├── .htaccess
└── README.md
/.htaccess:
--------------------------------------------------------------------------------
1 | ####################################################################
2 | ################## Creare's Magento .htaccess File #################
3 | ############ https://github.com/Creare/magento-htaccess ############
4 | ####################################################################
5 |
6 | ### Prevent sftp-config.json from being loaded:
7 |
8 | order allow,deny
9 | deny from all
10 |
11 |
12 | ### Protect .htaccess
13 |
14 | order allow,deny
15 | deny from all
16 | satisfy all
17 |
18 |
19 | ##### Recognise SSL when set at a load balancer/proxy level (for CloudFlare) #####
20 |
21 | SetEnvIf X-Forwarded-Proto https HTTPS=on
22 |
23 | ##### Block unwanted Bots that clog the server #####
24 |
25 | RewriteCond %{HTTP_USER_AGENT} MJ12bot
26 | RewriteRule .* - [F]
27 | RewriteCond %{HTTP_USER_AGENT} 80legs [NC]
28 | RewriteRule ^ - [F]
29 |
30 | ##### Add support for SVG Graphics and CSS3 Pie #####
31 |
32 | AddType image/svg+xml svg svgz
33 | AddEncoding gzip svgz
34 | AddType text/x-component .htc
35 | DirectoryIndex index.php
36 |
37 | ##### Domain-specific PHP Settings #####
38 |
39 |
40 | php_value memory_limit 512M
41 | php_value max_execution_time 18000
42 | php_flag magic_quotes_gpc off
43 | php_flag session.auto_start off
44 | php_flag suhosin.session.cryptua off
45 | php_flag zend.ze1_compatibility_mode Off
46 |
47 |
48 | ##### Necessary redirects and rewrites for search engines #####
49 |
50 |
51 | #RewriteCond %{HTTP_HOST} !^www.yourdomain.com$ [NC]
52 | #RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301,L]
53 |
54 | ##### Redirect away from /index.php and /home
55 | ##### Warning: This index.php rewrite will prevent Magento
56 | ##### Connect from working if the /downloader path is changed.
57 | ##### Simply change downloader to the new path of Magento Connect.
58 | ##### Please note - http://www. if not using www simply use http://
59 |
60 | RewriteCond %{REQUEST_URI} !(downloader) [NC]
61 | RewriteCond %{THE_REQUEST} ^.*/index.php
62 | RewriteRule ^(.*)index.php$ http://www.yourdomain.com/$1 [R=301,L]
63 |
64 | ##### Please note - http://www. if not using www simply use http://
65 | redirect 301 /home http://www.yourdomain.com
66 |
67 | Options +FollowSymLinks
68 | RewriteEngine on
69 | RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
70 | RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
71 | RewriteCond %{REQUEST_FILENAME} !-f
72 | RewriteCond %{REQUEST_FILENAME} !-d
73 | RewriteCond %{REQUEST_FILENAME} !-l
74 | RewriteRule .* index.php [L]
75 |
76 |
77 |
78 | ##### mod_deflate compresses your output to lower the file size being sent to the client #####
79 |
80 |
81 | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
82 | BrowserMatch ^Mozilla/4 gzip-only-text/html
83 | BrowserMatch ^Mozilla/4\.0[678] no-gzip
84 | BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
85 | SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
86 | Header append Vary User-Agent env=!dont-vary
87 | php_flag zlib.output_compression on
88 |
89 |
90 |
91 | SetOutputFilter DEFLATE
92 |
93 |
94 |
95 | SSLOptions StdEnvVars
96 |
97 |
98 |
99 | ##### Header Directives #####
100 |
101 |
102 | Header unset ETag
103 | Header unset Last-Modified
104 |
105 |
106 |
107 | ##### disable POST processing to not break multiple image upload #####
108 | # To disable mod_security in your VirtualHost configuration, add the following:
109 | #
110 | #
111 | # SecRuleEngine Off
112 | #
113 | #
114 |
115 |
116 | #SecRuleEngine Off
117 | SecFilterScanPOST Off
118 |
119 |
120 | ##### Enable apache served files compression #####
121 |
122 |
123 | AddOutputFilterByType DEFLATE text/plain
124 | AddOutputFilterByType DEFLATE text/html
125 | AddOutputFilterByType DEFLATE text/xml
126 | AddOutputFilterByType DEFLATE text/css
127 | AddOutputFilterByType DEFLATE application/xml
128 | AddOutputFilterByType DEFLATE application/xhtml+xml
129 | AddOutputFilterByType DEFLATE application/rss+xml
130 | AddOutputFilterByType DEFLATE application/javascript
131 | AddOutputFilterByType DEFLATE application/x-javascript
132 | AddOutputFilterByType DEFLATE application/x-httpd-php
133 | AddOutputFilterByType DEFLATE application/cgi-php5
134 | AddOutputFilterByType DEFLATE application/cgi-php53
135 | AddOutputFilterByType DEFLATE application/cgi-php54
136 | BrowserMatch ^Mozilla/4 gzip-only-text/html
137 | BrowserMatch ^Mozilla/4\.0[678] no-gzip
138 | BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
139 | SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
140 | SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
141 | SetEnvIfNoCase Request_URI \.(?:pdf|doc)$ no-gzip dont-vary
142 | SetEnvIfNoCase Request_URI \.(?:avi|mov|mp3|mp4|rm)$ no-gzip dont-vary
143 | Header append Vary User-Agent env=!dont-vary
144 |
145 |
146 |
147 | ##### Mod gzip and caching for improved site speed #####
148 |
149 |
150 | mod_gzip_on Yes
151 | mod_gzip_dechunk Yes
152 | mod_gzip_item_include \.(html?|txt|css|js|php|pl)$
153 | mod_gzip_item_include handler ^cgi-script$
154 | mod_gzip_item_include mime ^text/.*
155 | mod_gzip_item_include mime ^application/x-javascript.*
156 | mod_gzip_item_exclude mime ^image/.*
157 | mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
158 |
159 |
160 |
161 | ##### Default expires headers for all file types #####
162 | ##### Not recommended for development environment #####
163 |
164 |
165 | ExpiresActive On
166 | ExpiresDefault "access plus 1 seconds"
167 | ExpiresByType text/html "access plus 1 seconds"
168 | ExpiresByType image/gif "access plus 2592000 seconds"
169 | ExpiresByType image/jpeg "access plus 2592000 seconds"
170 | ExpiresByType image/png "access plus 2592000 seconds"
171 | ExpiresByType text/css "access plus 604800 seconds"
172 | ExpiresByType text/javascript "access plus 216000 seconds"
173 | ExpiresByType application/x-javascript "access plus 216000 seconds"
174 |
175 |
176 |
177 | ##### Mime Type Caching #####
178 |
179 |
180 |
181 | ##### AUDIO #####
182 | AddType audio/mp4 m4a f4a f4b
183 | AddType audio/ogg oga ogg
184 |
185 | ##### JAVASCRIPT #####
186 | # Normalize to standard type (it's sniffed in IE anyways):
187 | # http://tools.ietf.org/html/rfc4329#section-7.2
188 | AddType application/javascript js jsonp
189 | AddType application/json json
190 |
191 | ##### VIDEO #####
192 | AddType video/mp4 mp4 m4v f4v f4p
193 | AddType video/ogg ogv
194 | AddType video/webm webm
195 | AddType video/x-flv flv
196 |
197 | ##### WEB FONTS #####
198 | AddType application/font-woff woff
199 | AddType application/vnd.ms-fontobject eot
200 |
201 | ##### Browsers usually ignore the font MIME types #####
202 | ##### and sniff the content, however, Chrome shows #####
203 | ##### a warning if other MIME types are used for #####
204 | ##### the following fonts. #####
205 | AddType application/x-font-ttf ttc ttf
206 | AddType font/opentype otf
207 |
208 |
209 | ##### OTHER #####
210 | AddType application/octet-stream safariextz
211 | AddType application/x-chrome-extension crx
212 | AddType application/x-opera-extension oex
213 | AddType application/x-shockwave-flash swf
214 | AddType application/x-web-app-manifest+json webapp
215 | AddType application/x-xpinstall xpi
216 | AddType application/xml atom rdf rss xml
217 | AddType image/webp webp
218 | AddType image/x-icon ico
219 | AddType text/cache-manifest appcache manifest
220 | AddType text/vtt vtt
221 | AddType text/x-component htc
222 | AddType text/x-vcard vcf
223 |
224 |
225 |
226 |
227 | AddCharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml
228 |
229 |
230 |
231 | ##### Disable ETags http://developer.yahoo.com/performance/rules.html#etags #####
232 |
233 | FileETag None
234 |
235 |
236 | ##### Prevent character encoding issues from server overrides #####
237 |
238 | AddDefaultCharset Off
239 | #AddDefaultCharset UTF-8
240 |
241 |
242 | ##### Force IE8 compatibility when using IE8+ #####
243 | ##### May cause issues within Windows Mobile Browsers #####
244 |
245 | BrowserMatch MSIE best-standards-support
246 | Header set X-UA-Compatible IE=8 env=best-standards-support
247 |
248 |
249 | ##### By default allow all access #####
250 |
251 | Order allow,deny
252 | Allow from all
253 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | magento-htaccess
2 | ================
3 |
4 | A htaccess boilerplate for all Magento Community installations. Features focus on speed, SEO and security.
5 |
6 | The file should be placed in the root of your Magento installed and named as .htaccess.
7 |
8 | Built by the good people at Creare; namely @[IcyApril](https://twitter.com/IcyApril) ([Junade](https://junade.com) Ali), @[bavington](https://twitter.com/bavington) ([James Bavington](http://bavington.co.uk/)) and @[AdamPMoss](https://twitter.com/adampmoss) ([Adam Moss](http://adammoss.co.uk/)).
9 |
--------------------------------------------------------------------------------