From Abdelkarim, 1 Year ago, written in Apache.
Embed
  1. ############################################
  2. ## uncomment these lines for CGI mode
  3. ## make sure to specify the correct cgi php binary file name
  4. ## it might be /cgi-bin/php-cgi
  5.  
  6. #    Action php5-cgi /cgi-bin/php5-cgi
  7. #    AddHandler php5-cgi .php
  8.  
  9. ############################################
  10. ## GoDaddy specific options
  11.  
  12. #   Options -MultiViews
  13.  
  14. ## you might also need to add this line to php.ini
  15. ##     cgi.fix_pathinfo = 1
  16. ## if it still doesn't work, rename php.ini to php5.ini
  17.  
  18. ############################################
  19. ## this line is specific for 1and1 hosting
  20.  
  21.     #AddType x-mapp-php5 .php
  22.     #AddHandler x-mapp-php5 .php
  23.  
  24. ############################################
  25. ## default index file
  26.  
  27.     DirectoryIndex index.php
  28.  
  29. <IfModule mod_php5.c>
  30.  
  31. ############################################
  32. ## adjust memory limit
  33.  
  34. #    php_value memory_limit 64M
  35.     php_value memory_limit 256M
  36.     php_value max_execution_time 18000
  37.  
  38. ############################################
  39. ## disable magic quotes for php request vars
  40.  
  41.     php_flag magic_quotes_gpc off
  42.  
  43. ############################################
  44. ## disable automatic session start
  45. ## before autoload was initialized
  46.  
  47.     php_flag session.auto_start off
  48.  
  49. ############################################
  50. ## enable resulting html compression
  51.  
  52.     #php_flag zlib.output_compression on
  53.  
  54. ###########################################
  55. # disable user agent verification to not break multiple image upload
  56.  
  57.     php_flag suhosin.session.cryptua off
  58.  
  59. ###########################################
  60. # turn off compatibility with PHP4 when dealing with objects
  61.  
  62.     php_flag zend.ze1_compatibility_mode Off
  63.  
  64. </IfModule>
  65.  
  66. <IfModule mod_security.c>
  67. ###########################################
  68. # disable POST processing to not break multiple image upload
  69.  
  70.     SecFilterEngine Off
  71.     SecFilterScanPOST Off
  72. </IfModule>
  73.  
  74. <IfModule mod_setenvif.c>
  75.   <IfModule mod_headers.c>
  76.     BrowserMatch MSIE ie
  77.     Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
  78.   </IfModule>
  79. </IfModule>
  80.  
  81. <IfModule mod_deflate.c>
  82.  
  83. ############################################
  84. ## enable apache served files compression
  85. ## http://developer.yahoo.com/performance/rules.html#gzip
  86.  
  87.     # Insert filter on all content
  88.     ###SetOutputFilter DEFLATE
  89.     # Insert filter on selected content types only
  90.     #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
  91.  
  92.     # Netscape 4.x has some problems...
  93.     #BrowserMatch ^Mozilla/4 gzip-only-text/html
  94.  
  95.     # Netscape 4.06-4.08 have some more problems
  96.     #BrowserMatch ^Mozilla/4\.0[678] no-gzip
  97.  
  98.     # MSIE masquerades as Netscape, but it is fine
  99.     #BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  100.  
  101.     # Don't compress images
  102.     #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
  103.  
  104.     # Make sure proxies don't deliver the wrong content
  105.     #Header append Vary User-Agent env=!dont-vary
  106.  
  107. </IfModule>
  108.  
  109. <IfModule mod_ssl.c>
  110.  
  111. ## The following directives stop screen flicker in IE on CSS rollovers
  112. ## in combination with the "ExpiresByType" rules for images, see above
  113. BrowserMatch "MSIE" brokenvary=1
  114. BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
  115. BrowserMatch "Opera" !brokenvary
  116. SetEnvIf brokenvary 1 force-no-vary
  117.  
  118.  
  119. ## Google treats URLs with and without trailing slashes separately
  120. ## Forcing a trailing slash is usually preferred
  121. ## Rewrite "domain.com/foo -> domain.com/foo/"
  122. <IfModule mod_rewrite.c>
  123.   RewriteCond %{REQUEST_FILENAME} !-f
  124.   RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/|#(.*))$
  125.   RewriteRule ^(.*)$ /$1/ [R=301,L]
  126. </IfModule>
  127.  
  128.  
  129. ############################################
  130. ## make HTTPS env vars available for CGI mode
  131.  
  132.     SSLOptions StdEnvVars
  133.  
  134. </IfModule>
  135.  
  136. <IfModule mod_rewrite.c>
  137.  
  138. ############################################
  139. ## enable rewrites
  140.  
  141.     Options +FollowSymLinks
  142.     RewriteEngine on
  143.         RewriteCond %{REQUEST_URI} !/adminpanel/$
  144.         RewriteRule (.*) https://www.anotherdomain.com/$1 [R=301,L]
  145.  
  146. ############################################
  147. ## you can put here your magento root folder
  148. ## path relative to web root
  149.  
  150.     #RewriteBase /magento/
  151.  
  152. ############################################
  153. ## uncomment next line to enable light API calls processing
  154.  
  155. #    RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]
  156.  
  157. ############################################
  158. ## rewrite API2 calls to api.php (by now it is REST only)
  159.  
  160.     RewriteRule ^api/rest api.php?type=rest [QSA,L]
  161.  
  162. ############################################
  163. ## workaround for HTTP authorization
  164. ## in CGI environment
  165.  
  166.     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  167.  
  168. ############################################
  169. ## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
  170.  
  171.     RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
  172.     RewriteRule .* - [L,R=405]
  173.  
  174. <IfModule mod_setenvif.c>
  175.     <IfModule mod_headers.c>
  176.  
  177.         ############################################
  178.         # X-Content-Type-Options: nosniff disable content-type sniffing on some browsers.
  179.         Header set X-Content-Type-Options: nosniff
  180.  
  181.         ############################################
  182.         # This header forces to enables the Cross-site scripting (XSS) filter in browsers (if disabled)
  183.         BrowserMatch \bMSIE\s8 ie8
  184.         Header set X-XSS-Protection: "1; mode=block" env=!ie8
  185.  
  186.     </IfModule>
  187. </IfModule>
  188.  
  189. ############################################
  190. ## redirect for mobile user agents
  191.  
  192.     #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
  193.     #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
  194.     #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
  195.  
  196. ############################################
  197. ## always send 404 on missing files in these folders
  198.  
  199.     RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
  200.  
  201. ############################################
  202. ## never rewrite for existing files, directories and links
  203.  
  204.     RewriteCond %{REQUEST_FILENAME} !-f
  205.     RewriteCond %{REQUEST_FILENAME} !-d
  206.     RewriteCond %{REQUEST_FILENAME} !-l
  207.  
  208. ############################################
  209. ## rewrite everything else to index.php
  210.  
  211.     RewriteRule .* index.php [L]
  212.  
  213. </IfModule>
  214.  
  215.  
  216. ############################################
  217. ## Prevent character encoding issues from server overrides
  218. ## If you still have problems, use the second line instead
  219.  
  220.     AddDefaultCharset Off
  221.     #AddDefaultCharset UTF-8
  222.  
  223. <IfModule mod_expires.c>
  224.  
  225. ############################################
  226. ## Add default Expires header
  227. ## http://developer.yahoo.com/performance/rules.html#expires
  228.  
  229.     ExpiresDefault "access plus 1 year"
  230.  
  231. </IfModule>
  232.  
  233. ############################################
  234. ## By default allow all access
  235.  
  236.     Order allow,deny
  237.     Allow from all
  238.  
  239. ###########################################
  240. ## Deny access to release notes to prevent disclosure of the installed Magento version
  241.  
  242.     <Files RELEASE_NOTES.txt>
  243.         order allow,deny
  244.         deny from all
  245.     </Files>
  246.  
  247. ############################################
  248. ## If running in cluster environment, uncomment this
  249. ## http://developer.yahoo.com/performance/rules.html#etags
  250.  
  251.     #FileETag none
  252.  
  253. ###########################################
  254. ## Deny access to cron.php
  255.     <Files cron.php>
  256.  
  257. ############################################
  258. ## uncomment next lines to enable cron access with base HTTP authorization
  259. ## http://httpd.apache.org/docs/2.2/howto/auth.html
  260. ##
  261. ## Warning: .htpasswd file should be placed somewhere not accessible from the web.
  262. ## This is so that folks cannot download the password file.
  263. ## For example, if your documents are served out of /usr/local/apache/htdocs
  264. ## you might want to put the password file(s) in /usr/local/apache/.
  265.  
  266.         #AuthName "Cron auth"
  267.         #AuthUserFile ../.htpasswd
  268.         #AuthType basic
  269.         #Require valid-user
  270.  
  271. ############################################
  272.  
  273.         Order allow,deny
  274.         Deny from all
  275.  
  276.     </Files>
  277. # Nuevo Madrugada Domingo Lunes 9 de Enero
  278. # ---
  279. # Expires headers, better browser cache control
  280. # ---
  281. # ----------------------------------------------------------------------
  282. # | ETags                                                              |
  283. # ----------------------------------------------------------------------
  284.  
  285. # Remove `ETags` as resources are sent with far-future expires headers.
  286. #
  287. # https://developer.yahoo.com/performance/rules.html#etags
  288. # https://tools.ietf.org/html/rfc7232#section-2.3
  289.  
  290. # `FileETag None` doesn't work in all cases.
  291. <IfModule mod_headers.c>
  292.     Header unset ETag
  293. </IfModule>
  294.  
  295. FileETag None
  296.  
  297. # ----------------------------------------------------------------------
  298. # | Expires headers                                                    |
  299. # ----------------------------------------------------------------------
  300.  
  301. # Serve resources with far-future expires headers.
  302. #
  303. # (!) If you don't control versioning with filename-based
  304. # cache busting, you should consider lowering the cache times
  305. # to something like one week.
  306. #
  307. # https://httpd.apache.org/docs/current/mod/mod_expires.html
  308.  
  309. <IfModule mod_expires.c>
  310.  
  311.     ExpiresActive on
  312.     ExpiresDefault                                      "access plus 1 month"
  313.  
  314.   # CSS
  315.     ExpiresByType text/css                              "access plus 1 year"
  316.  
  317.   # Data interchange
  318.     ExpiresByType application/atom+xml                  "access plus 1 hour"
  319.     ExpiresByType application/rdf+xml                   "access plus 1 hour"
  320.     ExpiresByType application/rss+xml                   "access plus 1 hour"
  321.  
  322.     ExpiresByType application/json                      "access plus 0 seconds"
  323.     ExpiresByType application/ld+json                   "access plus 0 seconds"
  324.     ExpiresByType application/schema+json               "access plus 0 seconds"
  325.     ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
  326.     ExpiresByType application/xml                       "access plus 0 seconds"
  327.     ExpiresByType text/xml                              "access plus 0 seconds"
  328.  
  329.   # Favicon (cannot be renamed!) and cursor images
  330.     ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
  331.     ExpiresByType image/x-icon                          "access plus 1 week"
  332.  
  333.   # HTML
  334.     ExpiresByType text/html                             "access plus 0 seconds"
  335.  
  336.   # JavaScript
  337.     ExpiresByType application/javascript                "access plus 1 year"
  338.     ExpiresByType application/x-javascript              "access plus 1 year"
  339.     ExpiresByType text/javascript                       "access plus 1 year"
  340.  
  341.   # Manifest files
  342.     ExpiresByType application/manifest+json             "access plus 1 year"
  343.  
  344.     ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
  345.     ExpiresByType text/cache-manifest                   "access plus 0 seconds"
  346.  
  347.   # Media files
  348.     ExpiresByType audio/ogg                             "access plus 1 month"
  349.     ExpiresByType image/bmp                             "access plus 1 month"
  350.     ExpiresByType image/gif                             "access plus 1 month"
  351.     ExpiresByType image/jpeg                            "access plus 1 month"
  352.     ExpiresByType image/png                             "access plus 1 month"
  353.     ExpiresByType image/svg+xml                         "access plus 1 month"
  354.     ExpiresByType image/webp                            "access plus 1 month"
  355.     ExpiresByType video/mp4                             "access plus 1 month"
  356.     ExpiresByType video/ogg                             "access plus 1 month"
  357.     ExpiresByType video/webm                            "access plus 1 month"
  358.  
  359.   # Web fonts
  360.  
  361.     # Embedded OpenType (EOT)
  362.     ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
  363.     ExpiresByType font/eot                              "access plus 1 month"
  364.  
  365.     # OpenType
  366.     ExpiresByType font/opentype                         "access plus 1 month"
  367.  
  368.     # TrueType
  369.     ExpiresByType application/x-font-ttf                "access plus 1 month"
  370.  
  371.     # Web Open Font Format (WOFF) 1.0
  372.     ExpiresByType application/font-woff                 "access plus 1 month"
  373.     ExpiresByType application/x-font-woff               "access plus 1 month"
  374.     ExpiresByType font/woff                             "access plus 1 month"
  375.  
  376.     # Web Open Font Format (WOFF) 2.0
  377.     ExpiresByType application/font-woff2                "access plus 1 month"
  378.  
  379.   # Other
  380.     ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
  381.  
  382. </IfModule>
  383.  
  384.  
  385. <IfModule mod_headers.c>
  386.   #Header append Cache-Control "public"
  387.   #Header set Cache-control "public, max-age=31536000"
  388.   Header set Cache-control "public"
  389. </IfModule>