############################################## overrides deployment configurat

1. ############################################
2. ## overrides deployment configuration mode value
3. ## use command bin/magento deploy:mode:set to switch modes
4.  
5. # SetEnv MAGE_MODE developer
6.  
7. ############################################
8. ## uncomment these lines for CGI mode
9. ## make sure to specify the correct cgi php binary file name
10. ## it might be /cgi-bin/php-cgi
11.  
12. # Action php5-cgi /cgi-bin/php5-cgi
13. # AddHandler php5-cgi .php
14.  
15. ############################################
16. ## GoDaddy specific options
17.  
18. # Options -MultiViews
19.  
20. ## you might also need to add this line to php.ini
21. ## cgi.fix_pathinfo = 1
22. ## if it still doesn't work, rename php.ini to php5.ini
23.  
24. ############################################
25. ## this line is specific for 1and1 hosting
26.  
27. #AddType x-mapp-php5 .php
28. #AddHandler x-mapp-php5 .php
29.  
30. ############################################
31. ## enable usage of methods arguments in backtrace
32.  
33. SetEnv MAGE_DEBUG_SHOW_ARGS 1
34.  
35. ############################################
36. ## default index file
37.  
38. DirectoryIndex index.php
39.  
40. ############################################
41. ## adjust memory limit
42.  
43. php_value memory_limit 756M
44. php_value max_execution_time 18000
45.  
46. ############################################
47. ## disable automatic session start
48. ## before autoload was initialized
49.  
50. php_flag session.auto_start off
51.  
52. ############################################
53. ## enable resulting html compression
54.  
55. #php_flag zlib.output_compression on
56.  
57. ###########################################
58. ## disable user agent verification to not break multiple image upload
59.  
60. php_flag suhosin.session.cryptua off
61.  
62. <IfModule mod_security.c>
63. ###########################################
64. ## disable POST processing to not break multiple image upload
65.  
66. SecFilterEngine Off
67. SecFilterScanPOST Off
68. </IfModule>
69.  
70. <IfModule mod_deflate.c>
71.  
72. ############################################
73. ## enable apache served files compression
74. ## http://developer.yahoo.com/performance/rules.html#gzip
75.  
76. # Insert filter on all content
77. ###SetOutputFilter DEFLATE
78. # Insert filter on selected content types only
79. #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json image/svg+xml
80.  
81. # Netscape 4.x has some problems...
82. #BrowserMatch ^Mozilla/4 gzip-only-text/html
83.  
84. # Netscape 4.06-4.08 have some more problems
85. #BrowserMatch ^Mozilla/4\.0[678] no-gzip
86.  
87. # MSIE masquerades as Netscape, but it is fine
88. #BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
89.  
90. # Don't compress images
91. #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
92.  
93. # Make sure proxies don't deliver the wrong content
94. #Header append Vary User-Agent env=!dont-vary
95.  
96. </IfModule>
97.  
98. <IfModule mod_ssl.c>
99.  
100. ############################################
101. ## make HTTPS env vars available for CGI mode
102.  
103. SSLOptions StdEnvVars
104.  
105. </IfModule>
106.  
107. ############################################
108. ## workaround for Apache 2.4.6 CentOS build when working via ProxyPassMatch with HHVM (or any other)
109. ## Please, set it on virtual host configuration level
110.  
111. ## SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
112. ############################################
113.  
114. <IfModule mod_rewrite.c>
115.  
116. ############################################
117. ## enable rewrites
118.  
119. # The following line has better security but add some performance overhead - see https://httpd.apache.org/docs/2.4/en/misc/perf-tuning.html
120. Options -FollowSymLinks +SymLinksIfOwnerMatch
121. RewriteEngine on
122.  
123. ############################################
124. ## you can put here your magento root folder
125. ## path relative to web root
126.  
127. #RewriteBase /magento/
128.  
129. ############################################
130. ## workaround for HTTP authorization
131. ## in CGI environment
132.  
133. RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
134.  
135. ############################################
136. ## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
137.  
138. RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
139. RewriteRule .* - [L,R=405]
140.  
141. ############################################
142. ## redirect for mobile user agents
143.  
144. #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
145. #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
146. #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
147.  
148. ############################################
149. ## never rewrite for existing files, directories and links
150.  
151. RewriteCond %{REQUEST_FILENAME} !-f
152. RewriteCond %{REQUEST_FILENAME} !-d
153. RewriteCond %{REQUEST_FILENAME} !-l
154.  
155. ############################################
156. ## rewrite everything else to index.php
157.  
158. RewriteRule .* index.php [L]
159.  
160. </IfModule>
161.  
162.  
163. ############################################
164. ## Prevent character encoding issues from server overrides
165. ## If you still have problems, use the second line instead
166.  
167. AddDefaultCharset Off
168. #AddDefaultCharset UTF-8
169. AddType 'text/html; charset=UTF-8' html
170.  
171. <IfModule mod_expires.c>
172.  
173. ############################################
174. ## Add default Expires header
175. ## http://developer.yahoo.com/performance/rules.html#expires
176.  
177. ExpiresDefault "access plus 1 year"
178. ExpiresByType text/html A0
179. ExpiresByType text/plain A0
180.  
181. </IfModule>
182.  
183. ###########################################
184. ## Deny access to root files to hide sensitive application information
185. RedirectMatch 403 /\.git
186.  
187. <Files composer.json>
188. <IfVersion < 2.4>
189. order allow,deny
190. deny from all
191. </IfVersion>
192. <IfVersion >= 2.4>
193. Require all denied
194. </IfVersion>
195. </Files>
196. <Files composer.lock>
197. <IfVersion < 2.4>
198. order allow,deny
199. deny from all
200. </IfVersion>
201. <IfVersion >= 2.4>
202. Require all denied
203. </IfVersion>
204. </Files>
205. <Files .gitignore>
206. <IfVersion < 2.4>
207. order allow,deny
208. deny from all
209. </IfVersion>
210. <IfVersion >= 2.4>
211. Require all denied
212. </IfVersion>
213. </Files>
214. <Files .htaccess>
215. <IfVersion < 2.4>
216. order allow,deny
217. deny from all
218. </IfVersion>
219. <IfVersion >= 2.4>
220. Require all denied
221. </IfVersion>
222. </Files>
223. <Files .htaccess.sample>
224. <IfVersion < 2.4>
225. order allow,deny
226. deny from all
227. </IfVersion>
228. <IfVersion >= 2.4>
229. Require all denied
230. </IfVersion>
231. </Files>
232. <Files .php_cs.dist>
233. <IfVersion < 2.4>
234. order allow,deny
235. deny from all
236. </IfVersion>
237. <IfVersion >= 2.4>
238. Require all denied
239. </IfVersion>
240. </Files>
241. <Files CHANGELOG.md>
242. <IfVersion < 2.4>
243. order allow,deny
244. deny from all
245. </IfVersion>
246. <IfVersion >= 2.4>
247. Require all denied
248. </IfVersion>
249. </Files>
250. <Files COPYING.txt>
251. <IfVersion < 2.4>
252. order allow,deny
253. deny from all
254. </IfVersion>
255. <IfVersion >= 2.4>
256. Require all denied
257. </IfVersion>
258. </Files>
259. <Files Gruntfile.js>
260. <IfVersion < 2.4>
261. order allow,deny
262. deny from all
263. </IfVersion>
264. <IfVersion >= 2.4>
265. Require all denied
266. </IfVersion>
267. </Files>
268. <Files LICENSE.txt>
269. <IfVersion < 2.4>
270. order allow,deny
271. deny from all
272. </IfVersion>
273. <IfVersion >= 2.4>
274. Require all denied
275. </IfVersion>
276. </Files>
277. <Files LICENSE_AFL.txt>
278. <IfVersion < 2.4>
279. order allow,deny
280. deny from all
281. </IfVersion>
282. <IfVersion >= 2.4>
283. Require all denied
284. </IfVersion>
285. </Files>
286. <Files nginx.conf.sample>
287. <IfVersion < 2.4>
288. order allow,deny
289. deny from all
290. </IfVersion>
291. <IfVersion >= 2.4>
292. Require all denied
293. </IfVersion>
294. </Files>
295. <Files package.json>
296. <IfVersion < 2.4>
297. order allow,deny
298. deny from all
299. </IfVersion>
300. <IfVersion >= 2.4>
301. Require all denied
302. </IfVersion>
303. </Files>
304. <Files php.ini.sample>
305. <IfVersion < 2.4>
306. order allow,deny
307. deny from all
308. </IfVersion>
309. <IfVersion >= 2.4>
310. Require all denied
311. </IfVersion>
312. </Files>
313. <Files README.md>
314. <IfVersion < 2.4>
315. order allow,deny
316. deny from all
317. </IfVersion>
318. <IfVersion >= 2.4>
319. Require all denied
320. </IfVersion>
321. </Files>
322. <Files magento_umask>
323. <IfVersion < 2.4>
324. order allow,deny
325. deny from all
326. </IfVersion>
327. <IfVersion >= 2.4>
328. Require all denied
329. </IfVersion>
330. </Files>
331. <Files auth.json>
332. <IfVersion < 2.4>
333. order allow,deny
334. deny from all
335. </IfVersion>
336. <IfVersion >= 2.4>
337. Require all denied
338. </IfVersion>
339. </Files>
340. <Files .user.ini>
341. <IfVersion < 2.4>
342. order allow,deny
343. deny from all
344. </IfVersion>
345. <IfVersion >= 2.4>
346. Require all denied
347. </IfVersion>
348. </Files>
349.  
350. # For 404s and 403s that aren't handled by the application, show plain 404 response
351. ErrorDocument 404 /pub/errors/404.php
352. ErrorDocument 403 /pub/errors/404.php
353.  
354. ################################
355. ## If running in cluster environment, uncomment this
356. ## http://developer.yahoo.com/performance/rules.html#etags
357.  
358. #FileETag none
359.  
360. # ######################################################################
361. # # INTERNET EXPLORER #
362. # ######################################################################
363.  
364. # ----------------------------------------------------------------------
365. # | Document modes |
366. # ----------------------------------------------------------------------
367.  
368. # Force Internet Explorer 8/9/10 to render pages in the highest mode
369. # available in the various cases when it may not.
370. #
371. # https://hsivonen.fi/doctype/#ie8
372. #
373. # (!) Starting with Internet Explorer 11, document modes are deprecated.
374. # If your business still relies on older web apps and services that were
375. # designed for older versions of Internet Explorer, you might want to
376. # consider enabling `Enterprise Mode` throughout your company.
377. #
378. # https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
379. # http://blogs.msdn.com/b/ie/archive/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11.aspx
380.  
381. <IfModule mod_headers.c>
382.  
383. Header set X-UA-Compatible "IE=edge"
384.  
385. # `mod_headers` cannot match based on the content-type, however,
386. # the `X-UA-Compatible` response header should be send only for
387. # HTML documents and not for the other resources.
388.  
389. <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
390. Header unset X-UA-Compatible
391. </FilesMatch>
392.  
393. </IfModule>
394.