Skip to content

Instantly share code, notes, and snippets.

Last active May 24, 2020 12:23
What would you like to do?
X3 Extended Apache config file example
# X3 extended Apache configuration example similar to what we use on our own Apache hosting.
# Some of the non-X3-specific rules may already be applied to your server by default.
# Find more standard Apache default here:
# Redirect non-SSL requests (both www and non-www) to HTTPS website [OPTIONAL]
<VirtualHost *:80>
Redirect permanent /
# Redirect www to non-www version of website on SSL (port 443) [OPTIONAL]
<VirtualHost *:443>
Redirect permanent /
# Main X3 website configuration on SSL without www
<VirtualHost *:443>
# Set serverName and DocumentRoot
DocumentRoot /var/www/yourwebsite
# X3 specific rules applied relative to X3 root directory
<Directory /var/www/yourwebsite/>
# Stop Apache from loading .htaccess files [OPTIONAL]
AllowOverride None
# RewriteEngine [REQUIRED]
RewriteEngine On
# Rewrite any calls to *.html, *.json, *.xml, *.atom, *.rss if a folder matching * exists [REQUIRED]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.+)\.(html|json|xml|atom|rss)$ $1/ [L]
# Add a trailing slash to directories [OPTIONAL but recommended]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(\.|\?)
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ([^/]+)$ $1/ [L]
# Rewrite any calls to /render to the image parser [REQUIRED]
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{QUERY_STRING} ^(?)debug($|&)
RewriteCond %{REQUEST_URI} render/
RewriteRule ^render/. app/parsers/slir/index.php?$1 [L]
# Rewrite routes to index.php if they are non-existent files/dirs [REQUIRED]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ index.php?/$1/ [L,QSA]
# Let Diagnostics know X3 is configured from server [OPTIONAL]
<IfModule mod_env.c>
# Prevent X3 Diagnostics from showing server information [OPTIONAL]
<IfModule mod_env.c>
# Prevent folder directory listing [OPTIONAL]
<IfModule mod_autoindex.c>
Options -Indexes
# unset etag (caching) [OPTIONAL]
<IfModule mod_headers.c>
Header unset ETag
FileETag None
# Increase cookie security (only if you are using PHP5) [OPTIONAL]
<IfModule php5_module>
php_value session.cookie_httponly true
# Agressive caching headers [OPTIONAL]
# Static assets set to be cached up to 10 years, while X3 application files should not cache.
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 10 years"
ExpiresByType text/html "access plus 0 seconds"
ExpiresByType text/xml "access plus 3600 seconds"
ExpiresByType application/xml "access plus 3600 seconds"
# Immutable cache-control for static assets [OPTIONAL]
<IfModule mod_headers.c>
<Files ~ "\.(jpe?g|png|gif|svg|mp3|mp4|json|css|js)$">
Header append Cache-Control "public, immutable"
# Make sure you are using utf-8 default charset [OPTIONAL]
AddDefaultCharset utf-8
<IfModule mod_mime.c>
AddCharset utf-8 .css .js .xml .json .rss .atom
# Compress (deflate) text-based files [OPTIONAL]
# Most of the below should already be configured by default on your server.
<IfModule mod_deflate.c>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE image/svg+xml
# Block direct access to some X3 PHP files with exceptions [OPTIONAL]
<DirectoryMatch /var/www/yourwebsite/(app|content)/>
<Files *.php>
Require all denied
<FilesMatch "(index|x3\.mailer|x3\.api)\.php$">
Require all granted
# Block public web access to the X3 /config/ folder [REQUIRED] and /_cache/ folder [OPTIONAL]
<DirectoryMatch /var/www/yourwebsite/(config|_cache|app/resources)/>
Require all denied
# For older Apache servers, uncomment and use the line below instead.
# Deny from all
Copy link

mjau-mjau commented Mar 31, 2017

X3 Extended Apache config file example. Some of the non-X3-specific rules may already be applied to your server by default.

You can find more recommended Apache defaults here:

Basic X3 Apache config file (minimum requirements) can be found here:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment