You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
374 lines
16 KiB
ApacheConf
374 lines
16 KiB
ApacheConf
# Apache configuration file
|
|
|
|
# ----------------------------------------------------------------------
|
|
# Better website experience for IE users
|
|
# ----------------------------------------------------------------------
|
|
|
|
# Force the latest IE version, in various cases when it may fall back to IE7 mode
|
|
# github.com/rails/rails/commit/123eb25#commitcomment-118920
|
|
# Use ChromeFrame if it's installed for a better experience for the poor IE folk
|
|
<IfModule mod_headers.c>
|
|
Header set X-UA-Compatible "IE=Edge,chrome=1"
|
|
# mod_headers can't match by content-type, but we don't want to send this header on *everything*...
|
|
<FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >
|
|
Header unset X-UA-Compatible
|
|
</FilesMatch>
|
|
</IfModule>
|
|
|
|
# ----------------------------------------------------------------------
|
|
# Cross-domain AJAX requests
|
|
# ----------------------------------------------------------------------
|
|
# Serve cross-domain Ajax requests, disabled by default.
|
|
# enable-cors.org
|
|
# code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
|
|
|
|
# <IfModule mod_headers.c>
|
|
# Header set Access-Control-Allow-Origin "*"
|
|
# </IfModule>
|
|
|
|
# ----------------------------------------------------------------------
|
|
# CORS-enabled images (@crossorigin)
|
|
# ----------------------------------------------------------------------
|
|
# Send CORS headers if browsers request them; enabled by default for images.
|
|
# developer.mozilla.org/en/CORS_Enabled_Image
|
|
# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
|
|
# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
|
|
# wiki.mozilla.org/Security/Reviews/crossoriginAttribute
|
|
|
|
<IfModule mod_setenvif.c>
|
|
<IfModule mod_headers.c>
|
|
# mod_headers, y u no match by Content-Type?!
|
|
<FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
|
|
SetEnvIf Origin ":" IS_CORS
|
|
Header set Access-Control-Allow-Origin "*" env=IS_CORS
|
|
</FilesMatch>
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
# ----------------------------------------------------------------------
|
|
# Webfont access
|
|
# ----------------------------------------------------------------------
|
|
|
|
# Allow access from all domains for webfonts.
|
|
# Alternatively you could only whitelist your
|
|
# subdomains like "subdomain.example.com".
|
|
|
|
<IfModule mod_headers.c>
|
|
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
|
|
Header set Access-Control-Allow-Origin "*"
|
|
</FilesMatch>
|
|
</IfModule>
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
# Proper MIME type for all files
|
|
# ----------------------------------------------------------------------
|
|
|
|
# JavaScript
|
|
# Normalize to standard type (it's sniffed in IE anyways)
|
|
# tools.ietf.org/html/rfc4329#section-7.2
|
|
AddType application/javascript js
|
|
|
|
# Audio
|
|
AddType audio/ogg oga ogg
|
|
AddType audio/mp4 m4a
|
|
|
|
# Video
|
|
AddType video/ogg ogv
|
|
AddType video/mp4 mp4 m4v
|
|
AddType video/webm webm
|
|
|
|
# SVG
|
|
# Required for svg webfonts on iPad
|
|
# twitter.com/FontSquirrel/status/14855840545
|
|
AddType image/svg+xml svg svgz
|
|
AddEncoding gzip svgz
|
|
|
|
# Webfonts
|
|
AddType application/vnd.ms-fontobject eot
|
|
AddType application/x-font-ttf ttf ttc
|
|
AddType font/opentype otf
|
|
AddType application/x-font-woff woff
|
|
|
|
# Assorted types
|
|
AddType image/x-icon ico
|
|
AddType image/webp webp
|
|
AddType text/cache-manifest appcache manifest
|
|
AddType text/x-component htc
|
|
AddType application/x-chrome-extension crx
|
|
AddType application/x-opera-extension oex
|
|
AddType application/x-xpinstall xpi
|
|
AddType application/octet-stream safariextz
|
|
AddType application/x-web-app-manifest+json webapp
|
|
AddType text/x-vcard vcf
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
# Gzip compression
|
|
# ----------------------------------------------------------------------
|
|
|
|
<IfModule mod_deflate.c>
|
|
# Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
|
|
<IfModule mod_setenvif.c>
|
|
<IfModule mod_headers.c>
|
|
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
|
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
# HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
|
|
<IfModule filter_module>
|
|
<IfModule version.c>
|
|
<IfVersion >= 2.4>
|
|
FilterDeclare COMPRESS
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'text/html'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'text/css'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'text/plain'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'text/xml'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'text/x-component'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'application/javascript'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'application/json'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'application/xml'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'application/xhtml+xml'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'application/rss+xml'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'application/atom+xml'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'application/vnd.ms-fontobject'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'image/svg+xml'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'image/x-icon'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'application/x-font-ttf'"
|
|
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = 'font/opentype'"
|
|
FilterChain COMPRESS
|
|
FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
|
|
</IfVersion>
|
|
<IfVersion <= 2.2>
|
|
FilterDeclare COMPRESS
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/x-component
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/javascript
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/json
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xml
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xhtml+xml
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/rss+xml
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/atom+xml
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/vnd.ms-fontobject
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $image/svg+xml
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $image/x-icon
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-font-ttf
|
|
FilterProvider COMPRESS DEFLATE resp=Content-Type $font/opentype
|
|
FilterChain COMPRESS
|
|
FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
|
|
|
|
</IfVersion>
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
<IfModule !mod_filter.c>
|
|
# Legacy versions of Apache
|
|
AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
|
|
AddOutputFilterByType DEFLATE application/javascript
|
|
AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
|
|
AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
|
|
AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
# Expires headers (for better cache control)
|
|
# ----------------------------------------------------------------------
|
|
|
|
# These are pretty far-future expires headers.
|
|
# They assume you control versioning with cachebusting query params like
|
|
# <script src="application.js?20100608">
|
|
# Additionally, consider that outdated proxies may miscache
|
|
# www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
|
|
|
|
# If you don't use filenames to version, lower the CSS and JS to something like
|
|
# "access plus 1 week" or so.
|
|
|
|
<IfModule mod_expires.c>
|
|
ExpiresActive on
|
|
|
|
# Perhaps better to whitelist expires rules? Perhaps.
|
|
ExpiresDefault "access plus 1 month"
|
|
|
|
# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
|
|
ExpiresByType text/cache-manifest "access plus 0 seconds"
|
|
|
|
# Your document html
|
|
ExpiresByType text/html "access plus 0 seconds"
|
|
|
|
# Data
|
|
ExpiresByType text/xml "access plus 0 seconds"
|
|
ExpiresByType application/xml "access plus 0 seconds"
|
|
ExpiresByType application/json "access plus 0 seconds"
|
|
|
|
# Feed
|
|
ExpiresByType application/rss+xml "access plus 1 hour"
|
|
ExpiresByType application/atom+xml "access plus 1 hour"
|
|
|
|
# Favicon (cannot be renamed)
|
|
ExpiresByType image/x-icon "access plus 1 week"
|
|
|
|
# Media: images, video, audio
|
|
ExpiresByType image/gif "access plus 6 hours"
|
|
ExpiresByType image/png "access plus 6 hours"
|
|
ExpiresByType image/jpg "access plus 6 hours"
|
|
ExpiresByType image/jpeg "access plus 6 hours"
|
|
ExpiresByType video/ogg "access plus 6 hours"
|
|
ExpiresByType audio/ogg "access plus 6 hours"
|
|
ExpiresByType video/mp4 "access plus 6 hours"
|
|
ExpiresByType video/webm "access plus 6 hours"
|
|
|
|
# HTC files (css3pie)
|
|
ExpiresByType text/x-component "access plus 1 month"
|
|
|
|
# Webfonts
|
|
ExpiresByType application/x-font-ttf "access plus 1 month"
|
|
ExpiresByType font/opentype "access plus 1 month"
|
|
ExpiresByType application/x-font-woff "access plus 1 month"
|
|
ExpiresByType image/svg+xml "access plus 1 month"
|
|
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
|
|
|
|
# CSS and JavaScript
|
|
ExpiresByType text/css "access plus 1 year"
|
|
ExpiresByType application/javascript "access plus 1 year"
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
# ETag removal
|
|
# ----------------------------------------------------------------------
|
|
|
|
# FileETag None is not enough for every server.
|
|
<IfModule mod_headers.c>
|
|
Header unset ETag
|
|
</IfModule>
|
|
|
|
# Since we're sending far-future expires, we don't need ETags for
|
|
# static content.
|
|
# developer.yahoo.com/performance/rules.html#etags
|
|
FileETag None
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
# UTF-8 encoding
|
|
# ----------------------------------------------------------------------
|
|
|
|
# Use UTF-8 encoding for anything served text/plain or text/html
|
|
AddDefaultCharset utf-8
|
|
|
|
# Force UTF-8 for a number of file formats
|
|
AddCharset utf-8 .css .js .xml .json .rss .atom
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
# A little more security
|
|
# ----------------------------------------------------------------------
|
|
# "-Indexes" will have Apache block users from browsing folders without a default document
|
|
# Usually you should leave this activated, because you shouldn't allow everybody to surf through
|
|
# every folder on your server (which includes rather private places like CMS system folders).
|
|
<IfModule mod_autoindex.c>
|
|
Options -Indexes
|
|
</IfModule>
|
|
|
|
# Block access to "hidden" directories whose names begin with a period. This
|
|
# includes directories used by version control systems such as Subversion or Git.
|
|
<IfModule mod_rewrite.c>
|
|
RewriteCond %{SCRIPT_FILENAME} -d
|
|
RewriteCond %{SCRIPT_FILENAME} -f
|
|
RewriteRule "(^|/)\." - [F]
|
|
</IfModule>
|
|
|
|
# Block access to backup and source files
|
|
# This files may be left by some text/html editors and
|
|
# pose a great security danger, when someone can access them
|
|
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
|
|
Order allow,deny
|
|
Deny from all
|
|
Satisfy All
|
|
</FilesMatch>
|
|
|
|
# Increase cookie security
|
|
<IfModule php5_module>
|
|
php_value session.cookie_httponly true
|
|
</IfModule>
|
|
|
|
|
|
|
|
# Use the front controller as index file. It serves as a fallback solution when
|
|
# every other rewrite/redirect fails (e.g. in an aliased environment without
|
|
# mod_rewrite). Additionally, this reduces the matching process for the
|
|
# start page (path "/") because otherwise Apache will apply the rewriting rules
|
|
# to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
|
|
DirectoryIndex index.php
|
|
|
|
# By default, Apache does not evaluate symbolic links if you did not enable this
|
|
# feature in your server configuration. Uncomment the following line if you
|
|
# install assets as symlinks or if you experience problems related to symlinks
|
|
# when compiling LESS/Sass/CoffeScript assets.
|
|
# Options FollowSymlinks
|
|
|
|
# Disabling MultiViews prevents unwanted negotiation, e.g. "/index" should not resolve
|
|
# to the front controller "/index.php" but be rewritten to "/index.php/index".
|
|
<IfModule mod_negotiation.c>
|
|
Options -MultiViews
|
|
</IfModule>
|
|
|
|
<IfModule mod_rewrite.c>
|
|
RewriteEngine On
|
|
|
|
# Determine the RewriteBase automatically and set it as environment variable.
|
|
# If you are using Apache aliases to do mass virtual hosting or installed the
|
|
# project in a subdirectory, the base path will be prepended to allow proper
|
|
# resolution of the index.php file and to redirect to the correct URI. It will
|
|
# work in environments without path prefix as well, providing a safe, one-size
|
|
# fits all solution. But as you do not need it in this case, you can comment
|
|
# the following 2 lines to eliminate the overhead.
|
|
RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
|
|
RewriteRule .* - [E=BASE:%1]
|
|
|
|
# Sets the HTTP_AUTHORIZATION header removed by Apache
|
|
RewriteCond %{HTTP:Authorization} .+
|
|
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
|
|
|
|
# Redirect to URI without front controller to prevent duplicate content
|
|
# (with and without `/index.php`). Only do this redirect on the initial
|
|
# rewrite by Apache and not on subsequent cycles. Otherwise we would get an
|
|
# endless redirect loop (request -> rewrite to front controller ->
|
|
# redirect -> request -> ...).
|
|
# So in case you get a "too many redirects" error or you always get redirected
|
|
# to the start page because your Apache does not expose the REDIRECT_STATUS
|
|
# environment variable, you have 2 choices:
|
|
# - disable this feature by commenting the following 2 lines or
|
|
# - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
|
|
# following RewriteCond (best solution)
|
|
RewriteCond %{ENV:REDIRECT_STATUS} =""
|
|
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
|
|
|
|
# If the requested filename exists, simply serve it.
|
|
# We only want to let Apache serve files and not directories.
|
|
# Rewrite all other queries to the front controller.
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteRule ^ %{ENV:BASE}/index.php [L]
|
|
</IfModule>
|
|
|
|
<IfModule !mod_rewrite.c>
|
|
<IfModule mod_alias.c>
|
|
# When mod_rewrite is not available, we instruct a temporary redirect of
|
|
# the start page to the front controller explicitly so that the website
|
|
# and the generated links can still be used.
|
|
RedirectMatch 307 ^/$ /index.php/
|
|
# RedirectTemp cannot be used instead
|
|
</IfModule>
|
|
</IfModule> |