├── README.md ├── bower.json ├── LICENSE ├── README-FR.md ├── .htaccess └── CMSMS └── .htaccess /README.md: -------------------------------------------------------------------------------- 1 | htaccess-useful 2 | =============== 3 | 4 | You may find here a collection of tips and a start-base for an htaccess file. 5 | 6 | Feel free to participate. 7 | -------------------------------------------------------------------------------- /bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "htaccess useful", 3 | "version": "1.0.3", 4 | "homepage": "https://github.com/nico3333fr/htaccess-useful", 5 | "authors": [ 6 | "Nicolas HOFFMANN" 7 | ], 8 | "description": "htaccess useful is acollection of tips and a good start-base for an htaccess file", 9 | "main": ".htaccess", 10 | "keywords": [ 11 | "htaccess", "performance", "cache", "webperf", "type mimes", "quality", "security", "workflow" 12 | ], 13 | "license": "WTFPL", 14 | "ignore": [ 15 | "node_modules", 16 | "bower_components", 17 | "README.md", 18 | "readme-fr.md", 19 | "bower.json", 20 | ".bower.json" 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Nicolas Hoffmann 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README-FR.md: -------------------------------------------------------------------------------- 1 | # Explications en français dans le texte 2 | 3 | Pour le télécharger, un click-droit sur RAW et le sauvegarder. 4 | 5 | Ce fichier permet de valider/d'aider à valider de très nombreux points de checklists qualité : performance, mise en cache, sécurité, noms de domaine avec ou sans www, redirections, etc. 6 | 7 | ## UTF-8 encoding 8 | 9 | Définit l’UTF-8 par défaut sur certains fichiers. 10 | 11 | ## Password protection 12 | 13 | Utile pour restreindre un site en développement. 14 | 15 | On pourra ajouter ``` Allow From ``` pour autoriser une IP sur un développement. 16 | 17 | Voir http://openweb.eu.org/articles/le-fichier-htaccess pour générer les mots de passe (htpasswd). 18 | 19 | ## Additionnal charset/types/etc. 20 | 21 | Définit ou re-définit bon nombre de types MIME, par exemple très utile pour faire marcher les web fonts comme il faut. 22 | 23 | ## force download 24 | 25 | Si l’on souhaite forcer le téléchargement d’un type de fichier, ajouter la bonne extension. 26 | 27 | ## for uploadify or upload component 28 | 29 | Parfois nécessaire pour uploadify. 30 | 31 | ## Custom error messages / pages 32 | 33 | Obligatoire pour les pages d’erreurs 404/403. 34 | 35 | ## File access 36 | 37 | Empêche le listing des racines des répertoires. 38 | 39 | ## prevent accessing to all files excepted those mentionned 40 | 41 | Très utile dans un folder de type upload : restreint l’exécution des fichiers non-autorisés. 42 | Ex: si le folder est censé avoir uniquement des jpg, on spécifiera : 43 | 44 | 45 | ## prevent executing PHP file in a folder 46 | 47 | Utile dans certains répertoire de type upload, pour empêcher un script de se lancer. 48 | Ne JAMAIS activer ça sur un htaccess global d’un site ! 49 | 50 | ## block access to hidden files & directories 51 | 52 | Empêche l’accès aux fichiers cachés du serveur (normalement par défaut, mais on ne sait jamais). 53 | 54 | ## Suppressing / Forcing the `www.` at the beginning of URLs 55 | 56 | Pour ajouter/enlever le www. sur un site. Plusieurs exemples de redirections sont proposées. 57 | Ne JAMAIS utiliser plus d’une option, sinon redirection infinie. 58 | 59 | ## Compression 60 | 61 | Active la compression sur les fichiers usuels. Obligatoire pour les performances web. 62 | 63 | ## Security 64 | 65 | Ajoute les entêtes de sécurité (éviter le MIME-Sniffing et les attaques de type ClickJacking et active certaines protections des navigateurs contre le Cross-Site-Scripting). Cf https://securityheaders.io/ 66 | 67 | ## Cache 68 | 69 | Mise en cache des éléments statiques. Obligatoires pour les performances. 70 | 71 | ## Redirects 72 | 73 | Sections pour les redirections permanentes/temporaires, propose d’autres exemples. 74 | -------------------------------------------------------------------------------- /.htaccess: -------------------------------------------------------------------------------- 1 | # 2 | # HTACCESS : useful tips & tricks 3 | # uses a lot of good ideas from html5-boilerplate https://github.com/h5bp 4 | # https://github.com/h5bp/server-configs-apache 5 | # 6 | # made by Nicolas (@nico3333fr) 7 | # under WTFPL license 8 | # no warranty: can’t be responsible for anything if you use it 9 | # "great power involves great responsibility" 10 | # 11 | # 12 | 13 | # ------------------------------------------------------------------------------ 14 | # | UTF-8 encoding | 15 | # ------------------------------------------------------------------------------ 16 | 17 | 18 | AddCharset utf-8 .atom .scss .css .js .json .jsonld .rss .vtt .webapp .xml .txt .svg .webmanifest .html .htm .md 19 | 20 | 21 | 22 | 23 | # ------------------------------------------------------------------------------ 24 | # | Password protection | 25 | # ------------------------------------------------------------------------------ 26 | 27 | 28 | #AuthUserFile /home/your_path/.htpasswd 29 | #AuthGroupFile /dev/null 30 | #AuthName " Restricted access " 31 | #AuthType basic 32 | 33 | # 34 | # Order Deny,Allow 35 | # Deny From All 36 | # Allow From 192.168.1.0/24 37 | 38 | # require valid-user 39 | # Satisfy Any 40 | # 41 | 42 | 43 | 44 | 45 | # ------------------------------------------------------------------------------ 46 | # | Additionnal charset/types/etc. | 47 | # ------------------------------------------------------------------------------ 48 | 49 | 50 | 51 | 52 | # Audio 53 | AddType audio/mp4 m4a f4a f4b 54 | AddType audio/mpeg mp3 55 | AddType audio/ogg oga ogg opus 56 | AddType audio/wav wav 57 | AddType audio/webm webma 58 | 59 | # Data interchange 60 | AddType application/json json map 61 | AddType application/ld+json jsonld 62 | 63 | # JavaScript 64 | # Normalize to standard type. 65 | # http://tools.ietf.org/html/rfc4329#section-7.2 66 | AddType application/javascript js 67 | 68 | # Video 69 | AddType video/mp4 f4v f4p m4v mp4 70 | AddType video/ogg ogv 71 | AddType video/webm webm 72 | AddType video/x-flv flv 73 | 74 | # Web fonts 75 | AddType application/font-woff woff 76 | AddType application/vnd.ms-fontobject eot 77 | AddType application/x-font-ttf ttc ttf 78 | AddType application/x-font-woff woff 79 | AddType application/font-woff2 .woff2 80 | AddType font/opentype otf 81 | 82 | 83 | # Make SVGZ fonts work on the iPad. 84 | # https://twitter.com/FontSquirrel/status/14855840545 85 | AddType image/svg+xml svgz 86 | AddEncoding gzip svgz 87 | 88 | # Other 89 | AddType application/octet-stream safariextz 90 | AddType application/x-chrome-extension crx 91 | AddType application/x-opera-extension oex 92 | AddType application/x-web-app-manifest+json webapp 93 | AddType application/x-xpinstall xpi 94 | AddType application/xml atom rdf rss xml 95 | AddType image/webp webp 96 | AddType image/x-icon cur 97 | AddType image/vnd.microsoft.icon .ico 98 | AddType text/cache-manifest appcache manifest 99 | AddType text/css .css 100 | AddType image/svg+xml svg 101 | AddType text/vtt vtt 102 | AddType text/x-component htc 103 | AddType text/x-vcard vcf 104 | AddType application/vnd.openxmlformats .docx .pptx .xlsx .xltx . xltm .dotx .potx .ppsx 105 | AddType image/webp .webp 106 | AddType application/manifest+json .webmanifest 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | # ------------------------------------------------------------------------------ 115 | # | force download | 116 | # ------------------------------------------------------------------------------ 117 | 118 | # for xslx 119 | # 120 | # ForceType application/octet-stream 121 | # Header set Content-Disposition attachment 122 | # 123 | 124 | 125 | 126 | 127 | 128 | # ------------------------------------------------------------------------------ 129 | # | for uploadify or upload component | 130 | # ------------------------------------------------------------------------------ 131 | 132 | #php_value max_execution_time 1800 133 | #php_value upload_max_filesize 99M 134 | #php_value post_max_size 99M 135 | #php_value memory_limit 99M 136 | #php_value max_input_time 3600 137 | 138 | 139 | # for some strange cases/components, uncomment only if there is no other way 140 | # 141 | # SecFilterEngine Off 142 | # SecFilterScanPOST Off 143 | # 144 | 145 | 146 | 147 | 148 | # ------------------------------------------------------------------------------ 149 | # | Custom error messages / pages | 150 | # ------------------------------------------------------------------------------ 151 | 152 | # lost & found 153 | ErrorDocument 404 /404.php 154 | 155 | # niet 156 | ErrorDocument 403 /403.php 157 | 158 | # oops, internal server error 159 | ErrorDocument 500 /500.php 160 | 161 | # unauthorized 162 | ErrorDocument 401 /401.php 163 | 164 | # not implemented 165 | #ErrorDocument 418 /418.php 166 | 167 | 168 | 169 | 170 | 171 | # ------------------------------------------------------------------------------ 172 | # | File access | 173 | # ------------------------------------------------------------------------------ 174 | 175 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 176 | # no listing for directories 177 | 178 | 179 | Options -Indexes 180 | 181 | 182 | 183 | 184 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 185 | # prevent accessing to all files excepted those mentionned (be careful to uppercase) 186 | 187 | # 188 | # Apache 2.2 189 | # deny from all 190 | # Apache 2.4 191 | # Require all denied 192 | # 193 | 194 | 195 | 196 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 197 | # prevent executing PHP file in a folder 198 | # Warning : do NEVER uncomment this in general htaccess, only in folders that need it ! 199 | 200 | #RemoveHandler .php .phtml .php3 .php4 .php5 201 | #RemoveType .php .phtml .php3 .php4 .php5 202 | #php_flag engine off 203 | 204 | # To deny PHPs 205 | # 206 | # Apache 2.2 207 | # deny from all 208 | # Apache 2.4 209 | # Require all denied 210 | # 211 | 212 | 213 | 214 | 215 | 216 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 217 | # block access to hidden files & directories 218 | 219 | 220 | RewriteCond %{SCRIPT_FILENAME} -d [OR] 221 | RewriteCond %{SCRIPT_FILENAME} -f 222 | RewriteRule "(^|/)\." - [F] 223 | 224 | 225 | 226 | 227 | 228 | # ------------------------------------------------------------------------------ 229 | # | Rewrite engine | 230 | # ------------------------------------------------------------------------------ 231 | 232 | 233 | Options +FollowSymlinks 234 | # Options +SymLinksIfOwnerMatch 235 | RewriteEngine On 236 | # RewriteBase / 237 | 238 | 239 | 240 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 241 | # examples 242 | 243 | 244 | # /page/plop?toto=tutu -> /page.php?page=plop&toto=tutu 245 | # RewriteRule /pages/(.+) /page.php?page=$1 [QSA] 246 | 247 | 248 | # my-ass -> my-ass.php 249 | Options -MultiViews 250 | RewriteCond %{REQUEST_FILENAME} !-d 251 | RewriteCond %{REQUEST_FILENAME}\.php -f 252 | RewriteRule ^(.*)$ $1.php [L] 253 | 254 | # sitemaps 255 | #RewriteRule ^sitemap\.xml$ sitemap.php [L] 256 | 257 | # security.txt 258 | RewriteRule ^.well-known/security\.txt$ security.txt [L] 259 | 260 | # to avoid 404 errors generated by iOS 261 | # see http://www.creativejuiz.fr/blog/veille-technologique/ios-provoque-404-site-web-apple-touch-icon for reference 262 | #RewriteRule ^apple-touch-icon-(.+)\.png apple-touch-icon.png [L] 263 | 264 | # Cache busting for CSS/JS 265 | #RewriteCond %{REQUEST_FILENAME} !-f 266 | #RewriteCond %{REQUEST_FILENAME} !-d 267 | #RewriteRule ^(.+)_(\d+)\.(js|css)$ $1.$3 [L] 268 | 269 | 270 | 271 | 272 | # ------------------------------------------------------------------------------ 273 | # | Suppressing / Forcing the `www.` at the beginning of URLs | 274 | # ------------------------------------------------------------------------------ 275 | 276 | # IMPORTANT: NEVER USE THESE RULES AT THE SAME TIME! 277 | # UNCOMMENT THE GOOD ONE ONLY 278 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 279 | 280 | # HTTPS 281 | 282 | # whatever, go to HTTPS 283 | # 284 | # RewriteCond %{HTTPS} !=on 285 | # RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 286 | # 287 | 288 | # Option 1: rewrite www.example.com → example.com 289 | 290 | # 291 | # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] 292 | # RewriteCond %{SERVER_ADDR} !=127.0.0.1 293 | # RewriteCond %{SERVER_ADDR} !=::1 294 | # RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L] 295 | # 296 | 297 | # Option 2: rewrite example.com → www.example.com 298 | 299 | # 300 | # RewriteCond %{HTTP_HOST} !^www\. [NC] 301 | # RewriteCond %{SERVER_ADDR} !=127.0.0.1 302 | # RewriteCond %{SERVER_ADDR} !=::1 303 | # RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 304 | # 305 | 306 | # Option 3: whatever → www.example.com 307 | 308 | # 309 | # RewriteCond %{HTTP_HOST} !^www\.example\.com [NC] 310 | # RewriteCond %{SERVER_ADDR} !=127.0.0.1 311 | # RewriteCond %{SERVER_ADDR} !=::1 312 | # RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L] 313 | # 314 | 315 | 316 | 317 | # HTTP 318 | 319 | # Option 1: rewrite www.example.com → example.com 320 | 321 | # 322 | # RewriteCond %{HTTPS} !=on 323 | # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] 324 | # RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L] 325 | # 326 | 327 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 328 | 329 | # Option 2: rewrite example.com → www.example.com 330 | 331 | # 332 | # RewriteCond %{HTTPS} !=on 333 | # RewriteCond %{HTTP_HOST} !^www\. [NC] 334 | # RewriteCond %{SERVER_ADDR} !=127.0.0.1 335 | # RewriteCond %{SERVER_ADDR} !=::1 336 | # RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 337 | # 338 | 339 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 340 | 341 | # Option 3: whatever → www.example.com 342 | 343 | # 344 | # RewriteCond %{HTTPS} !=on 345 | # RewriteCond %{HTTP_HOST} !^www\.example\.com [NC] 346 | # RewriteCond %{SERVER_ADDR} !=127.0.0.1 347 | # RewriteCond %{SERVER_ADDR} !=::1 348 | # RewriteRule ^ http://www.example.com%{REQUEST_URI} [R=301,L] 349 | # 350 | 351 | 352 | 353 | 354 | # ------------------------------------------------------------------------------ 355 | # | Compression | 356 | # ------------------------------------------------------------------------------ 357 | 358 | 359 | AddOutputFilter INCLUDES;DEFLATE js 360 | AddOutputFilter INCLUDES;DEFLATE css 361 | AddOutputFilter INCLUDES;DEFLATE php 362 | AddOutputFilter INCLUDES;DEFLATE html 363 | AddOutputFilter INCLUDES;DEFLATE xml 364 | AddOutputFilter INCLUDES;DEFLATE ico 365 | 366 | # webfonts 367 | AddOutputFilter INCLUDES;DEFLATE eot 368 | AddOutputFilter INCLUDES;DEFLATE svg 369 | AddOutputFilter INCLUDES;DEFLATE ttf 370 | 371 | # others 372 | AddOutputFilter INCLUDES;DEFLATE vtt 373 | AddOutputFilter INCLUDES;DEFLATE webmanifest 374 | 375 | 376 | 377 | 378 | 379 | # ------------------------------------------------------------------------------ 380 | # | Security | 381 | # ------------------------------------------------------------------------------ 382 | 383 | # Stops a browser from trying to MIME-sniff 384 | 385 | Header always set X-Content-Type-Options "nosniff" 386 | 387 | 388 | # Avoid Clickjacking and enable XSS-protection for browsers 389 | 390 | 391 | # security 392 | Header set X-Frame-Options "DENY" 393 | Header set X-XSS-Protection "1; mode=block" 394 | 395 | 396 | 397 | # CORS 398 | # 399 | # Header set Access-Control-Allow-Origin "*" 400 | # 401 | 402 | 403 | 404 | # ------------------------------------------------------------------------------ 405 | # | Cache + | 406 | # ------------------------------------------------------------------------------ 407 | 408 | # CACHE + ETags 409 | 410 | 411 | Header unset Set-Cookie 412 | Header set Cache-Control "max-age=21772800" 413 | header set vary "Accept-Encoding" 414 | header append vary "User-Agent" 415 | header append Cache-Control "public" 416 | header append Keep-Alive "timeout=5, max=100" 417 | header append Connection "Keep-Alive" 418 | FileETag None 419 | 420 | 421 | 422 | # 10 minutes = HTML, XML (RSS) 423 | 424 | 425 | Header set Cache-Control "max-age=600" 426 | header set vary "Accept-Encoding" 427 | header append vary "User-Agent" 428 | header append Cache-Control "private" 429 | FileETag None 430 | 431 | 432 | 433 | # DONT CACHE = NO CACHE FOR PHP 434 | 435 | 436 | Header unset Cache-Control 437 | Header unset Expires 438 | Header unset Last-Modified 439 | Header unset Pragma 440 | #BrowserMatch "MSIE" force-no-vary 441 | FileETag None 442 | header set vary "Accept-Encoding" 443 | header append vary "User-Agent" 444 | header append Cache-Control "private" 445 | 446 | #Header set X-UA-Compatible "IE=edge" 447 | 448 | 449 | 450 | 451 | 452 | 453 | 454 | # ------------------------------------------------------------------------------ 455 | # | Redirects | 456 | # ------------------------------------------------------------------------------ 457 | 458 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 459 | # permanent 460 | # RedirectPermanent /old-page.php http://www.mysite.com/new-page.php 461 | 462 | 463 | 464 | 465 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 466 | # temporary 467 | # RedirectTemp /old-page.php http://www.mysite.com/new-page.php 468 | 469 | 470 | 471 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 472 | # other examples 473 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 474 | # 475 | # URL with querystring to new one keeping the querystring (301 = permanent) 476 | # RewriteCond %{QUERY_STRING} id=(\w+) 477 | # RewriteRule ^old_path/index\.php http://www.new_site.com/new_path/index.php?id=%1 [L,R=301] 478 | 479 | # URL to a hash fragment /some-path/whatever/ => /some-path/#whatever 480 | # RewriteRule ^/some-path/(.*)/?$ /some-path/#$1 [R=301,L,NE] 481 | 482 | # Rewrite short URL noooo to a file 483 | # RewriteRule ^noooo$ /images/nooo.gif [L] 484 | -------------------------------------------------------------------------------- /CMSMS/.htaccess: -------------------------------------------------------------------------------- 1 | # 2 | # HTACCESS : useful tips & tricks 3 | # Special for CMS Made Simple 4 | # uses a lot of good ideas from html5-boilerplate https://github.com/h5bp 5 | # https://github.com/h5bp/server-configs-apache 6 | # 7 | # made by Nicolas (@nico3333fr) 8 | # under WTFPL license 9 | # no warranty: can’t be responsible for anything if you use it 10 | # "great power involves great responsibility" 11 | # 12 | # 13 | 14 | # ------------------------------------------------------------------------------ 15 | # | UTF-8 encoding | 16 | # ------------------------------------------------------------------------------ 17 | 18 | 19 | AddCharset utf-8 .atom .scss .css .js .json .jsonld .rss .vtt .webapp .xml .txt .svg .webmanifest .html .htm 20 | 21 | 22 | 23 | 24 | # ------------------------------------------------------------------------------ 25 | # | Password protection | 26 | # ------------------------------------------------------------------------------ 27 | 28 | 29 | #AuthUserFile /home/your_path/.htpasswd 30 | #AuthGroupFile /dev/null 31 | #AuthName " Restricted access " 32 | #AuthType basic 33 | 34 | # 35 | # Order Deny,Allow 36 | # Deny From All 37 | # Allow From 192.168.1.0/24 38 | 39 | # require valid-user 40 | # Satisfy Any 41 | # 42 | 43 | 44 | 45 | 46 | # ------------------------------------------------------------------------------ 47 | # | Additionnal charset/types/etc. | 48 | # ------------------------------------------------------------------------------ 49 | 50 | 51 | 52 | 53 | # Audio 54 | AddType audio/mp4 m4a f4a f4b 55 | AddType audio/mpeg mp3 56 | AddType audio/ogg oga ogg opus 57 | AddType audio/wav wav 58 | AddType audio/webm webma 59 | 60 | # Data interchange 61 | AddType application/json json map 62 | AddType application/ld+json jsonld 63 | 64 | # JavaScript 65 | # Normalize to standard type. 66 | # http://tools.ietf.org/html/rfc4329#section-7.2 67 | AddType application/javascript js 68 | 69 | # Video 70 | AddType video/mp4 f4v f4p m4v mp4 71 | AddType video/ogg ogv 72 | AddType video/webm webm 73 | AddType video/x-flv flv 74 | 75 | # Web fonts 76 | AddType application/font-woff woff 77 | AddType application/vnd.ms-fontobject eot 78 | AddType application/x-font-ttf ttc ttf 79 | AddType application/x-font-woff woff 80 | AddType application/font-woff2 .woff2 81 | AddType font/opentype otf 82 | 83 | 84 | # Make SVGZ fonts work on the iPad. 85 | # https://twitter.com/FontSquirrel/status/14855840545 86 | AddType image/svg+xml svgz 87 | AddEncoding gzip svgz 88 | 89 | # Other 90 | AddType application/octet-stream safariextz 91 | AddType application/x-chrome-extension crx 92 | AddType application/x-opera-extension oex 93 | AddType application/x-web-app-manifest+json webapp 94 | AddType application/x-xpinstall xpi 95 | AddType application/xml atom rdf rss xml 96 | AddType image/webp webp 97 | AddType image/x-icon cur 98 | AddType image/vnd.microsoft.icon .ico 99 | AddType text/cache-manifest appcache manifest 100 | AddType text/css .css 101 | AddType image/svg+xml svg 102 | AddType text/vtt vtt 103 | AddType text/x-component htc 104 | AddType text/x-vcard vcf 105 | AddType application/vnd.openxmlformats .docx .pptx .xlsx .xltx . xltm .dotx .potx .ppsx 106 | AddType image/webp .webp 107 | AddType application/manifest+json .webmanifest 108 | 109 | 110 | 111 | 112 | 113 | 114 | # ------------------------------------------------------------------------------ 115 | # | force download | 116 | # ------------------------------------------------------------------------------ 117 | 118 | # for xslx 119 | # 120 | # ForceType application/octet-stream 121 | # Header set Content-Disposition attachment 122 | # 123 | 124 | 125 | 126 | 127 | 128 | # ------------------------------------------------------------------------------ 129 | # | for uploadify or upload component | 130 | # ------------------------------------------------------------------------------ 131 | 132 | #php_value max_execution_time 1800 133 | #php_value upload_max_filesize 99M 134 | #php_value post_max_size 99M 135 | #php_value memory_limit 99M 136 | #php_value max_input_time 3600 137 | 138 | 139 | # for some strange cases/components, uncomment only if there is no other way 140 | # 141 | # SecFilterEngine Off 142 | # SecFilterScanPOST Off 143 | # 144 | 145 | 146 | 147 | 148 | # ------------------------------------------------------------------------------ 149 | # | Custom error messages / pages | 150 | # ------------------------------------------------------------------------------ 151 | 152 | # lost & found 153 | ErrorDocument 404 /404.php 154 | 155 | # niet 156 | ErrorDocument 403 /403.php 157 | 158 | # oops, internal server error 159 | ErrorDocument 500 /500.php 160 | 161 | # unauthorized 162 | ErrorDocument 401 /401.php 163 | 164 | # not implemented 165 | #ErrorDocument 418 /418.php 166 | 167 | 168 | 169 | 170 | 171 | # ------------------------------------------------------------------------------ 172 | # | File access | 173 | # ------------------------------------------------------------------------------ 174 | 175 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 176 | # no listing for directories 177 | 178 | 179 | Options -Indexes 180 | 181 | 182 | 183 | 184 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 185 | # prevent accessing to all files excepted those mentionned (be careful to uppercase) 186 | # useful in images folder, better avoid this in root folder! 187 | 188 | # 189 | # Apache 2.2 190 | # deny from all 191 | # Apache 2.4 192 | # Require all denied 193 | # 194 | 195 | 196 | 197 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 198 | # prevent executing PHP file in a folder 199 | # Warning : do NEVER uncomment this in general htaccess, only in folders that need it! 200 | 201 | #RemoveHandler .php .phtml .php3 .php4 .php5 202 | #RemoveType .php .phtml .php3 .php4 .php5 203 | #php_flag engine off 204 | 205 | # To deny PHPs 206 | # 207 | # Apache 2.2 208 | # deny from all 209 | # Apache 2.4 210 | # Require all denied 211 | # 212 | 213 | 214 | 215 | 216 | 217 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 218 | # block access to hidden files & directories 219 | 220 | 221 | RewriteCond %{SCRIPT_FILENAME} -d [OR] 222 | RewriteCond %{SCRIPT_FILENAME} -f 223 | RewriteRule "(^|/)\." - [F] 224 | 225 | 226 | 227 | 228 | 229 | # ------------------------------------------------------------------------------ 230 | # | Rewrite engine | 231 | # ------------------------------------------------------------------------------ 232 | 233 | 234 | Options +FollowSymlinks 235 | # Options +SymLinksIfOwnerMatch 236 | RewriteEngine On 237 | # RewriteBase / 238 | 239 | 240 | 241 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 242 | # examples 243 | 244 | 245 | 246 | # to avoid 404 errors generated by iOS 247 | # see http://www.creativejuiz.fr/blog/veille-technologique/ios-provoque-404-site-web-apple-touch-icon for reference 248 | #RewriteRule ^apple-touch-icon-(.+)\.png apple-touch-icon.png [L] 249 | 250 | # Cache busting for JS 251 | #RewriteCond %{REQUEST_FILENAME} !-f 252 | #RewriteCond %{REQUEST_FILENAME} !-d 253 | #RewriteRule ^(.+)_(\d+)\.(js)$ $1.$3 [L] 254 | 255 | # security.txt 256 | RewriteRule ^.well-known/security\.txt$ security.txt [L] 257 | 258 | # Rewriting for CMSMS 259 | RewriteCond %{REQUEST_FILENAME} !-f 260 | RewriteCond %{REQUEST_FILENAME} !-d 261 | # Avec QSA pour garder les paramètres 262 | RewriteRule ^(.+)$ index.php?page=$1 [QSA] 263 | 264 | 265 | 266 | 267 | # ------------------------------------------------------------------------------ 268 | # | Suppressing / Forcing the `www.` at the beginning of URLs | 269 | # ------------------------------------------------------------------------------ 270 | 271 | # IMPORTANT: NEVER USE THESE RULES AT THE SAME TIME! 272 | # UNCOMMENT THE GOOD ONE ONLY 273 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 274 | 275 | # HTTPS 276 | 277 | # whatever, go to HTTPS 278 | # 279 | # RewriteCond %{HTTPS} !=on 280 | # RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 281 | # 282 | 283 | 284 | # Option 1: rewrite www.example.com → example.com 285 | 286 | # 287 | # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] 288 | # RewriteCond %{SERVER_ADDR} !=127.0.0.1 289 | # RewriteCond %{SERVER_ADDR} !=::1 290 | # RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L] 291 | # 292 | 293 | # Option 2: rewrite example.com → www.example.com 294 | 295 | # 296 | # RewriteCond %{HTTP_HOST} !^www\. [NC] 297 | # RewriteCond %{SERVER_ADDR} !=127.0.0.1 298 | # RewriteCond %{SERVER_ADDR} !=::1 299 | # RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 300 | # 301 | 302 | # Option 3: whatever → www.example.com 303 | 304 | # 305 | # RewriteCond %{HTTP_HOST} !^www\.example\.com [NC] 306 | # RewriteCond %{SERVER_ADDR} !=127.0.0.1 307 | # RewriteCond %{SERVER_ADDR} !=::1 308 | # RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L] 309 | # 310 | 311 | 312 | 313 | # HTTP 314 | 315 | # Option 1: rewrite www.example.com → example.com 316 | 317 | # 318 | # RewriteCond %{HTTPS} !=on 319 | # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] 320 | # RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L] 321 | # 322 | 323 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 324 | 325 | # Option 2: rewrite example.com → www.example.com 326 | 327 | # 328 | # RewriteCond %{HTTPS} !=on 329 | # RewriteCond %{HTTP_HOST} !^www\. [NC] 330 | # RewriteCond %{SERVER_ADDR} !=127.0.0.1 331 | # RewriteCond %{SERVER_ADDR} !=::1 332 | # RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 333 | # 334 | 335 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 336 | 337 | # Option 3: whatever → www.example.com 338 | 339 | # 340 | # RewriteCond %{HTTPS} !=on 341 | # RewriteCond %{HTTP_HOST} !^www\.example\.com [NC] 342 | # RewriteCond %{SERVER_ADDR} !=127.0.0.1 343 | # RewriteCond %{SERVER_ADDR} !=::1 344 | # RewriteRule ^ http://www.example.com%{REQUEST_URI} [R=301,L] 345 | # 346 | 347 | 348 | 349 | 350 | # ------------------------------------------------------------------------------ 351 | # | Compression | 352 | # ------------------------------------------------------------------------------ 353 | 354 | 355 | AddOutputFilter INCLUDES;DEFLATE js 356 | AddOutputFilter INCLUDES;DEFLATE css 357 | AddOutputFilter INCLUDES;DEFLATE php 358 | AddOutputFilter INCLUDES;DEFLATE html 359 | AddOutputFilter INCLUDES;DEFLATE xml 360 | AddOutputFilter INCLUDES;DEFLATE ico 361 | 362 | # webfonts 363 | AddOutputFilter INCLUDES;DEFLATE eot 364 | AddOutputFilter INCLUDES;DEFLATE svg 365 | AddOutputFilter INCLUDES;DEFLATE ttf 366 | 367 | # others 368 | AddOutputFilter INCLUDES;DEFLATE vtt 369 | AddOutputFilter INCLUDES;DEFLATE webmanifest 370 | 371 | 372 | 373 | 374 | 375 | # ------------------------------------------------------------------------------ 376 | # | Security | 377 | # ------------------------------------------------------------------------------ 378 | 379 | # Stops a browser from trying to MIME-sniff 380 | 381 | Header always set X-Content-Type-Options "nosniff" 382 | 383 | 384 | # Avoid Clickjacking and enable XSS-protection for browsers 385 | 386 | 387 | # security 388 | Header set X-Frame-Options "DENY" 389 | Header set X-XSS-Protection "1; mode=block" 390 | 391 | 392 | 393 | # CORS 394 | # 395 | # Header set Access-Control-Allow-Origin "*" 396 | # 397 | 398 | 399 | # warning : CMSMS 2.x doesn’t like X-Frame DENY in some admin modules 400 | # put this in your CMS admin folder 401 | 402 | # 403 | # 404 | # Header set X-Frame-Options "ALLOW" 405 | # 406 | # 407 | 408 | 409 | 410 | 411 | # ------------------------------------------------------------------------------ 412 | # | Cache + | 413 | # ------------------------------------------------------------------------------ 414 | 415 | # CACHE + ETags 416 | 417 | 418 | Header unset Set-Cookie 419 | Header set Cache-Control "max-age=21772800" 420 | header set vary "Accept-Encoding" 421 | header append vary "User-Agent" 422 | header append Cache-Control "public" 423 | header append Keep-Alive "timeout=5, max=100" 424 | header append Connection "Keep-Alive" 425 | FileETag None 426 | 427 | 428 | 429 | # 10 minutes = HTML, XML (RSS) 430 | 431 | 432 | Header set Cache-Control "max-age=600" 433 | header set vary "Accept-Encoding" 434 | header append vary "User-Agent" 435 | header append Cache-Control "private" 436 | FileETag None 437 | 438 | 439 | 440 | # DONT CACHE = NO CACHE FOR PHP 441 | 442 | 443 | Header unset Cache-Control 444 | Header unset Expires 445 | Header unset Last-Modified 446 | Header unset Pragma 447 | #BrowserMatch "MSIE" force-no-vary 448 | FileETag None 449 | header set vary "Accept-Encoding" 450 | header append vary "User-Agent" 451 | header append Cache-Control "private" 452 | 453 | #Header set X-UA-Compatible "IE=edge" 454 | 455 | 456 | 457 | 458 | 459 | 460 | 461 | # ------------------------------------------------------------------------------ 462 | # | Redirects | 463 | # ------------------------------------------------------------------------------ 464 | 465 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 466 | # permanent 467 | # RedirectPermanent /old-page.php http://www.mysite.com/new-page.php 468 | 469 | 470 | 471 | 472 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 473 | # temporary 474 | # RedirectTemp /old-page.php http://www.mysite.com/new-page.php 475 | 476 | 477 | 478 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 479 | # other examples 480 | # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 481 | # 482 | # URL with querystring to new one keeping the querystring (301 = permanent) 483 | # RewriteCond %{QUERY_STRING} id=(\w+) 484 | # RewriteRule ^old_path/index\.php http://www.new_site.com/new_path/index.php?id=%1 [L,R=301] 485 | 486 | # URL to a hash fragment /some-path/whatever/ => /some-path/#whatever 487 | # RewriteRule ^/some-path/(.*)/?$ /some-path/#$1 [R=301,L,NE] 488 | 489 | # Rewrite short URL noooo to a file 490 | # RewriteRule ^noooo$ /images/nooo.gif [L] 491 | --------------------------------------------------------------------------------