{"slug": "a-full-htaccess-file", "title": "A full .htaccess file", "summary": "This article provides the full contents of an `.htaccess` file, a configuration file used by Apache web servers. The file includes commented-out directives for password protection and PHP code type masking, along with active settings for defining font MIME types, setting a staging environment variable, enabling gzip compression via mod_deflate, and setting browser caching expiration times via mod_expires.", "body_md": ".htaccess\n\n This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.\n \nLearn more about bidirectional Unicode characters\n\n \n Show hidden characters\n\n# Password protect this directory\n\n# ==========================================\n\n# AuthType Basic\n\n# AuthName \"Restricted Area\"\n\n# AuthUserFile /etc/httpd/conf/.htpasswd\n\n# require valid-user\n\n# Make PHP code look like other code types\n\n# AddType application/x-httpd-php .asp .py .pl\n\n# Add types for font mime types. This was necesary after chaning the default file type in the httpd.conf \n\n# to DefaultType application/x-httpd-php\n\n# ===========================================\n\nAddType application/vnd.ms-fontobject .eot\n\nAddType application/x-font-opentype .otf\n\nAddType image/svg+xml .svg\n\nAddType application/x-font-ttf .ttf\n\nAddType application/font-woff .woff\n\n# Set this to development, staging or production\n\n# ============================================\n\nSetEnv PYRO_ENV staging\n\n\n\n# force deflate for mangled headers\n\n# developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/\n\n\n\n \n\n SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\\s*,?\\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding\n\n RequestHeader append Accept-Encoding \"gzip,deflate\" env=HAVE_Accept-Encoding\n\n \n\n\n\n# HTML, TXT, CSS, JavaScript, JSON, XML, HTC:\n\n\n\n FilterDeclare COMPRESS\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $text/x-component\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $application/javascript\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $application/json\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xml\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xhtml+xml\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $application/rss+xml\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $application/atom+xml\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $application/vnd.ms-fontobject\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $image/svg+xml\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-font-ttf\n\n FilterProvider COMPRESS DEFLATE resp=Content-Type $font/opentype\n\n FilterChain COMPRESS\n\n FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no\n\n\n\n\n\n # Legacy versions of Apache\n\n AddOutputFilterByType DEFLATE text/html text/plain text/css application/json\n\n AddOutputFilterByType DEFLATE application/javascript\n\n AddOutputFilterByType DEFLATE text/xml application/xml text/x-component\n\n AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml\n\n AddOutputFilterByType DEFLATE image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype\n\n\n\n\n\n\n\n ExpiresActive on\n\n# Perhaps better to whitelist expires rules? Perhaps.\n\n ExpiresDefault \"access plus 1 month\"\n\n# cache.appcache needs re-requests in FF 3.6 (thx Remy ~Introducing HTML5)\n\n ExpiresByType text/cache-manifest \"access plus 0 seconds\"\n\n# Your document html\n\n ExpiresByType text/html \"access plus 0 seconds\"\n\n# Data\n\n ExpiresByType text/xml \"access plus 0 seconds\"\n\n ExpiresByType application/xml \"access plus 0 seconds\"\n\n ExpiresByType application/json \"access plus 0 seconds\"\n\n# RSS feed\n\n ExpiresByType application/rss+xml \"access plus 1 hour\"\n\n# Favicon (cannot be renamed)\n\n ExpiresByType image/x-icon \"access plus 1 week\"\n\n# Media: images, video, audio\n\n ExpiresByType image/gif \"access plus 1 month\"\n\n ExpiresByType image/png \"access plus 1 month\"\n\n ExpiresByType image/jpg \"access plus 1 month\"\n\n ExpiresByType image/jpeg \"access plus 1 month\"\n\n ExpiresByType video/ogg \"access plus 1 month\"\n\n ExpiresByType audio/ogg \"access plus 1 month\"\n\n ExpiresByType video/mp4 \"access plus 1 month\"\n\n ExpiresByType video/webm \"access plus 1 month\"\n\n# HTC files (css3pie)\n\n ExpiresByType text/x-component \"access plus 1 month\"\n\n# Webfonts\n\n ExpiresByType font/truetype \"access plus 1 month\"\n\n ExpiresByType font/opentype \"access plus 1 month\"\n\n ExpiresByType application/x-font-woff \"access plus 1 month\"\n\n ExpiresByType image/svg+xml \"access plus 1 month\"\n\n ExpiresByType application/vnd.ms-fontobject \"access plus 1 month\"\n\n# CSS and JavaScript\n\n ExpiresByType text/css \"access plus 1 year\"\n\n ExpiresByType application/javascript \"access plus 1 year\"\n\n ExpiresByType text/javascript \"access plus 1 year\"\n\n \n\n Header append Cache-Control \"public\"\n\n \n\n\n\n# FileETag None is not enough for every server.\n\n\n\n Header unset ETag\n\n\n\n# Since we`re sending far-future expires, we don't need ETags for static content.\n\n# developer.yahoo.com/performance/rules.html#etags\n\nFileETag None\n\n\n\n # Make sure directory listing is disabled\n\n Options +FollowSymLinks -Indexes\t\n\n \n\n # disable the Apache MultiViews directive if it is enabled on the server. It plays havoc with URL rewriting\n\n Options -MultiViews\n\n RewriteEngine on\n\n # Automatically determine and set the PYRO_ENV variable\n\n #RewriteCond %{HTTP_HOST} ^local.domain.com$\n\n #RewriteRule (.*) $1 [E=PYRO_ENV:development]\n\n #RewriteCond %{HTTP_HOST} ^stage.domain.com$\n\n #RewriteRule (.*) $1 [E=PYRO_ENV:staging]\n\n #RewriteCond %{HTTP_HOST} ^domain.com$\n\n #RewriteRule (.*) $1 [E=PYRO_ENV:production]\n\n # NOTICE: If you get a 404 play with combinations of the following commented out lines\n\n #AllowOverride All\n\n #RewriteBase /wherever/cms/is\n\n # Restrict your site to only one domain\n\n # !important USE ONLY ONE OPTION\n\n # Option 1: To rewrite \"www.domain.com -> domain.com\" uncomment the following lines.\n\n RewriteCond %{HTTPS} !=on\n\n RewriteCond %{HTTP_HOST} ^www\\.(.+)$ [NC]\n\n RewriteRule ^(.*)$ http://%1/$1 [R=301,L]\n\n # Option 2: To rewrite \"domain.com -> www.domain.com\" uncomment the following lines.\n\n #RewriteCond %{HTTPS} !=on\n\n #RewriteCond %{HTTP_HOST} !^www\\..+$ [NC]\n\n #RewriteCond %{HTTP_HOST} (.+)$ [NC]\n\n #RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]\n\n # Keep people out of codeigniter directory and Git/Mercurial data\n\n RedirectMatch 403 ^/.*/(system/cms/cache|system/codeigniter|system/cms/config|system/cms/logs|\\.git|\\.hg).*$\n\n # Send request via index.php (again, not if its a real file or folder)\n\n RewriteCond %{REQUEST_FILENAME} !-f\n\n RewriteCond %{REQUEST_FILENAME} !-d\n\n \n\n RewriteRule ^(.*)$ index.php/$1 [L]\n\n \n\n \n\n RewriteRule ^(.*)$ index.php?/$1 [L]\n\n \n\n", "url": "https://wpnews.pro/news/a-full-htaccess-file", "canonical_source": "https://gist.github.com/andrewstobbe/a43f5210c9b2ce87fdc6", "published_at": "2015-03-12 23:17:55+00:00", "updated_at": "2026-05-22 18:38:33.469629+00:00", "lang": "en", "topics": ["developer-tools", "cybersecurity", "cloud-computing"], "entities": [], "alternates": {"html": "https://wpnews.pro/news/a-full-htaccess-file", "markdown": "https://wpnews.pro/news/a-full-htaccess-file.md", "text": "https://wpnews.pro/news/a-full-htaccess-file.txt", "jsonld": "https://wpnews.pro/news/a-full-htaccess-file.jsonld"}}