API tools faq
paste
Advertisement
Guest User

.htaccess file

a guest
Jan 31st, 2017
425
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 6.31 KB | None | 0 0
raw download clone embed print report
  1. #
  2. # Apache/PHP/Drupal settings:
  3. #
  4.  
  5. # Protect files and directories from prying eyes.
  6. <FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
  7.   Order allow,deny
  8. </FilesMatch>
  9.  
  10. # Don't show directory listings for URLs which map to a directory.
  11. Options -Indexes
  12.  
  13. # Follow symbolic links in this directory.
  14. Options +FollowSymLinks
  15.  
  16. # Make Drupal handle any 404 errors.
  17. ErrorDocument 404 /index.php
  18.  
  19. # Set the default handler.
  20. DirectoryIndex index.php index.html index.htm
  21.  
  22. # Override PHP settings that cannot be changed at runtime. See
  23. # sites/default/default.settings.php and drupal_environment_initialize() in
  24. # includes/bootstrap.inc for settings that can be changed at runtime.
  25.  
  26. # PHP 5, Apache 1 and 2.
  27. <IfModule mod_php5.c>
  28.   php_flag magic_quotes_gpc                 off
  29.   php_flag magic_quotes_sybase              off
  30.   php_flag register_globals                 off
  31.   php_flag session.auto_start               off
  32.   php_value mbstring.http_input             pass
  33.   php_value mbstring.http_output            pass
  34.   php_flag mbstring.encoding_translation    off
  35. </IfModule>
  36.  
  37. # Requires mod_expires to be enabled.
  38. <IfModule mod_expires.c>
  39.   # Enable expirations.
  40.   ExpiresActive On
  41.  
  42.   # Cache all files for 2 weeks after access (A).
  43.   ExpiresDefault A1209600
  44.  
  45.   <FilesMatch \.php$>
  46.     # Do not allow PHP scripts to be cached unless they explicitly send cache
  47.     # headers themselves. Otherwise all scripts would have to overwrite the
  48.     # headers set by mod_expires if they want another caching behavior. This may
  49.     # fail if an error occurs early in the bootstrap process, and it may cause
  50.     # problems if a non-Drupal PHP file is installed in a subdirectory.
  51.     ExpiresActive Off
  52.   </FilesMatch>
  53. </IfModule>
  54.  
  55. # Various rewrite rules.
  56. <IfModule mod_rewrite.c>
  57.   RewriteEngine on
  58.  
  59.   RewriteCond %{SERVER_PORT} !^443$
  60.   RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
  61.  
  62.   # Set "protossl" to "s" if we were accessed via https://.  This is used later
  63.   # if you enable "www." stripping or enforcement, in order to ensure that
  64.   # you don't bounce between http and https.
  65.   RewriteRule ^ - [E=protossl]
  66.   RewriteCond %{HTTPS} on
  67.   RewriteRule ^ - [E=protossl:s]
  68.  
  69.   # Make sure Authorization HTTP header is available to PHP
  70.   # even when running as CGI or FastCGI.
  71.   RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  72.  
  73.   # Block access to "hidden" directories whose names begin with a period. This
  74.   # includes directories used by version control systems such as Subversion or
  75.   # Git to store control files. Files whose names begin with a period, as well
  76.   # as the control files used by CVS, are protected by the FilesMatch directive
  77.   # above.
  78.   #
  79.   # NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
  80.   # not possible to block access to entire directories from .htaccess, because
  81.   # <DirectoryMatch> is not allowed here.
  82.   #
  83.   # If you do not have mod_rewrite installed, you should remove these
  84.   # directories from your webroot or otherwise protect them from being
  85.   # downloaded.
  86.   RewriteRule "(^|/)\." - [F]
  87.  
  88.   # If your site can be accessed both with and without the 'www.' prefix, you
  89.   # can use one of the following settings to redirect users to your preferred
  90.   # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
  91.   #
  92.   # To redirect all users to access the site WITH the 'www.' prefix,
  93.   # (http://example.com/... will be redirected to http://www.example.com/...)
  94.   # uncomment the following:
  95.   # RewriteCond %{HTTP_HOST} .
  96.   # RewriteCond %{HTTP_HOST} !^www\. [NC]
  97.   # RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  98.   #
  99.   # To redirect all users to access the site WITHOUT the 'www.' prefix,
  100.   # (http://www.example.com/... will be redirected to http://example.com/...)
  101.   # uncomment the following:
  102.   # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  103.   # RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
  104.  
  105.   # Modify the RewriteBase if you are using Drupal in a subdirectory or in a
  106.   # VirtualDocumentRoot and the rewrite rules are not working properly.
  107.   # For example if your site is at http://example.com/drupal uncomment and
  108.   # modify the following line:
  109.   # RewriteBase /drupal
  110.   #
  111.   # If your site is running in a VirtualDocumentRoot at http://example.com/,
  112.   # uncomment the following line:
  113.   RewriteBase /
  114.  
  115.   # Pass all requests not referring directly to files in the filesystem to
  116.   # index.php. Clean URLs are handled in drupal_environment_initialize().
  117.   RewriteCond %{REQUEST_FILENAME} !-f
  118.   RewriteCond %{REQUEST_FILENAME} !-d
  119.   RewriteCond %{REQUEST_URI} !=/favicon.ico
  120.   RewriteRule ^ index.php [L]
  121.  
  122.   # Rules to correctly serve gzip compressed CSS and JS files.
  123.   # Requires both mod_rewrite and mod_headers to be enabled.
  124.   <IfModule mod_headers.c>
  125.     # Serve gzip compressed CSS files if they exist and the client accepts gzip.
  126.     RewriteCond %{HTTP:Accept-encoding} gzip
  127.     RewriteCond %{REQUEST_FILENAME}\.gz -s
  128.     RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
  129.  
  130.     # Serve gzip compressed JS files if they exist and the client accepts gzip.
  131.     RewriteCond %{HTTP:Accept-encoding} gzip
  132.     RewriteCond %{REQUEST_FILENAME}\.gz -s
  133.     RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
  134.  
  135.     # Serve correct content types, and prevent mod_deflate double gzip.
  136.     RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
  137.     RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
  138.  
  139.     <FilesMatch "(\.js\.gz|\.css\.gz)$">
  140.       # Serve correct encoding type.
  141.       Header set Content-Encoding gzip
  142.       # Force proxies to cache gzipped & non-gzipped css/js files separately.
  143.       Header append Vary Accept-Encoding
  144.     </FilesMatch>
  145.   </IfModule>
  146. </IfModule>
  147.  
  148. # Add headers to all responses.
  149. <IfModule mod_headers.c>
  150.   # Disable content sniffing, since it's an attack vector.
  151.   # Header always set X-Content-Type-Options nosniff
  152.   # Header always append X-Frame-Options ALLOW-ACCESS http://webvisor.com
  153. </IfModule>
  154.  
  155. #Header append X-FRAME-OPTIONS "SAMEORIGIN"
  156. #X-Frame-Options: ALLOW-FROM http://webvisor.com
  157. # Header append X-Frame-Options ALLOW-FROM "http://webvisor.com"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!