.htaccess 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319
  1. # ----------------------------------------------------------------------
  2. # Better website experience for IE users
  3. # ----------------------------------------------------------------------
  4. # Force the latest IE version, in various cases when it may fall back to IE7 mode
  5. # github.com/rails/rails/commit/123eb25#commitcomment-118920
  6. # Use ChromeFrame if it's installed for a better experience for the poor IE folk
  7. <IfModule mod_headers.c>
  8. Header set X-UA-Compatible "IE=Edge,chrome=1"
  9. # mod_headers can't match by content-type, but we don't want to send this header on *everything*...
  10. <FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >
  11. Header unset X-UA-Compatible
  12. </FilesMatch>
  13. </IfModule>
  14. # ----------------------------------------------------------------------
  15. # Cross-domain AJAX requests
  16. # ----------------------------------------------------------------------
  17. # Serve cross-domain Ajax requests, disabled by default.
  18. # enable-cors.org
  19. # code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
  20. # <IfModule mod_headers.c>
  21. # Header set Access-Control-Allow-Origin "*"
  22. # </IfModule>
  23. # ----------------------------------------------------------------------
  24. # CORS-enabled images (@crossorigin)
  25. # ----------------------------------------------------------------------
  26. # Send CORS headers if browsers request them; enabled by default for images.
  27. # developer.mozilla.org/en/CORS_Enabled_Image
  28. # blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
  29. # hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
  30. # wiki.mozilla.org/Security/Reviews/crossoriginAttribute
  31. <IfModule mod_setenvif.c>
  32. <IfModule mod_headers.c>
  33. # mod_headers, y u no match by Content-Type?!
  34. <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
  35. SetEnvIf Origin ":" IS_CORS
  36. Header set Access-Control-Allow-Origin "*" env=IS_CORS
  37. </FilesMatch>
  38. </IfModule>
  39. </IfModule>
  40. # ----------------------------------------------------------------------
  41. # Webfont access
  42. # ----------------------------------------------------------------------
  43. # Allow access from all domains for webfonts.
  44. # Alternatively you could only whitelist your
  45. # subdomains like "subdomain.example.com".
  46. <IfModule mod_headers.c>
  47. <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
  48. Header set Access-Control-Allow-Origin "*"
  49. </FilesMatch>
  50. </IfModule>
  51. # ----------------------------------------------------------------------
  52. # Proper MIME type for all files
  53. # ----------------------------------------------------------------------
  54. # JavaScript
  55. # Normalize to standard type (it's sniffed in IE anyways)
  56. # tools.ietf.org/html/rfc4329#section-7.2
  57. AddType application/javascript js
  58. # Audio
  59. AddType audio/ogg oga ogg
  60. AddType audio/mp4 m4a
  61. # Video
  62. AddType video/ogg ogv
  63. AddType video/mp4 mp4 m4v
  64. AddType video/webm webm
  65. # SVG
  66. # Required for svg webfonts on iPad
  67. # twitter.com/FontSquirrel/status/14855840545
  68. AddType image/svg+xml svg svgz
  69. AddEncoding gzip svgz
  70. # Webfonts
  71. AddType application/vnd.ms-fontobject eot
  72. AddType application/x-font-ttf ttf ttc
  73. AddType font/opentype otf
  74. AddType application/x-font-woff woff
  75. # Assorted types
  76. AddType image/x-icon ico
  77. AddType image/webp webp
  78. AddType text/cache-manifest appcache manifest
  79. AddType text/x-component htc
  80. AddType application/x-chrome-extension crx
  81. AddType application/x-opera-extension oex
  82. AddType application/x-xpinstall xpi
  83. AddType application/octet-stream safariextz
  84. AddType application/x-web-app-manifest+json webapp
  85. AddType text/x-vcard vcf
  86. # ----------------------------------------------------------------------
  87. # Gzip compression
  88. # ----------------------------------------------------------------------
  89. <IfModule mod_deflate.c>
  90. # Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
  91. <IfModule mod_setenvif.c>
  92. <IfModule mod_headers.c>
  93. SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
  94. RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
  95. </IfModule>
  96. </IfModule>
  97. # HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
  98. # There are two way to configure the filters, according to the Apache version.
  99. <IfModule version.c>
  100. <IfModule filter_module>
  101. FilterDeclare COMPRESS
  102. <IfVersion >= 2.4>
  103. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$text/html'"
  104. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$text/css'"
  105. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$text/plain'"
  106. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$text/xml'"
  107. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$text/x-component'"
  108. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$application/javascript'"
  109. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$application/json'"
  110. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$application/xml'"
  111. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$application/xhtml+xml'"
  112. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$application/rss+xml'"
  113. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$application/atom+xml'"
  114. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$application/vnd.ms-fontobject'"
  115. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$image/svg+xml'"
  116. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$image/x-icon'"
  117. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$application/x-font-ttf'"
  118. FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} ='$font/opentype'"
  119. </IfVersion>
  120. <IfVersion <= 2.2>
  121. FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html
  122. FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css
  123. FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain
  124. FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml
  125. FilterProvider COMPRESS DEFLATE resp=Content-Type $text/x-component
  126. FilterProvider COMPRESS DEFLATE resp=Content-Type $application/javascript
  127. FilterProvider COMPRESS DEFLATE resp=Content-Type $application/json
  128. FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xml
  129. FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xhtml+xml
  130. FilterProvider COMPRESS DEFLATE resp=Content-Type $application/rss+xml
  131. FilterProvider COMPRESS DEFLATE resp=Content-Type $application/atom+xml
  132. FilterProvider COMPRESS DEFLATE resp=Content-Type $application/vnd.ms-fontobject
  133. FilterProvider COMPRESS DEFLATE resp=Content-Type $image/svg+xml
  134. FilterProvider COMPRESS DEFLATE resp=Content-Type $image/x-icon
  135. FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-font-ttf
  136. FilterProvider COMPRESS DEFLATE resp=Content-Type $font/opentype
  137. </IfVersion>
  138. FilterChain COMPRESS
  139. FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
  140. </IfModule>
  141. </IfModule>
  142. <IfModule !mod_filter.c>
  143. # Legacy versions of Apache
  144. AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
  145. AddOutputFilterByType DEFLATE application/javascript
  146. AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
  147. AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
  148. AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
  149. </IfModule>
  150. </IfModule>
  151. # ----------------------------------------------------------------------
  152. # Expires headers (for better cache control)
  153. # ----------------------------------------------------------------------
  154. # These are pretty far-future expires headers.
  155. # They assume you control versioning with cachebusting query params like
  156. # <script src="application.js?20100608">
  157. # Additionally, consider that outdated proxies may miscache
  158. # www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
  159. # If you don't use filenames to version, lower the CSS and JS to something like
  160. # "access plus 1 week" or so.
  161. <IfModule mod_expires.c>
  162. ExpiresActive on
  163. # Perhaps better to whitelist expires rules? Perhaps.
  164. ExpiresDefault "access plus 1 month"
  165. # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
  166. ExpiresByType text/cache-manifest "access plus 0 seconds"
  167. # Your document html
  168. ExpiresByType text/html "access plus 0 seconds"
  169. # Data
  170. ExpiresByType text/xml "access plus 0 seconds"
  171. ExpiresByType application/xml "access plus 0 seconds"
  172. ExpiresByType application/json "access plus 0 seconds"
  173. # Feed
  174. ExpiresByType application/rss+xml "access plus 1 hour"
  175. ExpiresByType application/atom+xml "access plus 1 hour"
  176. # Favicon (cannot be renamed)
  177. ExpiresByType image/x-icon "access plus 1 week"
  178. # Media: images, video, audio
  179. ExpiresByType image/gif "access plus 1 month"
  180. ExpiresByType image/png "access plus 1 month"
  181. ExpiresByType image/jpg "access plus 1 month"
  182. ExpiresByType image/jpeg "access plus 1 month"
  183. ExpiresByType video/ogg "access plus 1 month"
  184. ExpiresByType audio/ogg "access plus 1 month"
  185. ExpiresByType video/mp4 "access plus 1 month"
  186. ExpiresByType video/webm "access plus 1 month"
  187. # HTC files (css3pie)
  188. ExpiresByType text/x-component "access plus 1 month"
  189. # Webfonts
  190. ExpiresByType application/x-font-ttf "access plus 1 month"
  191. ExpiresByType font/opentype "access plus 1 month"
  192. ExpiresByType application/x-font-woff "access plus 1 month"
  193. ExpiresByType image/svg+xml "access plus 1 month"
  194. ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
  195. # CSS and JavaScript
  196. ExpiresByType text/css "access plus 1 year"
  197. ExpiresByType application/javascript "access plus 1 year"
  198. </IfModule>
  199. # ----------------------------------------------------------------------
  200. # ETag removal
  201. # ----------------------------------------------------------------------
  202. # FileETag None is not enough for every server.
  203. <IfModule mod_headers.c>
  204. Header unset ETag
  205. </IfModule>
  206. # Since we're sending far-future expires, we don't need ETags for
  207. # static content.
  208. # developer.yahoo.com/performance/rules.html#etags
  209. FileETag None
  210. # ----------------------------------------------------------------------
  211. # Stop screen flicker in IE on CSS rollovers
  212. # ----------------------------------------------------------------------
  213. # The following directives stop screen flicker in IE on CSS rollovers - in
  214. # combination with the "ExpiresByType" rules for images (see above). If
  215. # needed, un-comment the following rules.
  216. # BrowserMatch "MSIE" brokenvary=1
  217. # BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
  218. # BrowserMatch "Opera" !brokenvary
  219. # SetEnvIf brokenvary 1 force-no-vary
  220. # ----------------------------------------------------------------------
  221. # Cookie setting from iframes
  222. # ----------------------------------------------------------------------
  223. # Allow cookies to be set from iframes (for IE only)
  224. # If needed, uncomment and specify a path or regex in the Location directive
  225. # <IfModule mod_headers.c>
  226. # <Location />
  227. # Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
  228. # </Location>
  229. # </IfModule>
  230. # ----------------------------------------------------------------------
  231. # Custom 404 page
  232. # ----------------------------------------------------------------------
  233. # You can add custom pages to handle 500 or 403 pretty easily, if you like.
  234. # ErrorDocument 404 /404.html
  235. # ----------------------------------------------------------------------
  236. # UTF-8 encoding
  237. # ----------------------------------------------------------------------
  238. # Use UTF-8 encoding for anything served text/plain or text/html
  239. AddDefaultCharset utf-8
  240. # Force UTF-8 for a number of file formats
  241. AddCharset utf-8 .css .js .xml .json .rss .atom