# ----------------------------------------------------------------------# Star

1. # ----------------------------------------------------------------------
2. # Start rewrite engine
3. # ----------------------------------------------------------------------
4.  
5. <IfModule mod_rewrite.c>
6.     Options +FollowSymlinks
7. #   Options +SymLinksIfOwnerMatch
8.     RewriteEngine On
9.     RewriteBase /
10. </IfModule>
11.  
12. RewriteCond %{REQUEST_FILENAME} !-d
13. RewriteCond %{REQUEST_FILENAME} !-f
14.  
15. RewriteRule ^(.+)$ $1.php [QSA,L]
16.  
17.  
18. # ----------------------------------------------------------------------
19. # Custom error pages
20. # ----------------------------------------------------------------------
21. ErrorDocument 404 /404.php
22.  
23. # -------------------------------
24. # Prevent 404 errors for non-existing redirected folders
25. # -------------------------------
26. Options -MultiViews
27.  
28. # ----------------------------------------------------------------------
29. # Better website experience for IE users
30. # ----------------------------------------------------------------------
31.  
32. <IfModule mod_headers.c>
33.     Header set X-UA-Compatible "IE=Edge,chrome=1"
34. #   mod_headers can't match by content-type, but we don't want to send this header on *everything*...
35.     <FilesMatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svg|svgz|ttf|vcf|webm|webp|woff|xml|xpi)$">
36.         Header unset X-UA-Compatible
37.     </FilesMatch>
38. </IfModule>
39.  
40.  
41. # ----------------------------------------------------------------------
42. # CORS-enabled images (@crossorigin)
43. # ----------------------------------------------------------------------
44.  
45. <IfModule mod_setenvif.c>
46.     <IfModule mod_headers.c>
47. #       mod_headers, y u no match by Content-Type?!
48.         <FilesMatch "\.(gif|ico|jpe?g|png|svg|svgz|webp)$">
49.             SetEnvIf Origin ":" IS_CORS
50.             Header set Access-Control-Allow-Origin "*" env=IS_CORS
51.         </FilesMatch>
52.     </IfModule>
53. </IfModule>
54.  
55.  
56. # ----------------------------------------------------------------------
57. # Webfont access
58. # ----------------------------------------------------------------------
59.  
60. <IfModule mod_headers.c>
61.   <FilesMatch "\.(eot|font.css|otf|ttc|ttf|woff)$">
62.     Header set Access-Control-Allow-Origin "*"
63.   </FilesMatch>
64. </IfModule>
65.  
66.  
67. # ----------------------------------------------------------------------
68. # Proper MIME type for all files
69. # ----------------------------------------------------------------------
70.  
71. # JavaScript
72. AddType application/javascript         js jsonp
73. AddType application/json               json
74.  
75. # Audio
76. AddType audio/mp4                      m4a f4a f4b
77. AddType audio/ogg                      oga ogg
78.  
79. # Video
80. AddType video/mp4                      mp4 m4v f4v f4p
81. AddType video/ogg                      ogv
82. AddType video/webm                     webm
83. AddType video/x-flv                    flv
84.  
85. # SVG
86. AddType     image/svg+xml              svg svgz
87. AddEncoding gzip                       svgz
88.  
89. # Webfonts
90. AddType application/vnd.ms-fontobject  eot
91. AddType application/x-font-ttf         ttf ttc
92. AddType application/x-font-woff        woff
93. AddType font/opentype                  otf
94.  
95. # Assorted types
96. AddType application/octet-stream            safariextz
97. AddType application/x-chrome-extension      crx
98. AddType application/x-opera-extension       oex
99. AddType application/x-shockwave-flash       swf
100. AddType application/x-web-app-manifest+json webapp
101. AddType application/x-xpinstall             xpi
102. AddType application/xml                     rss atom xml rdf
103. AddType image/webp                          webp
104. AddType image/x-icon                        ico
105. AddType text/cache-manifest                 appcache manifest
106. AddType text/vtt                            vtt
107. AddType text/x-component                    htc
108. AddType text/x-vcard                        vcf
109.  
110.  
111. # ----------------------------------------------------------------------
112. # UTF-8 encoding
113. # ----------------------------------------------------------------------
114.  
115. # Use UTF-8 encoding for anything served text/plain or text/html
116. AddDefaultCharset utf-8
117.  
118. # Force UTF-8 for a number of file formats
119. AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
120.  
121.  
122. # ----------------------------------------------------------------------
123. # Security
124. # ----------------------------------------------------------------------
125.  
126. # Block users from browsing folders without a index document
127. <IfModule mod_autoindex.c>
128.   Options -Indexes
129. </IfModule>
130.  
131. # Block access to "hidden" directories or files whose names begin with a ".""
132. <IfModule mod_rewrite.c>
133.   RewriteCond %{SCRIPT_FILENAME} -d [OR]
134.   RewriteCond %{SCRIPT_FILENAME} -f
135.   RewriteRule "(^|/)\." - [F]
136. </IfModule>
137.  
138. # Block access to backup and source files.
139. <FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$">
140.   Order allow,deny
141.   Deny from all
142.   Satisfy All
143. </FilesMatch>
144.  
145. # Increase cookie security
146. <IfModule mod_php5.c>
147.   php_value session.cookie_httponly true
148. </IfModule>