A full .htaccess file

This article provides the full contents of an `.htaccess` file, a configuration file used by Apache web servers. The file includes commented-out directives for password protection and PHP code type masking, along with active settings for defining font MIME types, setting a staging environment variable, enabling gzip compression via mod_deflate, and setting browser caching expiration times via mod_expires.

.htaccess This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters Password protect this directory ========================================== AuthType Basic AuthName "Restricted Area" AuthUserFile /etc/httpd/conf/.htpasswd require valid-user Make PHP code look like other code types AddType application/x-httpd-php .asp .py .pl Add types for font mime types. This was necesary after chaning the default file type in the httpd.conf to DefaultType application/x-httpd-php =========================================== AddType application/vnd.ms-fontobject .eot AddType application/x-font-opentype .otf AddType image/svg+xml .svg AddType application/x-font-ttf .ttf AddType application/font-woff .woff Set this to development, staging or production ============================================ SetEnv PYRO ENV staging <IfModule mod deflate.c force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/ <IfModule mod setenvif.c <IfModule mod headers.c SetEnvIfNoCase ^ Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15} $ ^ gzip|deflate \s ,?\s +| X~- {4,13}$ HAVE Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE Accept-Encoding </IfModule </IfModule HTML, TXT, CSS, JavaScript, JSON, XML, HTC: <IfModule filter module FilterDeclare COMPRESS FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml FilterProvider COMPRESS DEFLATE resp=Content-Type $text/x-component FilterProvider COMPRESS DEFLATE resp=Content-Type $application/javascript FilterProvider COMPRESS DEFLATE resp=Content-Type $application/json FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xml FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xhtml+xml FilterProvider COMPRESS DEFLATE resp=Content-Type $application/rss+xml FilterProvider COMPRESS DEFLATE resp=Content-Type $application/atom+xml FilterProvider COMPRESS DEFLATE resp=Content-Type $application/vnd.ms-fontobject FilterProvider COMPRESS DEFLATE resp=Content-Type $image/svg+xml FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-font-ttf FilterProvider COMPRESS DEFLATE resp=Content-Type $font/opentype FilterChain COMPRESS FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no </IfModule <IfModule mod filter.c Legacy versions of Apache AddOutputFilterByType DEFLATE text/html text/plain text/css application/json AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE text/xml application/xml text/x-component AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml AddOutputFilterByType DEFLATE image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype </IfModule </IfModule <IfModule mod expires.c ExpiresActive on Perhaps better to whitelist expires rules? Perhaps. ExpiresDefault "access plus 1 month" cache.appcache needs re-requests in FF 3.6 thx Remy ~Introducing HTML5 ExpiresByType text/cache-manifest "access plus 0 seconds" Your document html ExpiresByType text/html "access plus 0 seconds" Data ExpiresByType text/xml "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType application/json "access plus 0 seconds" RSS feed ExpiresByType application/rss+xml "access plus 1 hour" Favicon cannot be renamed ExpiresByType image/x-icon "access plus 1 week" Media: images, video, audio ExpiresByType image/gif "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/jpg "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType video/ogg "access plus 1 month" ExpiresByType audio/ogg "access plus 1 month" ExpiresByType video/mp4 "access plus 1 month" ExpiresByType video/webm "access plus 1 month" HTC files css3pie ExpiresByType text/x-component "access plus 1 month" Webfonts ExpiresByType font/truetype "access plus 1 month" ExpiresByType font/opentype "access plus 1 month" ExpiresByType application/x-font-woff "access plus 1 month" ExpiresByType image/svg+xml "access plus 1 month" ExpiresByType application/vnd.ms-fontobject "access plus 1 month" CSS and JavaScript ExpiresByType text/css "access plus 1 year" ExpiresByType application/javascript "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" <IfModule mod headers.c Header append Cache-Control "public" </IfModule </IfModule FileETag None is not enough for every server. <IfModule mod headers.c Header unset ETag </IfModule Since we re sending far-future expires, we don't need ETags for static content. developer.yahoo.com/performance/rules.html etags FileETag None <IfModule mod rewrite.c Make sure directory listing is disabled Options +FollowSymLinks -Indexes disable the Apache MultiViews directive if it is enabled on the server. It plays havoc with URL rewriting Options -MultiViews RewriteEngine on Automatically determine and set the PYRO ENV variable RewriteCond %{HTTP HOST} ^local.domain.com$ RewriteRule . $1 E=PYRO ENV:development RewriteCond %{HTTP HOST} ^stage.domain.com$ RewriteRule . $1 E=PYRO ENV:staging RewriteCond %{HTTP HOST} ^domain.com$ RewriteRule . $1 E=PYRO ENV:production NOTICE: If you get a 404 play with combinations of the following commented out lines AllowOverride All RewriteBase /wherever/cms/is Restrict your site to only one domain important USE ONLY ONE OPTION Option 1: To rewrite "www.domain.com - domain.com" uncomment the following lines. RewriteCond %{HTTPS} =on RewriteCond %{HTTP HOST} ^www\. .+ $ NC RewriteRule ^ . $ http://%1/$1 R=301,L Option 2: To rewrite "domain.com - www.domain.com" uncomment the following lines. RewriteCond %{HTTPS} =on RewriteCond %{HTTP HOST} ^www\..+$ NC RewriteCond %{HTTP HOST} .+ $ NC RewriteRule ^ . $ http://www.%1/$1 R=301,L Keep people out of codeigniter directory and Git/Mercurial data RedirectMatch 403 ^/. / system/cms/cache|system/codeigniter|system/cms/config|system/cms/logs|\.git|\.hg . $ Send request via index.php again, not if its a real file or folder RewriteCond %{REQUEST FILENAME} -f RewriteCond %{REQUEST FILENAME} -d <IfModule mod php5.c RewriteRule ^ . $ index.php/$1 L </IfModule <IfModule mod php5.c RewriteRule ^ . $ index.php?/$1 L </IfModule </IfModule