candidbusiness/config-files/master/.htaccess - Htaccess File

candidbusiness/config-files/master/.htaccess

############
# Security #
############

### Prevent wp-config.php from being loaded:
<files wp-config.php>
    order allow,deny
    deny from all
</files>

### Prevent directory browsing
Options -Indexes

### Prevent this .htaccess from being accessed:
<files .htaccess>
    order allow,deny
    deny from all
</files>

### Disable HTTP Trace
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

### Block access to hidden files & directories
<IfModule mod_rewrite.c>
    RewriteCond %{SCRIPT_FILENAME} -d [OR]
    RewriteCond %{SCRIPT_FILENAME} -f
    RewriteRule "(^|/)." - [F]
</IfModule>

### Block access to source files
<FilesMatch "(^#.*#|.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

##############################
# Default WordPress Settings #
##############################

# Adjust RewriteBase path (line 55 & 65) if not on the root

# BEGIN WordPress
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /
  ### SQL Injection Protection
  RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
  RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
  RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
  RewriteRule ^(.*)$ index.php [F,L]
  ### End SQL Injection Protection
  RewriteRule ^index.php$ - [L]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule . /index.php [L]
</IfModule>

# END WordPress

###############################
# Additional Rewrite Settings #
###############################

<IfModule mod_rewrite.c>
    Options +FollowSymlinks 
    ### Redirect from http://domain to http://www.domain
    ### If you wish to redirect to a https:// simply substitute http: with https:
    RewriteCond %{HTTP_HOST} !^www..+$ [NC]
    RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    ### Redirect away from /index.php to clear path
    RewriteCond %{THE_REQUEST} ^.*/index.php  
    RewriteRule ^(.*)index.php$ http://www.%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L] 
</IfModule>

#######################
# Speed & Compression #
#######################

# BEGIN Expire headers  
<ifModule mod_expires.c>  
    ExpiresActive On  
    ExpiresDefault "access plus 5 seconds"  
    ExpiresByType image/x-icon "access plus 2592000 seconds"  
    ExpiresByType image/jpeg "access plus 2592000 seconds"  
    ExpiresByType image/png "access plus 2592000 seconds"  
    ExpiresByType image/gif "access plus 2592000 seconds"  
    ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"  
    ExpiresByType text/css "access plus 604800 seconds"  
    ExpiresByType text/javascript "access plus 216000 seconds"  
    ExpiresByType application/javascript "access plus 216000 seconds"  
    ExpiresByType application/x-javascript "access plus 216000 seconds"  
    ExpiresByType text/html "access plus 600 seconds"  
    ExpiresByType application/xhtml+xml "access plus 600 seconds"  
</ifModule>  
# END Expire headers 

# BEGIN Cache-Control Headers  
<ifModule mod_headers.c>  
    <filesMatch ".(ico|jpe?g|png|gif|swf)$">  
        Header set Cache-Control "public"  
    </filesMatch>  
    <filesMatch ".(css)$">  
        Header set Cache-Control "public"  
    </filesMatch>  
    <filesMatch ".(js)$">  
        Header set Cache-Control "private"  
    </filesMatch>  
    <filesMatch ".(x?html?|php)$">  
        Header set Cache-Control "private, must-revalidate"  
    </filesMatch>  
</ifModule>  
# END Cache-Control Headers  

<IfModule mod_deflate.c> 
    AddOutputFilterByType DEFLATE text/xhtml text/html text/plain text/xml text/javascript application/x-javascript text/css 
    BrowserMatch ^Mozilla/4 gzip-only-text/html 
    BrowserMatch ^Mozilla/4.0[678] no-gzip 
    BrowserMatch bMSIE !no-gzip !gzip-only-text/html 
    SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary 
    Header append Vary User-Agent env=!dont-vary 
</IfModule>  

AddOutputFilterByType DEFLATE text/html  
AddOutputFilterByType DEFLATE text/plain  
AddOutputFilterByType DEFLATE text/xml  
AddOutputFilterByType DEFLATE text/css  
AddOutputFilterByType DEFLATE text/javascript  
AddOutputFilterByType DEFLATE application/x-javascript  

#Remove the ETag header
Header unset ETag 
FileETag None  

#######################
# File Format Support #
#######################

### Add support for SVG and HTC
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
AddType text/x-component .htc

########################
# Manual 301 Redirects #
########################

#redirect 301 /old-page-url.html https://www.domain.co.uk/new-page-url

On Github License

Files

Download PDF of Htaccess file
DEFLATE, HTTP_HOST, no-gzip, QUERY_STRING, REQUEST_FILENAME, REQUEST_METHOD, REQUEST_URI, SCRIPT_FILENAME, THE_REQUEST

Comments

Apache