#
# Apache-PHP-Pixie .htaccess
#
# Pixie Powered (www.getpixie.co.uk)
# Licence: GNU General Public License v3
# Pixie. Copyright (C) 2008 - Scott Evans
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/
# www.getpixie.co.uk
# This file was automatically created for you by the Pixie Installer.
# .htaccess rules - Start :
# Set the default charset
AddDefaultCharset UTF-8
# Set the default handler.
DirectoryIndex index.php
# Rewrite rules - Start :
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix.
# By default your users can usually access your site using http://www.yoursite.com
# or http://yoursite.com but it is highly advised that you use the
# actual domain http://yoursite.com by redirecting to it using this file
# because http://www.yoursite.com is simply a subdomain of http://yoursite.com
# the www. is pointless in most applications.
# Choose ONLY one option:
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://yoursite.com/... will be redirected to http://www.yoursite.com/...)
# adapt and uncomment the following two lines :
# RewriteCond %{HTTP_HOST} ^yoursite.com$ [NC]
# RewriteRule ^(.*)$ http://www.yoursite.com/$1 [L,R=301]
# This next one is the one everyone is advised to select.
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.yoursite.com/... will be redirected to http://yoursite.com/...)
# uncomment and adapt the following two lines :
# RewriteCond %{HTTP_HOST} ^www.yoursite.com$ [NC]
# RewriteRule ^(.*)$ http://yoursite.com/$1 [L,R=301]
# You can change the RewriteBase if you are using pixie in
# a subdirectory or in a VirtualDocumentRoot and clean urls
# do not function correctly after you have turned them on :
RewriteBase /pixie1
# Rewrite rules to prevent common exploits - Start :
# Block out any script trying to base64_encode junk to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
# End - Rewrite rules to prevent common exploits
# Pixie's core mod rewrite rules - Start :
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php?%{QUERY_STRING} [L]
# End - Pixie's core mod rewrite rules
</IfModule>
# End - rewrite rules
# Protect files and directories
<FilesMatch ".(engine|inc|info|install|module|profile|test|po|sh|.*sql|theme|tpl(.php)?|xtmpl|svn-base)$|^(code-style.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Make Pixie handle any 404 errors.
ErrorDocument 404 /index.php
# Deny access to extension xml files (Comment out to de-activate.) - Start :
<Files ~ ".xml$">
Order allow,deny
Deny from all
Satisfy all
</Files>
# End - Deny access to extension xml files
# Deny access to htaccess and htpasswd files (Comment out to de-activate.) - Start :
<Files ~ ".ht$">
order allow,deny
deny from all
Satisfy all
</Files>
# End - Deny access to extension htaccess and htpasswd files
# Extra features - Start :
# Requires mod_expires to be enabled. mod_expires rules - Start :
<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Cache all files for 1 week after access (A).
ExpiresDefault A604800
# Do not cache dynamically generated pages.
ExpiresByType text/html A1
</IfModule>
# End - mod_expires rules
# End - Extra features
# End - .htaccess rules