# You will need "AllowOverride Options" or "AllowOverride All"
# privileges for this htaccess file to work, this is set in the
# apache httpd.conf file.
# Uncomment the following line to put the application into development mode.
#SetEnv APPLICATION_ENV development
SetEnvIf User-Agent ".*MSIE.*"
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
RewriteEngine On
# This rewrite rule allow us to version static files
# within the application, but not have to create symlinks or new
# versions of the files themselves. It'd be nice to be able to insert
# version numbers into the query string, but some browsers don't obey
# this for caching purposes.
RewriteRule ^(javascripts|stylesheets|images)/(.+).(.+).(js|css|jpg|gif|png)$ $1/$2.$4 [L]
# This set of rewrite rules specify that if the file exists
# under the document root directory, it should simply be served
# as a static resource. Otherwise, the request is for dynamic
# content and should be rewritten to our index.php script. Since
# all requests for non-static content will be rewritten to it,
# the index.php script serves as the entry point to our application.
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ /index.php [NC,L]
# Disable ETags
FileETag none
# Enable expirations
ExpiresActive On
# Expire static content by type
ExpiresByType application/javascript "access plus 10 years"
ExpiresByType text/css "access plus 10 years"
ExpiresByType text/javascript "access plus 10 years"
ExpiresByType image/gif "access plus 10 years"
ExpiresByType image/png "access plus 10 years"
ExpiresByType image/vnd.microsoft.icon "access plus 10 years"
# Sets default charset to UTF-8 for whole site
AddDefaultCharset UTF-8
<IfModule mod_php5.c>
# Overrides current PHP server settings to harden the server by
# turning off unwanted options which may be harmful. There are
# several Apache directives that allow you to change the PHP
# configuration from within the Apache configuration files.
# This can only be used with PHP_INI_ALL and PHP_INI_PERDIR
# type directives.
# Examples:
# php_value name value
# php_flag name on|off
# Sets the maximum upload filesize, this size will determine the
# maximum size of files OpenFISMA will accept when uploaded.
php_value upload_max_filesize 1024M
# Make sure that post_max_size is bigger than upload_max_filesize, otherwise
# warnings about files being too large will not be able to be displayed.
php_value post_max_size 1024M
# Turns off all errors, useful setting in production environments.
php_flag display_errors Off
# Turn off php startup errors, recommended for production environments
php_flag display_startup_errors Off
# Enable php logging, recommended for production environments
php_flag log_errors On
# Sets the location of the error log
php_flag error_log /usr/share/openfisma/data/logs/php_error.log
# Sets the magic_quotes state for GPC (Get/Post/Cookie) operations
# It is recommended that magic_quotes_gpc be disabled, and input
# filtering be handled by your PHP scripts
php_flag magic_quotes_gpc Off
# Turns off register globals
php_flag register_globals Off
php_flag magic_quotes_sybase Off
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
# Don't compress binaries
SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|iso|tar|bz2|sit|rar)$ no-gzip dont-vary
# Don't compress images
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|jpg|ico|png)$ no-gzip dont-vary
# Don't compress PDFs
SetEnvIfNoCase Request_URI .pdf$ no-gzip dont-vary
# Don't compress flash files (only relevant if you host your own videos)
SetEnvIfNoCase Request_URI .flv$ no-gzip dont-vary
# Netscape 4.X has some problems
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>