API tools faq
paste
Cybersmog

.htaccess

Cybersmog
Dec 14th, 2016
134
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.75 KB | None | 0 0
raw download clone embed print report
  1. # password protection for development environment
  2. SetEnvIfNoCase Host development\.domain\.tld authRequired
  3. SetEnvIfNoCase Host staging\.domain\.tld authRequired
  4. AuthType Basic
  5. AuthName "Development"
  6. AuthUserFile /path/to/development/.htpasswd
  7. Order Allow,Deny
  8. Allow from all
  9. Deny from env=authRequired
  10. Satisfy any
  11. Require valid-user
  12.  
  13. # set ApplicationContext based on hostname
  14. SetEnvIf Host ".*" TYPO3_CONTEXT=Production
  15. SetEnvIf Host "development\.domain\.tld" TYPO3_CONTEXT=Development
  16.  
  17. # Errorpages
  18. ErrorDocument 404 /fehler-404/
  19.  
  20. ### Begin: Compression ###
  21.  
  22. # Compressing resource files will save bandwidth and so improve loading speed especially for users
  23. # with slower internet connections. TYPO3 can compress the .js and .css files for you.
  24. # *) Uncomment the following lines and
  25. # *) Set $GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel'] = 9 for the Backend
  26. # *) Set $GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'] = 9 together with the TypoScript properties
  27. # config.compressJs and config.compressCss for GZIP compression of Frontend JS and CSS files.
  28.  
  29. <FilesMatch "\.js\.gzip$">
  30. AddType "text/javascript" .gzip
  31. </FilesMatch>
  32. <FilesMatch "\.css\.gzip$">
  33. AddType "text/css" .gzip
  34. </FilesMatch>
  35. AddEncoding gzip .gzip
  36.  
  37. <IfModule mod_deflate.c>
  38. # Force compression for mangled `Accept-Encoding` request headers
  39. <IfModule mod_setenvif.c>
  40. <IfModule mod_headers.c>
  41. SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
  42. RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
  43. </IfModule>
  44. </IfModule>
  45.  
  46. # Compress all output labeled with one of the following media types.
  47. #
  48. # (!) For Apache versions below version 2.3.7 you don't need to
  49. # enable `mod_filter` and can remove the `<IfModule mod_filter.c>`
  50. # and `</IfModule>` lines as `AddOutputFilterByType` is still in
  51. # the core directives.
  52. #
  53. # https://httpd.apache.org/docs/current/mod/mod_filter.html#addoutputfilterbytype
  54.  
  55. <IfModule mod_filter.c>
  56. AddOutputFilterByType DEFLATE application/atom+xml \
  57. application/javascript \
  58. application/json \
  59. application/ld+json \
  60. application/manifest+json \
  61. application/rdf+xml \
  62. application/rss+xml \
  63. application/schema+json \
  64. application/vnd.geo+json \
  65. application/vnd.ms-fontobject \
  66. application/x-font-ttf \
  67. application/x-javascript \
  68. application/x-web-app-manifest+json \
  69. application/xhtml+xml \
  70. application/xml \
  71. font/eot \
  72. font/opentype \
  73. image/bmp \
  74. image/svg+xml \
  75. image/vnd.microsoft.icon \
  76. image/x-icon \
  77. text/cache-manifest \
  78. text/css \
  79. text/html \
  80. text/javascript \
  81. text/plain \
  82. text/vcard \
  83. text/vnd.rim.location.xloc \
  84. text/vtt \
  85. text/x-component \
  86. text/x-cross-domain-policy \
  87. text/xml
  88. </IfModule>
  89.  
  90. <IfModule mod_mime.c>
  91. AddEncoding gzip svgz
  92. </IfModule>
  93. </IfModule>
  94.  
  95. ### End: Compression ###
  96.  
  97.  
  98.  
  99. ### Begin: Browser caching of resource files ###
  100.  
  101. # This affects Frontend and Backend and increases performance.
  102. <IfModule mod_expires.c>
  103.  
  104. ExpiresActive on
  105. ExpiresDefault "access plus 1 month"
  106.  
  107. ExpiresByType text/css "access plus 1 year"
  108.  
  109. ExpiresByType application/json "access plus 0 seconds"
  110. ExpiresByType application/ld+json "access plus 0 seconds"
  111. ExpiresByType application/schema+json "access plus 0 seconds"
  112. ExpiresByType application/vnd.geo+json "access plus 0 seconds"
  113. ExpiresByType application/xml "access plus 0 seconds"
  114. ExpiresByType text/xml "access plus 0 seconds"
  115.  
  116. ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
  117. ExpiresByType image/x-icon "access plus 1 week"
  118.  
  119. ExpiresByType text/x-component "access plus 1 month"
  120.  
  121. ExpiresByType text/html "access plus 0 seconds"
  122.  
  123. ExpiresByType application/javascript "access plus 1 year"
  124. ExpiresByType application/x-javascript "access plus 1 year"
  125. ExpiresByType text/javascript "access plus 1 year"
  126.  
  127. ExpiresByType application/manifest+json "access plus 1 week"
  128. ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
  129. ExpiresByType text/cache-manifest "access plus 0 seconds"
  130.  
  131. ExpiresByType audio/ogg "access plus 1 month"
  132. ExpiresByType image/bmp "access plus 1 month"
  133. ExpiresByType image/gif "access plus 1 month"
  134. ExpiresByType image/jpeg "access plus 1 month"
  135. ExpiresByType image/png "access plus 1 month"
  136. ExpiresByType image/svg+xml "access plus 1 month"
  137. ExpiresByType image/webp "access plus 1 month"
  138. ExpiresByType video/mp4 "access plus 1 month"
  139. ExpiresByType video/ogg "access plus 1 month"
  140. ExpiresByType video/webm "access plus 1 month"
  141.  
  142. ExpiresByType application/atom+xml "access plus 1 hour"
  143. ExpiresByType application/rdf+xml "access plus 1 hour"
  144. ExpiresByType application/rss+xml "access plus 1 hour"
  145.  
  146. ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
  147. ExpiresByType font/eot "access plus 1 month"
  148. ExpiresByType font/opentype "access plus 1 month"
  149. ExpiresByType application/x-font-ttf "access plus 1 month"
  150. ExpiresByType application/font-woff "access plus 1 month"
  151. ExpiresByType application/x-font-woff "access plus 1 month"
  152. ExpiresByType font/woff "access plus 1 month"
  153. ExpiresByType application/font-woff2 "access plus 1 month"
  154.  
  155. ExpiresByType text/x-cross-domain-policy "access plus 1 week"
  156.  
  157. </IfModule>
  158.  
  159. ### End: Browser caching of resource files ###
  160.  
  161.  
  162. ### Begin: MIME types ###
  163.  
  164. # Proper MIME types for all files
  165. <IfModule mod_mime.c>
  166.  
  167. # Data interchange
  168. AddType application/atom+xml atom
  169. AddType application/json json map topojson
  170. AddType application/ld+json jsonld
  171. AddType application/rss+xml rss
  172. AddType application/vnd.geo+json geojson
  173. AddType application/xml rdf xml
  174.  
  175. # JavaScript
  176. AddType application/javascript js
  177.  
  178. # Manifest files
  179. AddType application/manifest+json webmanifest
  180. AddType application/x-web-app-manifest+json webapp
  181. AddType text/cache-manifest appcache
  182.  
  183. # Media files
  184.  
  185. AddType audio/mp4 f4a f4b m4a
  186. AddType audio/ogg oga ogg opus
  187. AddType image/bmp bmp
  188. AddType image/svg+xml svg svgz
  189. AddType image/webp webp
  190. AddType video/mp4 f4v f4p m4v mp4
  191. AddType video/ogg ogv
  192. AddType video/webm webm
  193. AddType video/x-flv flv
  194. AddType image/x-icon cur ico
  195.  
  196. # Web fonts
  197. AddType application/font-woff woff
  198. AddType application/font-woff2 woff2
  199. AddType application/vnd.ms-fontobject eot
  200. AddType application/x-font-ttf ttc ttf
  201. AddType font/opentype otf
  202.  
  203. # Other
  204. AddType application/octet-stream safariextz
  205. AddType application/x-bb-appworld bbaw
  206. AddType application/x-chrome-extension crx
  207. AddType application/x-opera-extension oex
  208. AddType application/x-xpinstall xpi
  209. AddType text/vcard vcard vcf
  210. AddType text/vnd.rim.location.xloc xloc
  211. AddType text/vtt vtt
  212. AddType text/x-component htc
  213.  
  214. </IfModule>
  215.  
  216. # UTF-8 encoding
  217. AddDefaultCharset utf-8
  218. <IfModule mod_mime.c>
  219. AddCharset utf-8 .atom .css .js .json .manifest .rdf .rss .vtt .webapp .webmanifest .xml
  220. </IfModule>
  221.  
  222. ### End: MIME types ###
  223.  
  224.  
  225.  
  226. ### Begin: Cross Origin ###
  227.  
  228. # Send the CORS header for images when browsers request it.
  229. <IfModule mod_setenvif.c>
  230. <IfModule mod_headers.c>
  231. <FilesMatch "\.(bmp|cur|gif|ico|jpe?g|png|svgz?|webp)$">
  232. SetEnvIf Origin ":" IS_CORS
  233. Header set Access-Control-Allow-Origin "*" env=IS_CORS
  234. </FilesMatch>
  235. </IfModule>
  236. </IfModule>
  237.  
  238. # Allow cross-origin access to web fonts.
  239. <IfModule mod_headers.c>
  240. <FilesMatch "\.(eot|otf|tt[cf]|woff2?)$">
  241. Header set Access-Control-Allow-Origin "*"
  242. </FilesMatch>
  243. </IfModule>
  244.  
  245. ### End: Cross Origin ###
  246.  
  247.  
  248.  
  249. ### Begin: Rewriting and Access ###
  250.  
  251. # You need rewriting, if you use a URL-Rewriting extension (RealURL, CoolUri).
  252.  
  253. <IfModule mod_rewrite.c>
  254.  
  255. # Enable URL rewriting
  256. RewriteEngine On
  257.  
  258. # Redirect all requests without www.
  259. RewriteCond %{HTTP_HOST} ^domain.tld$
  260. RewriteRule ^(.*)$ https://www.domain.tld/$1 [L,R=301]
  261.  
  262. # Enforce SSL encryption
  263. RewriteCond %{HTTPS} off
  264. RewriteCond %{HTTP_HOST} ^www.domain.tld$
  265. RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
  266.  
  267. ### Begin: Static File Cache (preparation) ####
  268.  
  269. # Document root configuration
  270. RewriteCond %{HTTP_HOST} development.domain.tld [NC]
  271. RewriteRule .* - [E=KWS_ROOT:/path/to/development/web/]
  272.  
  273. RewriteCond %{HTTP_HOST} www.domain.tld [NC]
  274. RewriteRule .* - [E=KWS_ROOT:/path/to/production/web/]
  275.  
  276. RewriteRule .* - [E=SFC_ROOT:%{ENV:KWS_ROOT}]
  277.  
  278. # Cleanup URI
  279. RewriteCond %{REQUEST_URI} ^.*$
  280. RewriteRule .* - [E=SFC_URI:/%{REQUEST_URI}]
  281. RewriteCond %{REQUEST_URI} ^/.*$
  282. RewriteRule .* - [E=SFC_URI:%{REQUEST_URI}]
  283. RewriteCond %{REQUEST_URI} ^/?$
  284. RewriteRule .* - [E=SFC_URI:/]
  285.  
  286. # Cleanup HOST
  287. RewriteCond %{HTTP_HOST} ^([^:]+)(:[0-9]+)?$
  288. RewriteRule .* - [E=SFC_HOST:%1]
  289.  
  290. # Get scheme/protocol
  291. RewriteCond %{SERVER_PORT} ^443$ [OR]
  292. RewriteCond %{HTTP:X-Forwarded-Proto} https
  293. RewriteRule .* - [E=SFC_PROTOCOL:https]
  294. RewriteCond %{SERVER_PORT} !^443$
  295. RewriteCond %{HTTP:X-Forwarded-Proto} !https
  296. RewriteRule .* - [E=SFC_PROTOCOL:http]
  297.  
  298. # Set gzip extension into an environment variable if the visitors browser can handle gzipped content.
  299. RewriteCond %{HTTP:Accept-Encoding} gzip [NC]
  300. RewriteRule .* - [E=SFC_GZIP:.gz]
  301. #RewriteRule .* - [E=SFC_GZIP:] # Add this line, to disable the gzip redirect
  302.  
  303. # Check if the requested file exists in the cache, otherwise default to index.html that
  304. # set in an environment variable that is used later on
  305. RewriteCond %{ENV:SFC_ROOT}typo3temp/tx_staticfilecache/%{ENV:SFC_PROTOCOL}/%{ENV:SFC_HOST}%{ENV:SFC_URI} !-f
  306. RewriteRule .* - [E=SFC_FILE:/index.html]
  307.  
  308. ### Begin: Static File Cache (main) ####
  309.  
  310. # We only redirect URI's without query strings
  311. RewriteCond %{QUERY_STRING} ^$
  312.  
  313. # It only makes sense to do the other checks if a static file actually exists.
  314. RewriteCond %{ENV:SFC_ROOT}typo3temp/tx_staticfilecache/%{ENV:SFC_PROTOCOL}/%{ENV:SFC_HOST}%{ENV:SFC_URI}%{ENV:SFC_FILE}%{ENV:SFC_GZIP} -f
  315.  
  316. # NO frontend user is logged in. Logged in frontend users may see different
  317. # information than anonymous users. But the anonymous version is cached. So
  318. # don't show the anonymous version to logged in frontend users.
  319. RewriteCond %{HTTP_COOKIE} !staticfilecache [NC]
  320.  
  321. # We only redirect GET requests
  322. RewriteCond %{REQUEST_METHOD} GET
  323.  
  324. # NO backend user is logged in. Please note that the be_typo_user cookie expires at the end of the browser session.
  325. # If you have logged out of the TYPO3 backend and are expecting to see cached pages but don't.
  326. # Please close this browser session first or remove the cookie manually or use another browser to hit your frontend.
  327. RewriteCond %{HTTP_COOKIE} !be_typo_user [NC]
  328.  
  329. # never fetch xml files from cache
  330. RewriteCond %{REQUEST_FILENAME} !^.*\.xml$
  331.  
  332. # Rewrite the request to the static file.
  333. RewriteRule .* typo3temp/tx_staticfilecache/%{ENV:SFC_PROTOCOL}/%{ENV:SFC_HOST}%{ENV:SFC_URI}%{ENV:SFC_FILE}%{ENV:SFC_GZIP}
  334.  
  335. # Do not allow direct call the cache entries
  336. RewriteCond %{ENV:SFC_URI} ^/typo3temp/tx_staticfilecache/.*
  337. RewriteCond %{ENV:REDIRECT_STATUS} ^$
  338. RewriteRule .* - [F,L]
  339.  
  340. ### Begin: Static File Cache (options) ####
  341.  
  342. # Set proper content type and encoding for gzipped html.
  343. <FilesMatch "\.gz">
  344. <IfModule mod_headers.c>
  345. Header set Content-Encoding gzip
  346. </IfModule>
  347. </FilesMatch>
  348.  
  349. # if there are same problems with ForceType, please try the AddType alternative
  350. # Set proper content type gzipped html
  351. <FilesMatch "\.html\.gz">
  352. ForceType text/html
  353. AddType "text/html" .gz
  354. </FilesMatch>
  355. <FilesMatch "\.xml\.gz">
  356. ForceType text/xml
  357. AddType "text/xml" .gz
  358. </FilesMatch>
  359. <FilesMatch "\.rss\.gz">
  360. ForceType text/xml
  361. AddType "text/xml" .gz
  362. </FilesMatch>
  363.  
  364. ### End: Static File Cache ###
  365.  
  366. # Store the current location in an environment variable CWD to use
  367. # mod_rewrite in .htaccess files without knowing the RewriteBase
  368. RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$
  369. RewriteRule ^.*$ - [E=CWD:%2]
  370.  
  371. # Rule for versioned static files, configured through:
  372. # - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename']
  373. # - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename']
  374. # IMPORTANT: This rule has to be the very first RewriteCond in order to work!
  375. RewriteCond %{REQUEST_FILENAME} !-f
  376. RewriteCond %{REQUEST_FILENAME} !-d
  377. RewriteRule ^(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ %{ENV:CWD}$1.$3 [L]
  378.  
  379. # Favicons
  380. RewriteRule ^favicon.ico$ /typo3conf/ext/kws_theme_foobar/Resources/Public/Images/favicons/favicon.ico [L]
  381.  
  382. # Access block for folders
  383. RewriteRule _(?:recycler|temp)_/ - [F]
  384. RewriteRule fileadmin/templates/.*\.(?:txt|ts)$ - [F]
  385. RewriteRule ^(?:vendor|typo3_src|typo3temp/logs) - [F]
  386. RewriteRule (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ - [F]
  387.  
  388. # Block access to all hidden files and directories with the exception of
  389. # the visible content from within the `/.well-known/` hidden directory (RFC 5785).
  390. RewriteCond %{REQUEST_URI} "!(^|/)\.well-known/([^./]+./?)+$" [NC]
  391. RewriteCond %{SCRIPT_FILENAME} -d [OR]
  392. RewriteCond %{SCRIPT_FILENAME} -f
  393. RewriteRule (?:^|/)\. - [F]
  394.  
  395. # Stop rewrite processing, if we are in the typo3/ directory or any other known directory
  396. # NOTE: Add your additional local storages here
  397. RewriteRule ^(?:typo3/|fileadmin/|typo3conf/|typo3temp/|uploads/|favicon\.ico) - [L]
  398.  
  399. # If the file/symlink/directory does not exist => Redirect to index.php.
  400. # For httpd.conf, you need to prefix each '%{REQUEST_FILENAME}' with '%{DOCUMENT_ROOT}'.
  401. RewriteCond %{REQUEST_FILENAME} !-f
  402. RewriteCond %{REQUEST_FILENAME} !-d
  403. RewriteCond %{REQUEST_FILENAME} !-l
  404. RewriteRule ^.*$ %{ENV:CWD}index.php [QSA,L]
  405.  
  406. </IfModule>
  407.  
  408. # Access block for files
  409. <FilesMatch "(?i:^\.|^#.*#|^(?:ChangeLog|ToDo|Readme|License)(?:\.md|\.txt)?|^composer\.(?:json|lock)|^ext_conf_template\.txt|^ext_typoscript_constants\.txt|^ext_typoscript_setup\.txt|flexform[^.]*\.xml|locallang[^.]*\.(?:xml|xlf)|\.(?:bak|co?nf|cfg|ya?ml|ts|dist|fla|in[ci]|log|sh|sql(?:\..*)?|sw[op]|git.*)|.*(?:~|rc))$">
  410. # Apache < 2.3
  411. <IfModule !mod_authz_core.c>
  412. Order allow,deny
  413. Deny from all
  414. Satisfy All
  415. </IfModule>
  416.  
  417. # Apache ≥ 2.3
  418. <IfModule mod_authz_core.c>
  419. Require all denied
  420. </IfModule>
  421. </FilesMatch>
  422.  
  423. # Block access to vcs directories
  424. <IfModule mod_alias.c>
  425. RedirectMatch 404 /\.(?:git|svn|hg)/
  426. </IfModule>
  427.  
  428. ### End: Rewriting and Access ###
  429.  
  430.  
  431.  
  432. ### Begin: Miscellaneous ###
  433.  
  434. # 404 error prevention for non-existing redirected folders
  435. Options -MultiViews
  436.  
  437. # Make sure that directory listings are disabled.
  438. <IfModule mod_autoindex.c>
  439. Options -Indexes
  440. </IfModule>
  441.  
  442. <IfModule mod_headers.c>
  443. # Force IE to render pages in the highest available mode
  444. Header set X-UA-Compatible "IE=edge"
  445. <FilesMatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svgz?|ttf|vcf|webapp|webm|webp|woff2?|xml|xpi)$">
  446. Header unset X-UA-Compatible
  447. </FilesMatch>
  448.  
  449. # Reducing MIME type security risks
  450. Header set X-Content-Type-Options "nosniff"
  451. </IfModule>
  452.  
  453. # ETag removal
  454. <IfModule mod_headers.c>
  455. Header unset ETag
  456. </IfModule>
  457. FileETag None
  458.  
  459. ### End: Miscellaneous ###
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!