# A full .htaccess file

> Source: <https://gist.github.com/andrewstobbe/a43f5210c9b2ce87fdc6>
> Published: 2015-03-12 23:17:55+00:00

.htaccess

      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      
Learn more about bidirectional Unicode characters

 
    Show hidden characters

# Password protect this directory

# ==========================================

# AuthType Basic

# AuthName "Restricted Area"

# AuthUserFile /etc/httpd/conf/.htpasswd

# require valid-user

# Make PHP code look like other code types

# AddType application/x-httpd-php .asp .py .pl

# Add types for font mime types. This was necesary after chaning the default file type in the httpd.conf 

# to DefaultType application/x-httpd-php

# ===========================================

AddType application/vnd.ms-fontobject    .eot

AddType application/x-font-opentype      .otf

AddType image/svg+xml                    .svg

AddType application/x-font-ttf           .ttf

AddType application/font-woff            .woff

# Set this to development, staging or production

# ============================================

SetEnv PYRO_ENV staging

<IfModule mod_deflate.c>

# force deflate for mangled headers

# developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/

<IfModule mod_setenvif.c>

  <IfModule mod_headers.c>

    SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding

    RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding

  </IfModule>

</IfModule>

# HTML, TXT, CSS, JavaScript, JSON, XML, HTC:

<IfModule filter_module>

  FilterDeclare   COMPRESS

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/css

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/plain

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/xml

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/x-component

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/javascript

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/json

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xml

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xhtml+xml

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/rss+xml

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/atom+xml

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/vnd.ms-fontobject

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/svg+xml

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/x-font-ttf

  FilterProvider  COMPRESS  DEFLATE resp=Content-Type $font/opentype

  FilterChain     COMPRESS

  FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no

</IfModule>

<IfModule !mod_filter.c>

  # Legacy versions of Apache

  AddOutputFilterByType DEFLATE text/html text/plain text/css application/json

  AddOutputFilterByType DEFLATE application/javascript

  AddOutputFilterByType DEFLATE text/xml application/xml text/x-component

  AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml

  AddOutputFilterByType DEFLATE image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype

</IfModule>

</IfModule>

<IfModule mod_expires.c>

  ExpiresActive on

# Perhaps better to whitelist expires rules? Perhaps.

  ExpiresDefault                          "access plus 1 month"

# cache.appcache needs re-requests in FF 3.6 (thx Remy ~Introducing HTML5)

  ExpiresByType text/cache-manifest       "access plus 0 seconds"

# Your document html

  ExpiresByType text/html                 "access plus 0 seconds"

# Data

  ExpiresByType text/xml                  "access plus 0 seconds"

  ExpiresByType application/xml           "access plus 0 seconds"

  ExpiresByType application/json          "access plus 0 seconds"

# RSS feed

  ExpiresByType application/rss+xml       "access plus 1 hour"

# Favicon (cannot be renamed)

  ExpiresByType image/x-icon              "access plus 1 week"

# Media: images, video, audio

  ExpiresByType image/gif                 "access plus 1 month"

  ExpiresByType image/png                 "access plus 1 month"

  ExpiresByType image/jpg                 "access plus 1 month"

  ExpiresByType image/jpeg                "access plus 1 month"

  ExpiresByType video/ogg                 "access plus 1 month"

  ExpiresByType audio/ogg                 "access plus 1 month"

  ExpiresByType video/mp4                 "access plus 1 month"

  ExpiresByType video/webm                "access plus 1 month"

# HTC files  (css3pie)

  ExpiresByType text/x-component          "access plus 1 month"

# Webfonts

  ExpiresByType font/truetype             "access plus 1 month"

  ExpiresByType font/opentype             "access plus 1 month"

  ExpiresByType application/x-font-woff   "access plus 1 month"

  ExpiresByType image/svg+xml             "access plus 1 month"

  ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

# CSS and JavaScript

  ExpiresByType text/css                  "access plus 1 year"

  ExpiresByType application/javascript    "access plus 1 year"

  ExpiresByType text/javascript           "access plus 1 year"

  <IfModule mod_headers.c>

    Header append Cache-Control "public"

  </IfModule>

</IfModule>

# FileETag None is not enough for every server.

<IfModule mod_headers.c>

  Header unset ETag

</IfModule>

# Since we`re sending far-future expires, we don't need ETags for static content.

# developer.yahoo.com/performance/rules.html#etags

FileETag None

<IfModule mod_rewrite.c>

 # Make sure directory listing is disabled

 Options +FollowSymLinks -Indexes	

 

 # disable the Apache MultiViews directive if it is enabled on the server. It plays havoc with URL rewriting

 Options -MultiViews

 RewriteEngine on

 # Automatically determine and set the PYRO_ENV variable

 #RewriteCond %{HTTP_HOST} ^local.domain.com$

 #RewriteRule (.*) $1 [E=PYRO_ENV:development]

 #RewriteCond %{HTTP_HOST} ^stage.domain.com$

 #RewriteRule (.*) $1 [E=PYRO_ENV:staging]

 #RewriteCond %{HTTP_HOST} ^domain.com$

 #RewriteRule (.*) $1 [E=PYRO_ENV:production]

 # NOTICE: If you get a 404 play with combinations of the following commented out lines

 #AllowOverride All

 #RewriteBase /wherever/cms/is

 # Restrict your site to only one domain

 # !important USE ONLY ONE OPTION

 # Option 1: To rewrite "www.domain.com -> domain.com" uncomment the following lines.

 RewriteCond %{HTTPS} !=on

 RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]

 RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

 # Option 2: To rewrite "domain.com -> www.domain.com" uncomment the following lines.

 #RewriteCond %{HTTPS} !=on

 #RewriteCond %{HTTP_HOST} !^www\..+$ [NC]

 #RewriteCond %{HTTP_HOST} (.+)$ [NC]

 #RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]

 # Keep people out of codeigniter directory and Git/Mercurial data

 RedirectMatch 403 ^/.*/(system/cms/cache|system/codeigniter|system/cms/config|system/cms/logs|\.git|\.hg).*$

 # Send request via index.php (again, not if its a real file or folder)

 RewriteCond %{REQUEST_FILENAME} !-f

 RewriteCond %{REQUEST_FILENAME} !-d

 <IfModule mod_php5.c>

  RewriteRule ^(.*)$ index.php/$1 [L]

 </IfModule>

 <IfModule !mod_php5.c>

  RewriteRule ^(.*)$ index.php?/$1 [L]

 </IfModule>

</IfModule>