thasmo/website/develop/source/.htaccess - Htaccess File

thasmo/website/develop/source/.htaccess

# Apache Server Configs v2.14.0 | MIT License
# https://github.com/h5bp/server-configs-apache

# ######################################################################
# # ERRORS                                                             #
# ######################################################################

# ----------------------------------------------------------------------
# | Custom error messages/pages                                        |
# ----------------------------------------------------------------------

ErrorDocument 404 /index.html

# ----------------------------------------------------------------------
# | Error prevention                                                   |
# ----------------------------------------------------------------------

Options -MultiViews

# ######################################################################
# # INTERNET EXPLORER                                                  #
# ######################################################################

# ----------------------------------------------------------------------
# | Document modes                                                     |
# ----------------------------------------------------------------------

<IfModule mod_headers.c>
  Header set X-UA-Compatible "IE=edge"

  <FilesMatch ".(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
    Header unset X-UA-Compatible
  </FilesMatch>
</IfModule>

# ######################################################################
# # MEDIA TYPES AND CHARACTER ENCODINGS                                #
# ######################################################################

# ----------------------------------------------------------------------
# | Media types                                                        |
# ----------------------------------------------------------------------

<IfModule mod_mime.c>

  # Data interchange
  AddType application/atom+xml                        atom
  AddType application/json                            json map topojson
  AddType application/ld+json                         jsonld
  AddType application/rss+xml                         rss
  AddType application/vnd.geo+json                    geojson
  AddType application/xml                             rdf xml

  # JavaScript
  AddType application/javascript                      js

  # Manifest files
  AddType application/manifest+json                   webmanifest
  AddType application/x-web-app-manifest+json         webapp
  AddType text/cache-manifest                         appcache

  # Media files
  AddType audio/mp4                                   f4a f4b m4a
  AddType audio/ogg                                   oga ogg opus
  AddType image/bmp                                   bmp
  AddType image/svg+xml                               svg svgz
  AddType image/webp                                  webp
  AddType video/mp4                                   f4v f4p m4v mp4
  AddType video/ogg                                   ogv
  AddType video/webm                                  webm
  AddType video/x-flv                                 flv

  # Serving `.ico` image files with a different media type
  AddType image/x-icon                                cur ico

  # Web fonts
  AddType application/font-woff                       woff
  AddType application/font-woff2                      woff2
  AddType application/vnd.ms-fontobject               eot
  AddType application/x-font-ttf                      ttc ttf
  AddType font/opentype                               otf

  # Other
  AddType application/octet-stream                    safariextz
  AddType application/x-bb-appworld                   bbaw
  AddType application/x-chrome-extension              crx
  AddType application/x-opera-extension               oex
  AddType application/x-xpinstall                     xpi
  AddType text/vcard                                  vcard vcf
  AddType text/vnd.rim.location.xloc                  xloc
  AddType text/vtt                                    vtt
  AddType text/x-component                            htc
</IfModule>

# ----------------------------------------------------------------------
# | Character encodings                                                |
# ----------------------------------------------------------------------

AddDefaultCharset utf-8

<IfModule mod_mime.c>
  AddCharset utf-8 .atom 
                   .bbaw 
                   .css 
                   .geojson 
                   .js 
                   .json 
                   .jsonld 
                   .manifest 
                   .rdf 
                   .rss 
                   .topojson 
                   .vtt 
                   .webapp 
                   .webmanifest 
                   .xloc 
                   .xml
</IfModule>

# ######################################################################
# # REWRITES                                                           #
# ######################################################################

# ----------------------------------------------------------------------
# | Rewrite engine                                                     |
# ----------------------------------------------------------------------

<IfModule mod_rewrite.c>
  RewriteEngine On
  Options +SymLinksIfOwnerMatch

  RewriteCond %{HTTPS} =on
  RewriteRule ^ - [env=proto:https]
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ - [env=proto:http]
</IfModule>

# ----------------------------------------------------------------------
# | Suppressing / Forcing the `www.` at the beginning of URLs          |
# ----------------------------------------------------------------------

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} ^www.(.+)$ [NC]
  RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]
</IfModule>

# ######################################################################
# # SECURITY                                                           #
# ######################################################################

# ----------------------------------------------------------------------
# | HTTP Strict Transport Security (HSTS)                              |
# ----------------------------------------------------------------------

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=3600"
</IfModule>

# ----------------------------------------------------------------------
# | Content Security Policy (CSP)                                      |
# ----------------------------------------------------------------------

<IfModule mod_headers.c>
  Header set Content-Security-Policy "default-src 'self' www.googletagmanager.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; img-src 'self' data: gravatar.com www.google-analytics.com; font-src cdn.jsdelivr.net fonts.gstatic.com; child-src www.googletagmanager.com; frame-ancestors www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade;"

  <FilesMatch ".(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
    Header unset Content-Security-Policy-Report-Only
  </FilesMatch>
</IfModule>

# ----------------------------------------------------------------------
# | Clickjacking                                                       |
# ----------------------------------------------------------------------

<IfModule mod_headers.c>
  Header set X-Frame-Options "DENY"

  <FilesMatch ".(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
    Header unset X-Frame-Options
  </FilesMatch>
</IfModule>

# ----------------------------------------------------------------------
# | File access                                                        |
# ----------------------------------------------------------------------

<IfModule mod_autoindex.c>
  Options -Indexes
</IfModule>

# ----------------------------------------------------------------------
# | Reducing MIME type security risks                                  |
# ----------------------------------------------------------------------

<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
</IfModule>

# ----------------------------------------------------------------------
# | Reflected Cross-Site Scripting (XSS) attacks                       |
# ----------------------------------------------------------------------

<IfModule mod_headers.c>
  Header set X-XSS-Protection "1; mode=block"

  <FilesMatch ".(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
    Header unset X-XSS-Protection
  </FilesMatch>
</IfModule>

# ----------------------------------------------------------------------
# | Server-side technology information                                 |
# ----------------------------------------------------------------------

<IfModule mod_headers.c>
  Header unset X-Powered-By
</IfModule>

# ----------------------------------------------------------------------
# | Server software information                                        |
# ----------------------------------------------------------------------

ServerSignature Off

# ######################################################################
# # WEB PERFORMANCE                                                    #
# ######################################################################

# ----------------------------------------------------------------------
# | Compression                                                        |
# ----------------------------------------------------------------------

<IfModule mod_deflate.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
      SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)s*,?s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
      RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
    </IfModule>
  </IfModule>

  AddOutputFilterByType DEFLATE "application/atom+xml" 
                                "application/javascript" 
                                "application/json" 
                                "application/ld+json" 
                                "application/manifest+json" 
                                "application/rdf+xml" 
                                "application/rss+xml" 
                                "application/schema+json" 
                                "application/vnd.geo+json" 
                                "application/vnd.ms-fontobject" 
                                "application/x-font-ttf" 
                                "application/x-javascript" 
                                "application/x-web-app-manifest+json" 
                                "application/xhtml+xml" 
                                "application/xml" 
                                "font/eot" 
                                "font/opentype" 
                                "image/bmp" 
                                "image/svg+xml" 
                                "image/vnd.microsoft.icon" 
                                "image/x-icon" 
                                "text/cache-manifest" 
                                "text/css" 
                                "text/html" 
                                "text/javascript" 
                                "text/plain" 
                                "text/vcard" 
                                "text/vnd.rim.location.xloc" 
                                "text/vtt" 
                                "text/x-component" 
                                "text/x-cross-domain-policy" 
                                "text/xml"

  <IfModule mod_mime.c>
    AddEncoding gzip              svgz
  </IfModule>
</IfModule>

# ----------------------------------------------------------------------
# | ETags                                                              |
# ----------------------------------------------------------------------

# `FileETag None` doesn't work in all cases.
<IfModule mod_headers.c>
  Header unset ETag
</IfModule>

FileETag None

# ----------------------------------------------------------------------
# | Expires headers                                                    |
# ----------------------------------------------------------------------

<IfModule mod_expires.c>
  ExpiresActive on
  ExpiresDefault                                      "access plus 1 hour"

  # CSS
  ExpiresByType text/css                              "access plus 1 hour"

  # Data interchange
  ExpiresByType application/atom+xml                  "access plus 1 hour"
  ExpiresByType application/rdf+xml                   "access plus 1 hour"
  ExpiresByType application/rss+xml                   "access plus 1 hour"

  ExpiresByType application/json                      "access plus 0 seconds"
  ExpiresByType application/ld+json                   "access plus 0 seconds"
  ExpiresByType application/schema+json               "access plus 0 seconds"
  ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
  ExpiresByType application/xml                       "access plus 0 seconds"
  ExpiresByType text/xml                              "access plus 0 seconds"

  # Favicon
  ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
  ExpiresByType image/x-icon                          "access plus 1 week"

  # HTML
  ExpiresByType text/html                             "access plus 0 seconds"

  # JavaScript
  ExpiresByType application/javascript                "access plus 1 hour"
  ExpiresByType application/x-javascript              "access plus 1 hour"
  ExpiresByType text/javascript                       "access plus 1 hour"

  # Manifest files
  ExpiresByType application/manifest+json             "access plus 1 day"
  ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
  ExpiresByType text/cache-manifest                   "access plus 0 seconds"

  # Media files
  ExpiresByType audio/ogg                             "access plus 1 hour"
  ExpiresByType image/bmp                             "access plus 1 hour"
  ExpiresByType image/gif                             "access plus 1 hour"
  ExpiresByType image/jpeg                            "access plus 1 hour"
  ExpiresByType image/png                             "access plus 1 hour"
  ExpiresByType image/svg+xml                         "access plus 1 hour"
  ExpiresByType image/webp                            "access plus 1 hour"
  ExpiresByType video/mp4                             "access plus 1 hour"
  ExpiresByType video/ogg                             "access plus 1 hour"
  ExpiresByType video/webm                            "access plus 1 hour"

  # Embedded OpenType (EOT)
  ExpiresByType application/vnd.ms-fontobject         "access plus 1 hour"
  ExpiresByType font/eot                              "access plus 1 hour"

  # OpenType
  ExpiresByType font/opentype                         "access plus 1 hour"

  # TrueType
  ExpiresByType application/x-font-ttf                "access plus 1 hour"

  # Web Open Font Format (WOFF) 1.0
  ExpiresByType application/font-woff                 "access plus 1 hour"
  ExpiresByType application/x-font-woff               "access plus 1 hour"
  ExpiresByType font/woff                             "access plus 1 hour"

  # Web Open Font Format (WOFF) 2.0
  ExpiresByType application/font-woff2                "access plus 1 hour"

  # Other
  ExpiresByType text/x-cross-domain-policy            "access plus 1 hour"
</IfModule>

On Github License

Files

Download PDF of Htaccess file
DEFLATE, ENV, HTTP_HOST, HTTPS, PROTO, REQUEST_URI, static

Comments

Apache