Last active
May 27, 2021 20:15
-
-
Save gobinathm/d348be1c9b5d07da40db to your computer and use it in GitHub Desktop.
Apache .htaccess Rule for enhanced caching of Content.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RewriteEngine on | |
# Domain Redirect | |
# ACQUIA PROD ONLY Redirect All Variation to jnjinstitute.com & in SSL | |
RewriteCond %{HTTPS} !on | |
RewriteCond %{ENV:AH_SITE_ENVIRONMENT} prod [NC] # Remove this line if you hosting provider is not acquia | |
RewriteCond %{HTTP_HOST} ^domain1\.net [NC,OR] | |
RewriteCond %{HTTP_HOST} ^www\.domain2\.com [NC,OR] | |
RewriteCond %{HTTP_HOST} ^www\.domain3\.com | |
RewriteRule ^(.*)$ https://domain.com$1 [R=permanent,L] | |
# ACQUIA None Production Environment | |
RewriteCond %{HTTPS} off | |
RewriteCond %{HTTP:X-Forwarded-Proto} !https | |
RewriteCond %{ENV:AH_SITE_ENVIRONMENT} !prod [NC] # Remove this line if you hosting provider is not acquia | |
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301] | |
# Block Browser Request to .htaccess | |
<Files ~ "^\.htaccess"> | |
Order allow,deny | |
Deny from all | |
</Files> | |
# CWE-79 Fix | |
<IfModule headers_module> | |
Header set X-Content-Type-Options nosniff | |
</IfModule> | |
# Disable Directory Listing (Should be configured in httpd.conf... still just in case) | |
Options -Indexes | |
# Deny Access to DRUPAL Text Files | |
<FilesMatch "(CHANGELOG|COPYRIGHT|INSTALL.mysql|INSTALL.pgsql|INSTALL.sqlite|INSTALL|LICENSE|MAINTAINERS|README|UPGRADE\.txt)$"> | |
Deny from all | |
</FilesMatch> | |
# begin rewrite rule for Drupal CCK issue | |
RewriteEngine on | |
RewriteCond %{REQUEST_URI} /userreference/autocomplete [NC,OR] | |
RewriteCond %{QUERY_STRING} userreference/autocomplete [NC] | |
RewriteRule ^(.*)$ /sites/default/files/empty.json? [NC,L] | |
# end rewrite rule for Drupal CCK issue | |
# trap 'rss.xml' request, redirect 404 page | |
RewriteRule ^rss.xml$ /index.php [L,R=301] | |
# Redirecting all "/node" and "/node/" to "/" | |
RewriteCond %{REMOTE_ADDR} !^148.* | |
RewriteCond %{HTTP_HOST} ^jnjinstitute\.com [NC,OR] | |
RewriteCond %{REQUEST_URI} ^/node(/*)$ [NC] | |
RewriteCond %{REQUEST_URI} ^/user(/*)$ [NC] | |
RewriteRule . https://%{HTTP_HOST}/ [R=301,L] | |
# Redirecting all "/node/*/delete", "/node/*/edit" and "/node/add" to "/" | |
# when accessing via external environments | |
RewriteCond %{REMOTE_ADDR} !^148.* | |
RewriteCond %{HTTP_HOST} ^jnjinstitute\.com [NC,OR] | |
RewriteCond %{REQUEST_URI} ^/node/(.*)/edit$ [NC,OR] | |
RewriteCond %{REQUEST_URI} ^/node/(.*)/delete$ [NC,OR] | |
RewriteCond %{REQUEST_URI} ^/node/add [NC] | |
RewriteRule . https://%{HTTP_HOST}/ [R=301,L] | |
# Performance Related ######### | |
# Compress Text Files (gzip/deflate output) (Note: Drupal have build in support) | |
<IfModule mod_deflate.c> | |
# Force compression for mangled headers. | |
# http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping | |
<IfModule mod_setenvif.c> | |
<IfModule mod_headers.c> | |
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding | |
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding | |
</IfModule> | |
</IfModule> | |
# Compress all output labeled with one of the following MIME-types | |
# (for Apache versions below 2.3.7, you don't need to enable `mod_filter` | |
# and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines | |
# as `AddOutputFilterByType` is still in the core directives). | |
<IfModule mod_filter.c> | |
AddOutputFilterByType DEFLATE application/atom+xml \ | |
application/javascript \ | |
application/json \ | |
application/rss+xml \ | |
application/vnd.ms-fontobject \ | |
application/x-font-ttf \ | |
application/x-web-app-manifest+json \ | |
application/xhtml+xml \ | |
application/xml \ | |
font/opentype \ | |
image/svg+xml \ | |
image/x-icon \ | |
text/css \ | |
text/html \ | |
text/plain \ | |
text/x-component \ | |
text/xml | |
</IfModule> | |
</IfModule> | |
# Turn eTags off | |
<IfModule mod_headers.c> | |
Header unset ETag | |
FileETag None | |
</IfModule> | |
# For Expire Duration use the Mod_expires (or) mod_headers option.. no need to use both | |
# Requires mod_expires to be enabled. & sets custom browser headers | |
<IfModule mod_expires.c> | |
ExpiresActive On | |
#cache web font for 1 year & allow them to load from any domain | |
<FilesMatch "\.(ttf|ttc|otf|eot|woff|svg)$"> | |
ExpiresDefault "access plus 12 months" | |
</FilesMatch> | |
#cache css, javascript and text files for 3 month | |
<FilesMatch ".(js|css|txt)$"> | |
ExpiresDefault "access plus 3 months" | |
</FilesMatch> | |
#cache flash and images for 3 month | |
<FilesMatch ".(flv|swf|ico|gif|jpg|jpeg|png|bmp)$"> | |
ExpiresDefault "access plus 3 months" | |
</FilesMatch> | |
</IfModule> | |
# Leverage this if you have mod_headers Set different cache control headers based on file type | |
<ifModule mod_headers.c> | |
# Below 2 Lines are for Not Caching HTML pages | |
Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0" | |
Header set Pragma "no-cache" | |
#cache xml for 60 seconds | |
<FilesMatch ".xml$"> | |
Header set Cache-Control "max-age=60, public, must-revalidate" | |
</FilesMatch> | |
#cache css, javascript and text files for 10 minutes | |
<FilesMatch ".(js|css|txt)$"> | |
Header set Cache-Control "max-age=600, public" | |
</FilesMatch> | |
#cache flash and images for 12 hours | |
<FilesMatch ".(ico|gif|jpg|jpeg|png|bmp)$"> | |
Header set Cache-Control "max-age=43200, public" | |
</FilesMatch> | |
# Set up caching on media files for 1 year (forever?) | |
<FilesMatch "\.(flv|swf|pdf|avi|mov|mp3|wmv|wav)$"> | |
Header set Cache-Control "max-age=31536000, public" | |
</FilesMatch> | |
# This is used over the above one only when you want to remove ETag Selectively. Otherwise Utilize the option above | |
<FilesMatch "\.(ttf|ttc|otf|eot|woff|svg|js|css|txt|ico|gif|jpg|jpeg|png|bmp|flv|swf|pdf|avi|mov|mp3|wmv|wav)$"> | |
Header unset ETag | |
FileETag None | |
</FilesMatch> | |
# allow web fonts to load from any domain (When Needed) | |
<FilesMatch "\.(ttf|ttc|otf|eot|woff|svg)$"> | |
Header set Access-Control-Allow-Origin "*" | |
</FilesMatch> | |
</ifModule> | |
##### Below SHould go in server config not .htaccess | |
# Allow to the following path from specific ip range | |
# IP Range Starting with 10 is to allow local traffic | |
# IP Range Starting with 148 is a internet IP | |
<Location /user> | |
Order allow,deny | |
Allow from 10 | |
Allow from 148.177 | |
</Location> | |
<Location /node> | |
Order allow,deny | |
Allow from 10 | |
Allow from 148.177 | |
</Location> | |
<Location /imce> | |
Order allow,deny | |
Allow from 10 | |
Allow from 148.177 | |
</Location> | |
<Location /user/password> | |
Order allow,deny | |
Allow from 10 | |
Allow from 148.177 | |
</Location> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment