User Tools

Site Tools


htaccess_creation

.htaccess

.htaccess files (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.

Using .htaccess directives, it is possible to:

  • allow or disallow cross-domain access to fonts, images, and other site content
  • ban specific IP addresses or referrers from accessing content on your server
  • implements errors pages to catch 403, 404, 500 and other errors
  • prevent visitors from listing directory contents
  • rewrite or redirect incoming URLs accessing the site
  • set proper MIME types for resources (making audio, font, image, video files properly identifiable by the browser)
  • so much more …

.htaccess files will only operate on servers which allow override directives; on most servers, .htaccess support will be enabled by default. If you are unsure whether your host allows .htaccess override, or if you are certain they do not, then contact your host.

Warning!! Sometimes even a single error in your .htaccess file will result in a temporary meltdown of the server, and users will see 500 – Internal Server Error pages. For this reason, you should be very cautious when modifying .htaccess files; make a backup before making any change or addition, and also make small changes at a time and verify that the changes work in increments as opposed to making a number of changes at once.

Edit or create .htaccess

By default, .htaccess files are usually hidden from view. Before proceeding, ensure that you have enabled your FTP client to view invisible files. This will usually be an option in the View menu or Preferences of your FTP client.

If you have an existing .htaccess file, you may edit that file to add or modify custom rules. If a .htaccess file does not exist in a folder, you may create a new file; give it the name .htaccess.

An Example .htaccess File for CE4 Galleries/Websites

Directly below, an example .htaccess file that cherry-picks some of the most commonly useful directives from the more comprehensive reference further down the page. For the most part, you should be able to copy-and-paste this example for immediate use, no modifications required. You can then dig into the larger reference further on to add additional functionality.

As an alternative, or as additional supplementary material, you might also check out the HTML5 Boilerplate Apache config on Github.

# This Directive will make Apache look first for "index.php" before looking for "index.html"  
DirectoryIndex index.php index.html     

# ##############################################################################
# # CROSS-ORIGIN RESOURCE SHARING (CORS)                                       #
# ##############################################################################

# ------------------------------------------------------------------------------
# | Web fonts access                                                           |
# ------------------------------------------------------------------------------

# Allow access from all domains for web fonts

<IfModule mod_headers.c>
    <FilesMatch "\.(eot|font.css|otf|ttc|ttf|woff)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</IfModule>

# ##############################################################################
# # MIME TYPES AND ENCODING                                                       #
# ##############################################################################

# ------------------------------------------------------------------------------
# | Proper MIME types for all files                                            |
# ------------------------------------------------------------------------------

<IfModule mod_mime.c>

  # Audio
	AddType audio/mp4 m4a f4a f4b
	AddType audio/ogg oga ogg

  # JavaScript
	# Normalize to standard type (it's sniffed in IE anyways):
	# http://tools.ietf.org/html/rfc4329#section-7.2
	AddType application/javascript js jsonp
	AddType application/json json

  # Video
	AddType video/mp4 mp4 m4v f4v f4p
	AddType video/ogg ogv
	AddType video/webm webm
	AddType video/x-flv flv

  # Web fonts
	AddType application/font-woff woff
	AddType application/vnd.ms-fontobject eot

	# Browsers usually ignore the font MIME types and sniff the content,
	# however, Chrome shows a warning if other MIME types are used for the
	# following fonts.
	AddType application/x-font-ttf ttc ttf
	AddType font/opentype otf

	# Make SVGZ fonts work on iPad:
	# https://twitter.com/FontSquirrel/status/14855840545
	AddType		image/svg+xml svg svgz
	AddEncoding gzip svgz

  # Other
	AddType application/octet-stream safariextz
	AddType application/x-chrome-extension crx
	AddType application/x-opera-extension oex
	AddType application/x-shockwave-flash swf
	AddType application/x-web-app-manifest+json webapp
	AddType application/x-xpinstall xpi
	AddType application/xml atom rdf rss xml
	AddType image/webp webp
	AddType image/x-icon ico
	AddType text/cache-manifest appcache manifest
	AddType text/vtt vtt
	AddType text/x-component htc
	AddType text/x-vcard vcf

</IfModule>

# ------------------------------------------------------------------------------
# | UTF-8 encoding                                                               |
# ------------------------------------------------------------------------------

# Use UTF-8 encoding for anything served as `text/html` or `text/plain`.
AddDefaultCharset utf-8

# Force UTF-8 for certain file formats.
<IfModule mod_mime.c>
    AddCharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml
</IfModule>


# ##############################################################################
# # URL REWRITES                                                               #
# ##############################################################################

# ------------------------------------------------------------------------------
# | Rewrite engine                                                             |
# ------------------------------------------------------------------------------

# Turning on the rewrite engine and enabling the `FollowSymLinks` option is
# necessary for the following directives to work.

# If your web host doesn't allow the `FollowSymlinks` option, you may need to
# comment it out and use `Options +SymLinksIfOwnerMatch` but, be aware of the
# performance impact: http://httpd.apache.org/docs/current/misc/perf-tuning.html#symlinks

# Also, some cloud hosting services require `RewriteBase` to be set:
# http://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-mod-rewrite-not-working-on-my-site

<IfModule mod_rewrite.c>
    Options +FollowSymlinks
  # Options +SymLinksIfOwnerMatch
    RewriteEngine On
  # RewriteBase /
</IfModule>


# ------------------------------------------------------------------------------
# | Suppressing / Forcing the "www." at the beginning of URLs                   |
# ------------------------------------------------------------------------------

# The same content should never be available under two different URLs especially
# not with and without "www." at the beginning. This can cause SEO problems
# (duplicate content), therefore, you should choose one of the alternatives and
# redirect the other one.

# rewrite www.example.com → example.com

<IfModule mod_rewrite.c>
    RewriteCond %{HTTPS} !=on
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# ##############################################################################
# # WEB PERFORMANCE                                                            #
# ##############################################################################

# ------------------------------------------------------------------------------
# | Compression                                                                |
# ------------------------------------------------------------------------------

<IfModule mod_deflate.c>

    # Force compression for mangled headers.
    # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html

    <IfModule mod_setenvif.c>
        <IfModule mod_headers.c>
            SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
            RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
        </IfModule>
    </IfModule>

    # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    # Map certain file types to the specified encoding type in order
    # to make Apache serve them with the appropriate `Content-Encoding`
    # response header (this will NOT make Apache compress them!).

    # If the following file types wouldn't be served without the
    # appropriate `Content-Enable` response header, client applications
    # (e.g.: browsers) wouldn't know that they first need to uncompress
    # the response, and thus, wouldn't be able to understand the content.

    # https://httpd.apache.org/docs/current/mod/mod_mime.html#addencoding

    <IfModule mod_mime.c>
        AddEncoding gzip              svgz
    </IfModule>


    # Compress all output labeled with one of the following media types.

    # (!) For Apache versions below 2.3.7 you don't need to enable
    # `mod_filter` and can remove the `<IfModule mod_filter.c>` and
    # `</IfModule>` lines as `AddOutputFilterByType` is still in
    # the core directives.

    <IfModule mod_filter.c>
        AddOutputFilterByType DEFLATE "application/atom+xml" \
                                      "application/javascript" \
                                      "application/json" \
                                      "application/ld+json" \
                                      "application/manifest+json" \
                                      "application/rdf+xml" \
                                      "application/rss+xml" \
                                      "application/schema+json" \
                                      "application/vnd.geo+json" \
                                      "application/vnd.ms-fontobject" \
                                      "application/x-font-ttf" \
                                      "application/x-web-app-manifest+json" \
                                      "application/xhtml+xml" \
                                      "application/xml" \
                                      "font/opentype" \
                                      "image/svg+xml" \
                                      "image/x-icon" \
                                      "text/cache-manifest" \
                                      "text/css" \
                                      "text/html" \
                                      "text/javascript" \
                                      "text/plain" \
                                      "text/vtt" \
                                      "text/x-component" \
                                      "text/xml"
    </IfModule>

</IfModule>


# ----------------------------------------------------------------------
# | Content transformation                                             |
# ----------------------------------------------------------------------

# Prevent mobile network providers from modifying the website's content.
# https://tools.ietf.org/html/rfc2616#section-14.9.5

# <IfModule mod_headers.c>
#     Header merge Cache-Control "no-transform"
# </IfModule>


# ----------------------------------------------------------------------
# | ETags                                                              |
# ----------------------------------------------------------------------

# Remove `ETags` as resources are sent with far-future expires headers.
# https://developer.yahoo.com/performance/rules.html#etags

# `FileETag None` doesn't work in all cases.
<IfModule mod_headers.c>
    Header unset ETag
</IfModule>

FileETag None


# ------------------------------------------------------------------------------
# | Expires headers (for better cache control)                                 |
# ------------------------------------------------------------------------------

# The following expires headers are set pretty far in the future. If you don't
# control versioning with filename-based cache busting, consider lowering the
# cache time for resources like CSS and JS to something like 1 week.

<IfModule mod_expires.c>

	ExpiresActive on
	ExpiresDefault                                       "access plus 1 month"

  # CSS
	ExpiresByType text/css                               "access plus 1 month"

  # Data interchange
	ExpiresByType application/json                       "access plus 0 seconds"
	ExpiresByType application/xml                        "access plus 0 seconds"
	ExpiresByType text/xml                               "access plus 0 seconds"

  # Favicon (cannot be renamed!)
	ExpiresByType image/x-icon                           "access plus 1 week"

  # HTML components (HTCs)
	ExpiresByType text/x-component                       "access plus 1 month"

  # HTML
	ExpiresByType text/html                              "access plus 0 seconds"

  # JavaScript
	ExpiresByType application/javascript                 "access plus 1 month"

  # Manifest files
	ExpiresByType application/x-web-app-manifest+json    "access plus 0 seconds"
	ExpiresByType text/cache-manifest                    "access plus 0 seconds"

  # Media
	ExpiresByType audio/ogg                              "access plus 1 month"
	ExpiresByType image/gif                              "access plus 1 month"
	ExpiresByType image/jpeg                             "access plus 1 month"
	ExpiresByType image/png                              "access plus 1 month"
	ExpiresByType video/mp4                              "access plus 1 month"
	ExpiresByType video/ogg                              "access plus 1 month"
	ExpiresByType video/webm                             "access plus 1 month"

  # Web feeds
	ExpiresByType application/atom+xml                   "access plus 1 hour"
	ExpiresByType application/rss+xml                    "access plus 1 hour"

  # Web fonts
	ExpiresByType application/font-woff                  "access plus 1 month"
	ExpiresByType application/vnd.ms-fontobject          "access plus 1 month"
	ExpiresByType application/x-font-ttf                 "access plus 1 month"
	ExpiresByType font/opentype                          "access plus 1 month"
	ExpiresByType image/svg+xml                          "access plus 1 month"

</IfModule>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

A Larger Reference for .htaccess Directives

The code below is intended to serve as a reference, not a copy-and-paste solution. You may copy-and-paste, but should go through the file line-by-line to adapt or remove directives as necessary. The code is commented with helpful information and explanations.

Any line preceded by # is a commented line and will not be executed by the server. Some directives are commented to be rendered inactive; you will need to “uncomment” those directives to activate them.

Again, this page is provided as a reference, not a tutorial. Use the information below as you see fit, but use it at your own risk. It should be safe to experiment; if your site stops working, just blank out the .htaccess file or delete it altogether, or attempt to isolate the repair the directive causing the problem.

# This Directive will make Apache look first for "index.php" before looking for "index.html"  
DirectoryIndex index.php index.html	 

# Deny access by specfic IP address; use to block spammers
# Order Deny,Allow 
# Deny from 0.0.0.0


# Below based on:
# https://github.com/h5bp/server-configs/blob/master/apache/.htaccess

# ##############################################################################
# # CROSS-ORIGIN RESOURCE SHARING (CORS)                                       #
# ##############################################################################

# ------------------------------------------------------------------------------
# | Web fonts access                                                           |
# ------------------------------------------------------------------------------

# Allow access from all domains for web fonts

<IfModule mod_headers.c>
	<FilesMatch "\.(eot|font.css|otf|ttc|ttf|woff)$">
		Header set Access-Control-Allow-Origin "*"
	</FilesMatch>
</IfModule>


# ##############################################################################
# # ERRORS                                                                     #
# ##############################################################################

# ------------------------------------------------------------------------------
# | 404 error prevention for non-existing redirected folders                   |
# ------------------------------------------------------------------------------

# Prevent Apache from returning a 404 error for a rewrite if a directory
# with the same name does not exist.
# http://httpd.apache.org/docs/current/content-negotiation.html#multiviews
# http://www.webmasterworld.com/apache/3808792.htm

Options -MultiViews


# ------------------------------------------------------------------------------
# | Custom error messages / pages                                              |
# ------------------------------------------------------------------------------

# You can customize what Apache returns to the client in case of an error (see
# http://httpd.apache.org/docs/current/mod/core.html#errordocument), e.g.:

# ErrorDocument 403 /403.html
# ErrorDocument 404 /404.html
# ErrorDocument 500 /500.html


# ##############################################################################
# # INTERNET EXPLORER                                                          #
# ##############################################################################

# ------------------------------------------------------------------------------
# | Better website experience                                                  |
# ------------------------------------------------------------------------------

# Force IE to render pages in the highest available mode in the various
# cases when it may not: http://hsivonen.iki.fi/doctype/ie-mode.pdf.
# Use, if installed, Google Chrome Frame.

<IfModule mod_headers.c>
	Header set X-UA-Compatible "IE=edge,chrome=1"
	# `mod_headers` can't match based on the content-type, however, we only
	# want to send this header for HTML pages and not for the other resources
	<FilesMatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svg|svgz|ttf|vcf|webapp|webm|webp|woff|xml|xpi)$">
		Header unset X-UA-Compatible
	</FilesMatch>
</IfModule>


# ##############################################################################
# # MIME TYPES AND ENCODING                                                    #
# ##############################################################################

# ------------------------------------------------------------------------------
# | Proper MIME types for all files                                            |
# ------------------------------------------------------------------------------

<IfModule mod_mime.c>

  # Audio
	AddType audio/mp4 m4a f4a f4b
	AddType audio/ogg oga ogg

  # JavaScript
	# Normalize to standard type (it's sniffed in IE anyways):
	# http://tools.ietf.org/html/rfc4329#section-7.2
	AddType application/javascript js jsonp
	AddType application/json json

  # Video
	AddType video/mp4 mp4 m4v f4v f4p
	AddType video/ogg ogv
	AddType video/webm webm
	AddType video/x-flv flv

  # Web fonts
	AddType application/font-woff woff
	AddType application/vnd.ms-fontobject eot

	# Browsers usually ignore the font MIME types and sniff the content,
	# however, Chrome shows a warning if other MIME types are used for the
	# following fonts.
	AddType application/x-font-ttf ttc ttf
	AddType font/opentype otf

	# Make SVGZ fonts work on iPad:
	# https://twitter.com/FontSquirrel/status/14855840545
	AddType		image/svg+xml svg svgz
	AddEncoding gzip svgz

  # Other
	AddType application/octet-stream safariextz
	AddType application/x-chrome-extension crx
	AddType application/x-opera-extension oex
	AddType application/x-shockwave-flash swf
	AddType application/x-web-app-manifest+json webapp
	AddType application/x-xpinstall xpi
	AddType application/xml atom rdf rss xml
	AddType image/webp webp
	AddType image/x-icon ico
	AddType text/cache-manifest appcache manifest
	AddType text/vtt vtt
	AddType text/x-component htc
	AddType text/x-vcard vcf

</IfModule>


# ------------------------------------------------------------------------------
# | UTF-8 encoding                                                             |
# ------------------------------------------------------------------------------

# Use UTF-8 encoding for anything served as `text/html` or `text/plain`.
AddDefaultCharset utf-8

# Force UTF-8 for certain file formats.
<IfModule mod_mime.c>
	AddCharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml
</IfModule>


# ##############################################################################
# # URL REWRITES                                                               #
# ##############################################################################

# ------------------------------------------------------------------------------
# | Rewrite engine                                                             |
# ------------------------------------------------------------------------------

# Turning on the rewrite engine and enabling the `FollowSymLinks` option is
# necessary for the following directives to work.

# If your web host doesn't allow the `FollowSymlinks` option, you may need to
# comment it out and use `Options +SymLinksIfOwnerMatch` but, be aware of the
# performance impact: http://httpd.apache.org/docs/current/misc/perf-tuning.html#symlinks

# Also, some cloud hosting services require `RewriteBase` to be set:
# http://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-mod-rewrite-not-working-on-my-site

<IfModule mod_rewrite.c>
    Options +FollowSymlinks
  # Options +SymLinksIfOwnerMatch
    RewriteEngine On
  # RewriteBase /
</IfModule>


# ------------------------------------------------------------------------------
# | Suppressing / Forcing the "www." at the beginning of URLs                  |
# ------------------------------------------------------------------------------

# The same content should never be available under two different URLs especially
# not with and without "www." at the beginning. This can cause SEO problems
# (duplicate content), therefore, you should choose one of the alternatives and
# redirect the other one.

# By default option 1 (no "www.") is activated:
# http://no-www.org/faq.php?q=class_b

# If you'd prefer to use option 2, just comment out all the lines from option 1
# and uncomment the ones from option 2.

# IMPORTANT: NEVER USE BOTH RULES AT THE SAME TIME!

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# Option 1: rewrite www.example.com → example.com

<IfModule mod_rewrite.c>
	RewriteCond %{HTTPS} !=on
	RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
	RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# Option 2: rewrite example.com → www.example.com

# Be aware that the following might not be a good idea if you use "real"
# subdomains for certain parts of your website.

# <IfModule mod_rewrite.c>
#	 RewriteCond %{HTTPS} !=on
#	 RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
#	 RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# </IfModule>


# ##############################################################################
# # SECURITY                                                                   #
# ##############################################################################

# ------------------------------------------------------------------------------
# | Block traffic from multiple referrers                                      |
# ------------------------------------------------------------------------------
# https://my.bluehost.com/cgi/help/94

# These are enabled above, so we need not set them again
# RewriteEngine on
# Options +FollowSymlinks

# Activate directives below, replace domains with real referrers; duplicate as necessary to create additional blocks
# RewriteCond %{HTTP_REFERER} badsite.com [NC,OR]
# RewriteCond %{HTTP_REFERER} badforum.com [NC,OR]
# RewriteCond %{HTTP_REFERER} badsearchengine.com [NC]

# If blocking referrers, enable the below line
# RewriteRule .* - [F]


# ------------------------------------------------------------------------------
# | Content Security Policy (CSP)                                              |
# ------------------------------------------------------------------------------

# You can mitigate the risk of cross-site scripting and other content-injection
# attacks by setting a Content Security Policy which whitelists trusted sources
# of content for your site.

# The example header below allows ONLY scripts that are loaded from the current
# site's origin (no inline scripts, no CDN, etc). This almost certainly won't
# work as-is for your site!

# To get all the details you'll need to craft a reasonable policy for your site,
# read: http://html5rocks.com/en/tutorials/security/content-security-policy (or
# see the specification: http://w3.org/TR/CSP).

# <IfModule mod_headers.c>
# 
# 	Header set Content-Security-Policy "default-src 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com; font-src 'self' https://themes.googleusercontent.com;"
# 
# 	<FilesMatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svg|svgz|ttf|vcf|webapp|webm|webp|woff|xml|xpi)$">
# 		Header unset Content-Security-Policy
# 	</FilesMatch>
# </IfModule>


# ------------------------------------------------------------------------------
# | File access                                                                |
# ------------------------------------------------------------------------------

# Block access to directories without a default document.
# Usually you should leave this uncommented because you shouldn't allow anyone
# to surf through every directory on your server (which may includes rather
# private places like the CMS's directories).

<IfModule mod_autoindex.c>
	Options -Indexes
</IfModule>

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# Block access to hidden files and directories.
# This includes directories used by version control systems such as Git and SVN.

<IfModule mod_rewrite.c>
	RewriteCond %{SCRIPT_FILENAME} -d [OR]
	RewriteCond %{SCRIPT_FILENAME} -f
	RewriteRule "(^|/)\." - [F]
</IfModule>

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# Block access to backup and source files.
# These files may be left by some text editors and can pose a great security
# danger when anyone has access to them.

<FilesMatch "(^#.*#|\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$">
	Order allow,deny
	Deny from all
	Satisfy All
</FilesMatch>

# ------------------------------------------------------------------------------
# | Secure Sockets Layer (SSL)                                                 |
# ------------------------------------------------------------------------------

# Rewrite secure requests properly to prevent SSL certificate warnings, e.g.:
# prevent `https://www.example.com` when your certificate only allows
# `https://secure.example.com`.

# <IfModule mod_rewrite.c>
#	 RewriteCond %{SERVER_PORT} !^443
#	 RewriteRule ^ https://example-domain-please-change-me.com%{REQUEST_URI} [R=301,L]
# </IfModule>

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# Force client-side SSL redirection.

# If a user types "example.com" in his browser, the above rule will redirect him
# to the secure version of the site. That still leaves a window of opportunity
# (the initial HTTP connection) for an attacker to downgrade or redirect the
# request. The following header ensures that browser will ONLY connect to your
# server via HTTPS, regardless of what the users type in the address bar.
# http://www.html5rocks.com/en/tutorials/security/transport-layer-security/

# <IfModule mod_headers.c>
#	 Header set Strict-Transport-Security max-age=16070400;
# </IfModule>

# ------------------------------------------------------------------------------
# | Server software information                                                |
# ------------------------------------------------------------------------------

# Avoid displaying the exact Apache version number, the description of the
# generic OS-type and the information about Apache's compiled-in modules.

# ADD THIS DIRECTIVE IN THE `httpd.conf` AS IT WILL NOT WORK IN THE `.htaccess`!

# ServerTokens Prod


# ##############################################################################
# # WEB PERFORMANCE                                                            #
# ##############################################################################

# ------------------------------------------------------------------------------
# | Compression                                                                |
# ------------------------------------------------------------------------------

<IfModule mod_deflate.c>

	# Force compression for mangled headers.
	# http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
	<IfModule mod_setenvif.c>
		<IfModule mod_headers.c>
			SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
			RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
		</IfModule>
	</IfModule>

	# Compress all output labeled with one of the following MIME-types
	# (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
	#  and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
	#  as `AddOutputFilterByType` is still in the core directives).
	<IfModule mod_filter.c>
		AddOutputFilterByType DEFLATE application/atom+xml \
									  application/javascript \
									  application/json \
									  application/rss+xml \
									  application/vnd.ms-fontobject \
									  application/x-font-ttf \
									  application/x-web-app-manifest+json \
									  application/xhtml+xml \
									  application/xml \
									  font/opentype \
									  image/svg+xml \
									  image/x-icon \
									  text/css \
									  text/html \
									  text/plain \
									  text/x-component \
									  text/xml
	</IfModule>

</IfModule>


# ------------------------------------------------------------------------------
# | Content transformations                                                    |
# ------------------------------------------------------------------------------

# Prevent some of the mobile network providers from modifying the content of
# your site: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.5.

# <IfModule mod_headers.c>
#	 Header set Cache-Control "no-transform"
# </IfModule>


# ------------------------------------------------------------------------------
# | ETag removal                                                               |
# ------------------------------------------------------------------------------

# Since we're sending far-future expires headers (see below), ETags can
# be removed: http://developer.yahoo.com/performance/rules.html#etags.

# `FileETag None` is not enough for every server.
<IfModule mod_headers.c>
	Header unset ETag
</IfModule>

FileETag None


# ------------------------------------------------------------------------------
# | Expires headers (for better cache control)                                 |
# ------------------------------------------------------------------------------

# The following expires headers are set pretty far in the future. If you don't
# control versioning with filename-based cache busting, consider lowering the
# cache time for resources like CSS and JS to something like 1 week.

<IfModule mod_expires.c>

	ExpiresActive on
	ExpiresDefault                                       "access plus 1 month"

  # CSS
	ExpiresByType text/css                               "access plus 1 month"

  # Data interchange
	ExpiresByType application/json                       "access plus 0 seconds"
	ExpiresByType application/xml                        "access plus 0 seconds"
	ExpiresByType text/xml                               "access plus 0 seconds"

  # Favicon (cannot be renamed!)
	ExpiresByType image/x-icon                           "access plus 1 week"

  # HTML components (HTCs)
	ExpiresByType text/x-component                       "access plus 1 month"

  # HTML
	ExpiresByType text/html                              "access plus 0 seconds"

  # JavaScript
	ExpiresByType application/javascript                 "access plus 1 month"

  # Manifest files
	ExpiresByType application/x-web-app-manifest+json    "access plus 0 seconds"
	ExpiresByType text/cache-manifest                    "access plus 0 seconds"

  # Media
	ExpiresByType audio/ogg                              "access plus 1 month"
	ExpiresByType image/gif                              "access plus 1 month"
	ExpiresByType image/jpeg                             "access plus 1 month"
	ExpiresByType image/png                              "access plus 1 month"
	ExpiresByType video/mp4                              "access plus 1 month"
	ExpiresByType video/ogg                              "access plus 1 month"
	ExpiresByType video/webm                             "access plus 1 month"

  # Web feeds
	ExpiresByType application/atom+xml                   "access plus 1 hour"
	ExpiresByType application/rss+xml                    "access plus 1 hour"

  # Web fonts
	ExpiresByType application/font-woff                  "access plus 1 month"
	ExpiresByType application/vnd.ms-fontobject          "access plus 1 month"
	ExpiresByType application/x-font-ttf                 "access plus 1 month"
	ExpiresByType font/opentype                          "access plus 1 month"
	ExpiresByType image/svg+xml                          "access plus 1 month"

</IfModule>

Additional directives may be referenced in this article from Bluehost.

htaccess_creation.txt · Last modified: 2014/10/04 08:17 by matthew

The Turning Gate
Creating webbly, wobbly, Lightroomy things since 2007.