
<ifmodule mod_deflate.c> | |
AddOutputFilterByType DEFLATE text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript image/svg+xml | |
</ifmodule> | |
##### Custom Rules (Top of File) -- END | |
##### File execution order -- BEGIN | |
DirectoryIndex index.php index.html | |
##### File execution order -- END | |
##### No directory listings -- BEGIN | |
IndexIgnore * | |
Options -Indexes | |
##### No directory listings -- END | |
##### Redirect index.php to / -- BEGIN | |
RewriteCond %{THE_REQUEST} !^POST | |
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/ | |
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$ | |
RewriteRule ^index\.php$ http%2://techjoomla.com/ [R=301,L] | |
##### Redirect index.php to / -- END | |
##### Redirect www to non-www -- BEGIN | |
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] | |
RewriteRule ^(.*)$ http://%1/$1 [R=301,L] | |
##### Redirect www to non-www -- END | |
##### Rewrite rules to block out some common exploits -- BEGIN | |
RewriteCond %{QUERY_STRING} proc/self/environ [OR] | |
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] | |
RewriteCond %{QUERY_STRING} base64_(en|de)code\(.*\) [OR] | |
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] | |
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] | |
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) | |
RewriteRule .* index.php [F] | |
##### Rewrite rules to block out some common exploits -- END | |
##### File injection protection -- BEGIN | |
RewriteCond %{REQUEST_METHOD} GET | |
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR] | |
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR] | |
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC] | |
RewriteRule .* - [F] | |
##### File injection protection -- END | |
##### Advanced server protection rules exceptions -- BEGIN | |
RewriteRule ^administrator\/components\/com_akeeba\/restore\.php$ - [L] | |
RewriteRule ^administrator\/components\/com_admintools\/restore\.php$ - [L] | |
RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$ - [L] | |
RewriteCond %{REQUEST_FILENAME} !(\.php)$ | |
RewriteCond %{REQUEST_FILENAME} -f | |
RewriteRule ^cache\/com_zoo/ - [L] | |
RewriteCond %{REQUEST_FILENAME} !(\.php)$ | |
RewriteCond %{REQUEST_FILENAME} -f | |
RewriteRule ^cache\/jw_sig/ - [L] | |
RewriteRule ^plugins\/system\/bfnetwork/ - [L] | |
##### Advanced server protection rules exceptions -- END | |
##### Advanced server protection -- BEGIN | |
RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC] | |
RewriteRule .* - [F] | |
## Back-end protection | |
RewriteRule ^administrator/?$ - [L] | |
RewriteRule ^administrator/index\.(php|html?)$ - [L] | |
RewriteRule ^administrator/index[23]\.php$ - [L] | |
RewriteRule ^administrator/(components|modules|templates|images|plugins)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|eot)$ - [L] | |
RewriteRule ^administrator/ - [F] | |
## Allow limited access for certain Joomla! system directories with client-accessible content | |
RewriteRule ^(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|eot)$ - [L] | |
RewriteRule ^(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/ - [F] | |
## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above) | |
RewriteRule ^includes/js/ - [L] | |
RewriteRule ^(cache|includes|language|logs|log|tmp)/ - [F] | |
RewriteRule ^(configuration\.php|CONTRIBUTING\.md|htaccess\.txt|joomla\.xml|LICENSE\.txt|phpunit\.xml|README\.txt|web\.config\.txt) - [F] | |
## Disallow access to rogue PHP files throughout the site, unless they are explicitly allowed | |
RewriteCond %{REQUEST_FILENAME} (\.php)$ | |
RewriteCond %{REQUEST_FILENAME} !(/index[23]?\.php)$ | |
RewriteCond %{REQUEST_FILENAME} -f | |
RewriteRule (.*\.php)$ - [F] | |
## Disallow access to htaccess.txt, php.ini and configuration.php-dist | |
RewriteRule ^(htaccess\.txt|configuration\.php-dist|php\.ini)$ - [F] | |
##### Advanced server protection -- END | |
##### Joomla! core SEF Section -- BEGIN | |
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
RewriteCond %{REQUEST_URI} !^/index\.php | |
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|raw|ini|zip|json|file|vcf))$ [NC] | |
RewriteCond %{REQUEST_FILENAME} !-f | |
RewriteCond %{REQUEST_FILENAME} !-d | |
RewriteRule .* index.php [L] | |
##### Joomla! core SEF Section -- END | |
# ---------------------------------------------------------------------- | |
# Expires headers (for better cache control) | |
# ---------------------------------------------------------------------- | |
# These are pretty far-future expires headers. | |
# They assume you control versioning with filename-based cache busting | |
# Additionally, consider that outdated proxies may miscache | |
# www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/ | |
# If you don't use filenames to version, lower the CSS and JS to something like | |
# "access plus 1 week" or so. | |
<IfModule mod_expires.c> | |
ExpiresActive on | |
# Perhaps better to whitelist expires rules? Perhaps. | |
ExpiresDefault "access plus 1 month" | |
# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5) | |
ExpiresByType text/cache-manifest "access plus 0 seconds" | |
# Your document html | |
ExpiresByType text/html "access plus 0 seconds" | |
# Data | |
ExpiresByType text/xml "access plus 0 seconds" | |
ExpiresByType application/xml "access plus 0 seconds" | |
ExpiresByType application/json "access plus 0 seconds" | |
# Feed | |
ExpiresByType application/rss+xml "access plus 1 hour" | |
ExpiresByType application/atom+xml "access plus 1 hour" | |
# Favicon (cannot be renamed) | |
ExpiresByType image/x-icon "access plus 1 week" | |
# Media: images, video, audio | |
ExpiresByType image/gif "access plus 1 year" | |
ExpiresByType image/png "access plus 1 year" | |
ExpiresByType image/jpeg "access plus 1 year" | |
ExpiresByType video/ogg "access plus 1 year" | |
ExpiresByType audio/ogg "access plus 1 year" | |
ExpiresByType video/mp4 "access plus 1 year" | |
ExpiresByType video/webm "access plus 1 year" | |
# HTC files (css3pie) | |
ExpiresByType text/x-component "access plus 1 month" | |
# Webfonts | |
ExpiresByType application/x-font-ttf "access plus 1 month" | |
ExpiresByType font/opentype "access plus 1 month" | |
ExpiresByType application/x-font-woff "access plus 1 month" | |
ExpiresByType image/svg+xml "access plus 1 month" | |
ExpiresByType application/vnd.ms-fontobject "access plus 1 month" | |
# CSS and JavaScript | |
ExpiresByType text/css "access plus 1 year" | |
ExpiresByType application/javascript "access plus 1 year" | |
</IfModule> | |
#Header unset Cache-Control | |
#Header set Last-Modified "Wed, 11 Jan 1984 05:00:00 GMT" | |
Header unset ETag |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment