gobinathm/.htaccess

## .htaccess
RewriteEngine on

# Domain Redirect

# ACQUIA PROD ONLY Redirect All Variation  to jnjinstitute.com & in SSL
RewriteCond %{HTTPS} !on
RewriteCond %{ENV:AH_SITE_ENVIRONMENT} prod [NC] # Remove this line if you hosting provider is not acquia
RewriteCond %{HTTP_HOST}   ^domain1\.net       [NC,OR]
RewriteCond %{HTTP_HOST}   ^www\.domain2\.com  [NC,OR]
RewriteCond %{HTTP_HOST}   ^www\.domain3\.com
RewriteRule ^(.*)$          https://domain.com$1 [R=permanent,L]

# ACQUIA None Production Environment
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{ENV:AH_SITE_ENVIRONMENT} !prod [NC]  # Remove this line if you hosting provider is not acquia
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]

# Block Browser Request to .htaccess
<Files ~ "^\.htaccess">
    Order allow,deny
    Deny from all
</Files>

# CWE-79 Fix
<IfModule headers_module>
    Header set X-Content-Type-Options nosniff
</IfModule>

# Disable Directory Listing (Should be configured in httpd.conf... still just in case)
Options -Indexes

# Deny Access to DRUPAL Text Files
<FilesMatch "(CHANGELOG|COPYRIGHT|INSTALL.mysql|INSTALL.pgsql|INSTALL.sqlite|INSTALL|LICENSE|MAINTAINERS|README|UPGRADE\.txt)$">
    Deny from all
</FilesMatch>

# begin rewrite rule for Drupal CCK issue
RewriteEngine on
RewriteCond %{REQUEST_URI} /userreference/autocomplete [NC,OR]
RewriteCond %{QUERY_STRING} userreference/autocomplete [NC]
RewriteRule ^(.*)$ /sites/default/files/empty.json?  [NC,L]
# end rewrite rule for Drupal CCK issue

# trap 'rss.xml' request, redirect 404 page
RewriteRule ^rss.xml$  /index.php  [L,R=301]

# Redirecting all "/node" and "/node/" to "/"
RewriteCond %{REMOTE_ADDR} !^148.*
RewriteCond %{HTTP_HOST}   ^jnjinstitute\.com [NC,OR]
RewriteCond %{REQUEST_URI} ^/node(/*)$ [NC]
RewriteCond %{REQUEST_URI} ^/user(/*)$ [NC]
RewriteRule . https://%{HTTP_HOST}/ [R=301,L]

# Redirecting all "/node/*/delete", "/node/*/edit" and "/node/add" to "/"
# when accessing via external environments
RewriteCond %{REMOTE_ADDR} !^148.*
RewriteCond %{HTTP_HOST}   ^jnjinstitute\.com [NC,OR]
RewriteCond %{REQUEST_URI} ^/node/(.*)/edit$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/node/(.*)/delete$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/node/add  [NC]
RewriteRule . https://%{HTTP_HOST}/ [R=301,L]

# Performance Related #########

# Compress Text Files (gzip/deflate output)  (Note: Drupal have build in support)
<IfModule mod_deflate.c>
    # Force compression for mangled headers.
    # http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
    <IfModule mod_setenvif.c>
            <IfModule mod_headers.c>
                    SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
                    RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
            </IfModule>
    </IfModule>

    # Compress all output labeled with one of the following MIME-types
    # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
    #    and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
    #    as `AddOutputFilterByType` is still in the core directives).
    <IfModule mod_filter.c>
        AddOutputFilterByType DEFLATE application/atom+xml \
          application/javascript \
          application/json \
          application/rss+xml \
          application/vnd.ms-fontobject \
          application/x-font-ttf \
          application/x-web-app-manifest+json \
          application/xhtml+xml \
          application/xml \
          font/opentype \
          image/svg+xml \
          image/x-icon \
          text/css \
          text/html \
          text/plain \
          text/x-component \
          text/xml
    </IfModule>
</IfModule>

# Turn eTags off
<IfModule mod_headers.c>
    Header unset ETag
    FileETag None
</IfModule>

# For Expire Duration use the Mod_expires (or) mod_headers option.. no need to use both
# Requires mod_expires to be enabled. & sets custom browser headers
<IfModule mod_expires.c>
    ExpiresActive On

    #cache web font for 1 year & allow them to load from any domain
    <FilesMatch "\.(ttf|ttc|otf|eot|woff|svg)$">
        ExpiresDefault "access plus 12 months"
    </FilesMatch>

    #cache css, javascript and text files for 3 month
    <FilesMatch ".(js|css|txt)$">
        ExpiresDefault "access plus 3 months"
    </FilesMatch>

    #cache flash and images for 3 month
    <FilesMatch ".(flv|swf|ico|gif|jpg|jpeg|png|bmp)$">
        ExpiresDefault "access plus 3 months"
    </FilesMatch>
</IfModule>

# Leverage this if you have mod_headers Set different cache control headers based on file type
<ifModule mod_headers.c>
    # Below 2 Lines are for Not Caching HTML pages
    Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
    Header set Pragma "no-cache"
    #cache xml for 60 seconds
    <FilesMatch ".xml$">
    Header set Cache-Control "max-age=60, public, must-revalidate"
    </FilesMatch>

   #cache css, javascript and text files for 10 minutes
   <FilesMatch ".(js|css|txt)$">
     Header set Cache-Control "max-age=600, public"
   </FilesMatch>

   #cache flash and images for 12 hours
   <FilesMatch ".(ico|gif|jpg|jpeg|png|bmp)$">
    Header set Cache-Control "max-age=43200, public"
   </FilesMatch>

   # Set up caching on media files for 1 year (forever?)
   <FilesMatch "\.(flv|swf|pdf|avi|mov|mp3|wmv|wav)$">
    Header set Cache-Control "max-age=31536000, public"
   </FilesMatch>

   # This is used over the above one only when you want to remove ETag Selectively. Otherwise Utilize the option above
   <FilesMatch "\.(ttf|ttc|otf|eot|woff|svg|js|css|txt|ico|gif|jpg|jpeg|png|bmp|flv|swf|pdf|avi|mov|mp3|wmv|wav)$">
     Header unset ETag
     FileETag None
   </FilesMatch>

    # allow web fonts to load from any domain (When Needed)
    <FilesMatch "\.(ttf|ttc|otf|eot|woff|svg)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</ifModule>


#####  Below SHould go in server config not .htaccess
# Allow to the following path from specific ip range
# IP Range Starting with 10 is to allow local traffic
# IP Range Starting with 148 is a internet IP
<Location /user>
  Order allow,deny
  Allow from 10
  Allow from 148.177
</Location>

<Location /node>
  Order allow,deny
  Allow from 10
  Allow from 148.177
</Location>

<Location /imce>
   Order allow,deny
   Allow from 10
   Allow from 148.177
</Location>

<Location /user/password>
   Order allow,deny
   Allow from 10
   Allow from 148.177
</Location>
	RewriteEngine on

	# Domain Redirect

	# ACQUIA PROD ONLY Redirect All Variation to jnjinstitute.com & in SSL
	RewriteCond %{HTTPS} !on
	RewriteCond %{ENV:AH_SITE_ENVIRONMENT} prod [NC] # Remove this line if you hosting provider is not acquia
	RewriteCond %{HTTP_HOST} ^domain1\.net [NC,OR]
	RewriteCond %{HTTP_HOST} ^www\.domain2\.com [NC,OR]
	RewriteCond %{HTTP_HOST} ^www\.domain3\.com
	RewriteRule ^(.*)$ https://domain.com$1 [R=permanent,L]

	# ACQUIA None Production Environment
	RewriteCond %{HTTPS} off
	RewriteCond %{HTTP:X-Forwarded-Proto} !https
	RewriteCond %{ENV:AH_SITE_ENVIRONMENT} !prod [NC] # Remove this line if you hosting provider is not acquia
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]

	# Block Browser Request to .htaccess
	<Files ~ "^\.htaccess">
	Order allow,deny
	Deny from all
	</Files>

	# CWE-79 Fix
	<IfModule headers_module>
	Header set X-Content-Type-Options nosniff
	</IfModule>

	# Disable Directory Listing (Should be configured in httpd.conf... still just in case)
	Options -Indexes

	# Deny Access to DRUPAL Text Files
	<FilesMatch "(CHANGELOG\|COPYRIGHT\|INSTALL.mysql\|INSTALL.pgsql\|INSTALL.sqlite\|INSTALL\|LICENSE\|MAINTAINERS\|README\|UPGRADE\.txt)$">
	Deny from all
	</FilesMatch>

	# begin rewrite rule for Drupal CCK issue
	RewriteEngine on
	RewriteCond %{REQUEST_URI} /userreference/autocomplete [NC,OR]
	RewriteCond %{QUERY_STRING} userreference/autocomplete [NC]
	RewriteRule ^(.*)$ /sites/default/files/empty.json? [NC,L]
	# end rewrite rule for Drupal CCK issue

	# trap 'rss.xml' request, redirect 404 page
	RewriteRule ^rss.xml$ /index.php [L,R=301]

	# Redirecting all "/node" and "/node/" to "/"
	RewriteCond %{REMOTE_ADDR} !^148.*
	RewriteCond %{HTTP_HOST} ^jnjinstitute\.com [NC,OR]
	RewriteCond %{REQUEST_URI} ^/node(/*)$ [NC]
	RewriteCond %{REQUEST_URI} ^/user(/*)$ [NC]
	RewriteRule . https://%{HTTP_HOST}/ [R=301,L]

	# Redirecting all "/node//delete", "/node//edit" and "/node/add" to "/"
	# when accessing via external environments
	RewriteCond %{REMOTE_ADDR} !^148.*
	RewriteCond %{HTTP_HOST} ^jnjinstitute\.com [NC,OR]
	RewriteCond %{REQUEST_URI} ^/node/(.*)/edit$ [NC,OR]
	RewriteCond %{REQUEST_URI} ^/node/(.*)/delete$ [NC,OR]
	RewriteCond %{REQUEST_URI} ^/node/add [NC]
	RewriteRule . https://%{HTTP_HOST}/ [R=301,L]

	# Performance Related #########

	# Compress Text Files (gzip/deflate output) (Note: Drupal have build in support)
	<IfModule mod_deflate.c>
	# Force compression for mangled headers.
	# http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
	<IfModule mod_setenvif.c>
	<IfModule mod_headers.c>
	SetEnvIfNoCase ^(Accept-EncodXng\|X-cept-Encoding\|X{15}\|~{15}\|-{15})$ ^((gzip\|deflate)\s,?\s)+\|[X~-]{4,13}$ HAVE_Accept-Encoding
	RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
	</IfModule>
	</IfModule>

	# Compress all output labeled with one of the following MIME-types
	# (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
	# and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
	# as `AddOutputFilterByType` is still in the core directives).
	<IfModule mod_filter.c>
	AddOutputFilterByType DEFLATE application/atom+xml \
	application/javascript \
	application/json \
	application/rss+xml \
	application/vnd.ms-fontobject \
	application/x-font-ttf \
	application/x-web-app-manifest+json \
	application/xhtml+xml \
	application/xml \
	font/opentype \
	image/svg+xml \
	image/x-icon \
	text/css \
	text/html \
	text/plain \
	text/x-component \
	text/xml
	</IfModule>
	</IfModule>

	# Turn eTags off
	<IfModule mod_headers.c>
	Header unset ETag
	FileETag None
	</IfModule>

	# For Expire Duration use the Mod_expires (or) mod_headers option.. no need to use both
	# Requires mod_expires to be enabled. & sets custom browser headers
	<IfModule mod_expires.c>
	ExpiresActive On

	#cache web font for 1 year & allow them to load from any domain
	<FilesMatch "\.(ttf\|ttc\|otf\|eot\|woff\|svg)$">
	ExpiresDefault "access plus 12 months"
	</FilesMatch>

	#cache css, javascript and text files for 3 month
	<FilesMatch ".(js\|css\|txt)$">
	ExpiresDefault "access plus 3 months"
	</FilesMatch>

	#cache flash and images for 3 month
	<FilesMatch ".(flv\|swf\|ico\|gif\|jpg\|jpeg\|png\|bmp)$">
	ExpiresDefault "access plus 3 months"
	</FilesMatch>
	</IfModule>

	# Leverage this if you have mod_headers Set different cache control headers based on file type
	<ifModule mod_headers.c>
	# Below 2 Lines are for Not Caching HTML pages
	Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
	Header set Pragma "no-cache"
	#cache xml for 60 seconds
	<FilesMatch ".xml$">
	Header set Cache-Control "max-age=60, public, must-revalidate"
	</FilesMatch>

	#cache css, javascript and text files for 10 minutes
	<FilesMatch ".(js\|css\|txt)$">
	Header set Cache-Control "max-age=600, public"
	</FilesMatch>

	#cache flash and images for 12 hours
	<FilesMatch ".(ico\|gif\|jpg\|jpeg\|png\|bmp)$">
	Header set Cache-Control "max-age=43200, public"
	</FilesMatch>

	# Set up caching on media files for 1 year (forever?)
	<FilesMatch "\.(flv\|swf\|pdf\|avi\|mov\|mp3\|wmv\|wav)$">
	Header set Cache-Control "max-age=31536000, public"
	</FilesMatch>

	# This is used over the above one only when you want to remove ETag Selectively. Otherwise Utilize the option above
	<FilesMatch "\.(ttf\|ttc\|otf\|eot\|woff\|svg\|js\|css\|txt\|ico\|gif\|jpg\|jpeg\|png\|bmp\|flv\|swf\|pdf\|avi\|mov\|mp3\|wmv\|wav)$">
	Header unset ETag
	FileETag None
	</FilesMatch>

	# allow web fonts to load from any domain (When Needed)
	<FilesMatch "\.(ttf\|ttc\|otf\|eot\|woff\|svg)$">
	Header set Access-Control-Allow-Origin "*"
	</FilesMatch>
	</ifModule>



	##### Below SHould go in server config not .htaccess
	# Allow to the following path from specific ip range
	# IP Range Starting with 10 is to allow local traffic
	# IP Range Starting with 148 is a internet IP
	<Location /user>
	Order allow,deny
	Allow from 10
	Allow from 148.177
	</Location>

	<Location /node>
	Order allow,deny
	Allow from 10
	Allow from 148.177
	</Location>

	<Location /imce>
	Order allow,deny
	Allow from 10
	Allow from 148.177
	</Location>

	<Location /user/password>
	Order allow,deny
	Allow from 10
	Allow from 148.177
	</Location>