API tools faq
paste
Advertisement
Guest User

htaccess

a guest
Oct 20th, 2022
143
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.41 KB | None | 0 0
raw download clone embed print report
  1.  
  2. <IfModule mod_headers.c>
  3. <IfModule mod_setenvif.c>
  4. <IfModule mod_fcgid.c>
  5. SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
  6. RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
  7. </IfModule>
  8. <IfModule mod_proxy_fcgi.c>
  9. SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
  10. </IfModule>
  11. <IfModule mod_lsapi.c>
  12. SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
  13. RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
  14. </IfModule>
  15. </IfModule>
  16.  
  17. <IfModule mod_env.c>
  18. # Add security and privacy related headers
  19.  
  20. # Avoid doubled headers by unsetting headers in "onsuccess" table,
  21. # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
  22. Header onsuccess unset Referrer-Policy
  23. Header always set Referrer-Policy "no-referrer"
  24.  
  25. Header onsuccess unset X-Content-Type-Options
  26. Header always set X-Content-Type-Options "nosniff"
  27.  
  28. Header onsuccess unset X-Frame-Options
  29. Header always set X-Frame-Options "SAMEORIGIN"
  30.  
  31. Header onsuccess unset X-Permitted-Cross-Domain-Policies
  32. Header always set X-Permitted-Cross-Domain-Policies "none"
  33.  
  34. Header onsuccess unset X-Robots-Tag
  35. Header always set X-Robots-Tag "none"
  36.  
  37. Header onsuccess unset X-XSS-Protection
  38. Header always set X-XSS-Protection "1; mode=block"
  39.  
  40. SetEnv modHeadersAvailable true
  41. </IfModule>
  42.  
  43. # Add cache control for static resources
  44. <FilesMatch "\.(css|js|svg|gif|png|jpg|ico|wasm|tflite)$">
  45. Header set Cache-Control "max-age=15778463"
  46. </FilesMatch>
  47.  
  48. <FilesMatch "\.(css|js|svg|gif|png|jpg|ico|wasm|tflite)(\?v=.*)?$">
  49. Header set Cache-Control "max-age=15778463, immutable"
  50. </FilesMatch>
  51.  
  52. # Let browsers cache WOFF files for a week
  53. <FilesMatch "\.woff2?$">
  54. Header set Cache-Control "max-age=604800"
  55. </FilesMatch>
  56. </IfModule>
  57.  
  58. # PHP 7.x
  59. <IfModule mod_php7.c>
  60. php_value mbstring.func_overload 0
  61. php_value default_charset 'UTF-8'
  62. php_value output_buffering 0
  63. <IfModule mod_env.c>
  64. SetEnv htaccessWorking true
  65. </IfModule>
  66. </IfModule>
  67.  
  68. # PHP 8+
  69. <IfModule mod_php.c>
  70. php_value mbstring.func_overload 0
  71. php_value default_charset 'UTF-8'
  72. php_value output_buffering 0
  73. <IfModule mod_env.c>
  74. SetEnv htaccessWorking true
  75. </IfModule>
  76. </IfModule>
  77.  
  78. <IfModule mod_mime.c>
  79. AddType image/svg+xml svg svgz
  80. AddType application/wasm wasm
  81. AddEncoding gzip svgz
  82. </IfModule>
  83.  
  84. <IfModule mod_dir.c>
  85. DirectoryIndex index.php index.html
  86. </IfModule>
  87.  
  88. <IfModule pagespeed_module>
  89. ModPagespeed Off
  90. </IfModule>
  91.  
  92. <IfModule mod_rewrite.c>
  93. RewriteEngine on
  94. RewriteCond %{HTTP_USER_AGENT} DavClnt
  95. RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  96. RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  97. RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  98. RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  99. RewriteRule ^remote/(.*) remote.php [QSA,L]
  100. RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  101. RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  102. RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
  103. </IfModule>
  104.  
  105. AddDefaultCharset utf-8
  106. Options -Indexes
  107. #### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####
  108.  
  109. ErrorDocument 403 /
  110. ErrorDocument 404 /
  111. <IfModule mod_rewrite.c>
  112. Options -MultiViews
  113. RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
  114. RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
  115. RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg|map|webm|mp4|mp3|ogg|wav|wasm|tflite)$
  116. RewriteCond %{REQUEST_FILENAME} !/core/ajax/update\.php
  117. RewriteCond %{REQUEST_FILENAME} !/core/img/(favicon\.ico|manifest\.json)$
  118. RewriteCond %{REQUEST_FILENAME} !/(cron|public|remote|status)\.php
  119. RewriteCond %{REQUEST_FILENAME} !/ocs/v(1|2)\.php
  120. RewriteCond %{REQUEST_FILENAME} !/robots\.txt
  121. RewriteCond %{REQUEST_FILENAME} !/(ocm-provider|ocs-provider|updater)/
  122. RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  123. RewriteCond %{REQUEST_FILENAME} !/richdocumentscode(_arm64)?/proxy.php$
  124. RewriteRule . index.php [PT,E=PATH_INFO:$1]
  125. RewriteBase /
  126. <IfModule mod_env.c>
  127. SetEnv front_controller_active true
  128. <IfModule mod_dir.c>
  129. DirectorySlash off
  130. </IfModule>
  131. </IfModule>
  132. </IfModule>
  133.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!