justinrummel/jr.com-hpstr/master/.htaccess - Htaccess File

justinrummel/jr.com-hpstr/master/.htaccess

<IfModule mod_headers.c>
# https://github.com/h5bp/server-configs-apache/blob/master/src/security/strict-transport-security.conf
  # Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
  Header always set Strict-Transport-Security "max-age=15768000; preload"

# http://stopmalvertising.com/security/securing-your-website-with-.htaccess/.htaccess-http-headers.html
  Header set X-Frame-Options SAMEORIGIN
  Header set X-XSS-Protection "1; mode=block"
  Header set X-Content-Type-Options "nosniff"

# https://raymii.org/s/articles/HTTP_Public_Key_Pinning_Extension_HPKP.html
# https://report-uri.io/home/pkp_hash
  Header set Public-Key-Pins "pin-sha256="sPN1QkpU0jxkt/e2TpIEDBFfCRxAbQI6O7Klen1NtTs="; pin-sha256="fVZ1UlYWgPZvUe9THLBBeg1pNN7LF4HI373EsQhUAdE="; pin-sha256="5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU="; max-age=2592000;"

# https://scotthelme.co.uk/content-security-policy-an-introduction/
# http://content-security-policy.com/
  # Not Safari compatible: upgrade-insecure-requests; block-all-mixed-content;
  # Not Safari compatible: child-src 'self' https: disqus.com www.strava.com www.youtube.com player.vimeo.com;
  # Header set Content-Security-Policy: "default-src https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.twitter.com:* *.google-analytics.com ajax.googleapis.com a.disquscdn.com *.disqus.com *.services.disqus.com *.twitter.com cdn.syndication.twimg.com; style-src 'self' data: 'unsafe-inline' https: fonts.googleapis.com assets-cdn.github.com *.twiter.com; img-src 'self' https: referrer.disqus.com *.google-analytics.com a.disquscdn.com *.twiter.com *.twimg.com *.staticflickr.com *.static.flickr.com; font-src 'self' https: fonts.gstatic.com fonts.googleapis.com; connect-src 'self' https: links.services.disqus.com;""

  # Header set Content-Security-Policy "default-src https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.twitter.com:* https://api.adsnative.com/v1/ad.json *.adsafeprotected.com https://cas.criteo.com/delivery/0.1/napi.jsonp *.services.disqus.com:* http://referrer.disqus.com/juggler/ https://disqus.com https://*.disqus.com http://*.twitter.com:* a.disquscdn.com https://cdn.syndication.twimg.com/tweets.json https://*.services.disqus.com:* *.moatads.com https://referrer.disqus.com/juggler/ https://mobile.adnxs.com/mob https://ajax.googleapis.com https://*.google-analytics.com; style-src 'self' data: 'unsafe-inline' https: fonts.googleapis.com assets-cdn.github.com *.twiter.com; img-src 'self' https: referrer.disqus.com *.google-analytics.com a.disquscdn.com *.twiter.com *.twimg.com *.staticflickr.com *.static.flickr.com; font-src 'self' https: fonts.gstatic.com fonts.googleapis.com; connect-src 'self' https: links.services.disqus.com;"

  Header set Content-Security-Policy: "default-src 'none'; connect-src https:; font-src https: data:; frame-src https: ; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'unsafe-inline' https:;"
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteOptions inherit
  RewriteBase /

  # 404 Error page
  ErrorDocument 404 /404.html

  # Skip force www for Akamized links
  #  RewriteCond %{HTTPS} !=on
  #  RewriteCond %{HTTP_HOST} ^justinrummel.com.edgekey-staging.net$ [NC]
  #  RewriteRule ^(.*)$ https://justinrummel.com.edgekey-staging.net/$1 [R=301,L]

  # Forcing 'www' at the beginning of all urls
    RewriteCond %{HTTP_HOST} ^justinrummel.com$ [NC]
    RewriteCond %{HTTP_HOST} !^www.justinrummel.com$ [NC]
    RewriteRule ^(.*)$ https://www.justinrummel.com/$1 [R=301,L]

  # Forcing 'www' at the beginning of all urls
  # https://github.com/h5bp/server-configs-apache/blob/master/src/rewrites/rewrite_www.conf
  #  RewriteCond %{HTTPS} !=on
  #  RewriteCond %{HTTP_HOST} !.net$ [NC]
  #  RewriteCond %{HTTP_HOST} !^www. [NC]
  #  RewriteCond %{SERVER_ADDR} !=127.0.0.1
  #  RewriteCond %{SERVER_ADDR} !=::1
  #  RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  # Forcing HTTPS
  # https://github.com/h5bp/server-configs-apache/blob/master/src/rewrites/rewrite_http_to_https.conf
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

  # Getting rid of 'undefined' at the end of urls.  Not sure why there are there... but I see them in the error_log file
    RewriteCond %{REQUEST_URI} undefined$
    RewriteRule ^(.*)undefined$ $1 [R=301,L]

  # Redirecting old "categories" to tags
    RewriteRule ^(categories)(/)(.*)(/)$ https://www.justinrummel.com/tags/#$3 [R=301,nc]

  # Redirecting anything with /feeds to feedburner
    RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC]
    RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
    RewriteRule ^feed/$ http://feeds.feedburner.com/jr [R=301,L]

  # Redirecting dumb disqus items
    RedirectMatch 301 /i-moved-my-domains-to-google-domains/(.*) /i-moved-my-domains-to-google-domains-and-you-wont-believe-what-happened-next/$1

  # Redirecting anything with /sitemap.xml.gz to sitemap.xml
    RewriteCond %{HTTP_HOST} ^.*$
    RewriteRule ^sitemap.xml.gz$ "sitemap.xml" [R=301,L]
</IfModule>

# https://raw.githubusercontent.com/h5bp/server-configs-apache/master/src/web_performance/compression.conf
# ----------------------------------------------------------------------
# | Compression                                                        |
# ----------------------------------------------------------------------

<IfModule mod_deflate.c>

      # Force compression for mangled `Accept-Encoding` request headers
      # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html

      <IfModule mod_setenvif.c>
          <IfModule mod_headers.c>
              SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)s*,?s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
              RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
          </IfModule>
      </IfModule>

      # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      # Compress all output labeled with one of the following media types.
      #
      # (!) For Apache versions below version 2.3.7 you don't need to
      # enable `mod_filter` and can remove the `<IfModule mod_filter.c>`
      # and `</IfModule>` lines as `AddOutputFilterByType` is still in
      # the core directives.
      #
      # https://httpd.apache.org/docs/current/mod/mod_filter.html#addoutputfilterbytype

      <IfModule mod_filter.c>
          AddOutputFilterByType DEFLATE "application/atom+xml" 
                                        "application/javascript" 
                                        "application/json" 
                                        "application/ld+json" 
                                        "application/manifest+json" 
                                        "application/rdf+xml" 
                                        "application/rss+xml" 
                                        "application/schema+json" 
                                        "application/vnd.geo+json" 
                                        "application/vnd.ms-fontobject" 
                                        "application/x-font-ttf" 
                                        "application/x-javascript" 
                                        "application/x-web-app-manifest+json" 
                                        "application/xhtml+xml" 
                                        "application/xml" 
                                        "font/eot" 
                                        "font/opentype" 
                                        "image/bmp" 
                                        "image/svg+xml" 
                                        "image/vnd.microsoft.icon" 
                                        "image/x-icon" 
                                        "text/cache-manifest" 
                                        "text/css" 
                                        "text/html" 
                                        "text/javascript" 
                                        "text/plain" 
                                        "text/vcard" 
                                        "text/vnd.rim.location.xloc" 
                                        "text/vtt" 
                                        "text/x-component" 
                                        "text/x-cross-domain-policy" 
                                        "text/xml"

      </IfModule>

      # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      # Map the following filename extensions to the specified
      # encoding type in order to make Apache serve the file types
      # with the appropriate `Content-Encoding` response header
      # (do note that this will NOT make Apache compress them!).
      #
      # If these files types would be served without an appropriate
      # `Content-Enable` response header, client applications (e.g.:
      # browsers) wouldn't know that they first need to uncompress
      # the response, and thus, wouldn't be able to understand the
      # content.
      #
      # https://httpd.apache.org/docs/current/mod/mod_mime.html#addencoding

      <IfModule mod_mime.c>
          AddEncoding gzip              svgz
      </IfModule>

</IfModule>

# https://raw.githubusercontent.com/h5bp/server-configs-apache/master/src/web_performance/expires_headers.conf
# ----------------------------------------------------------------------
# | Expires headers                                                    |
# ----------------------------------------------------------------------

# Serve resources with far-future expires headers.
#
# (!) If you don't control versioning with filename-based
# cache busting, you should consider lowering the cache times
# to something like one week.
#
# https://httpd.apache.org/docs/current/mod/mod_expires.html

<IfModule mod_expires.c>

      ExpiresActive on
      ExpiresDefault                                      "access plus 1 month"

    # CSS
      ExpiresByType text/css                              "access plus 1 year"

    # Data interchange
      ExpiresByType application/atom+xml                  "access plus 1 hour"
      ExpiresByType application/rdf+xml                   "access plus 1 hour"
      ExpiresByType application/rss+xml                   "access plus 1 hour"

      ExpiresByType application/json                      "access plus 0 seconds"
      ExpiresByType application/ld+json                   "access plus 0 seconds"
      ExpiresByType application/schema+json               "access plus 0 seconds"
      ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
      ExpiresByType application/xml                       "access plus 0 seconds"
      ExpiresByType text/xml                              "access plus 0 seconds"

    # Favicon (cannot be renamed!) and cursor images
      ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
      ExpiresByType image/x-icon                          "access plus 1 week"

    # HTML
      ExpiresByType text/html                             "access plus 0 seconds"

    # JavaScript
      ExpiresByType application/javascript                "access plus 1 year"
      ExpiresByType application/x-javascript              "access plus 1 year"
      ExpiresByType text/javascript                       "access plus 1 year"

    # Manifest files
      ExpiresByType application/manifest+json             "access plus 1 year"

      ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
      ExpiresByType text/cache-manifest                   "access plus 0 seconds"

    # Media files
      ExpiresByType audio/ogg                             "access plus 1 month"
      ExpiresByType image/bmp                             "access plus 1 month"
      ExpiresByType image/gif                             "access plus 1 month"
      ExpiresByType image/jpeg                            "access plus 1 month"
      ExpiresByType image/png                             "access plus 1 month"
      ExpiresByType image/svg+xml                         "access plus 1 month"
      ExpiresByType image/webp                            "access plus 1 month"
      ExpiresByType video/mp4                             "access plus 1 month"
      ExpiresByType video/ogg                             "access plus 1 month"
      ExpiresByType video/webm                            "access plus 1 month"

    # Web fonts

      # Embedded OpenType (EOT)
      ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
      ExpiresByType font/eot                              "access plus 1 month"

      # OpenType
      ExpiresByType font/opentype                         "access plus 1 month"

      # TrueType
      ExpiresByType application/x-font-ttf                "access plus 1 month"

      # Web Open Font Format (WOFF) 1.0
      ExpiresByType application/font-woff                 "access plus 1 month"
      ExpiresByType application/x-font-woff               "access plus 1 month"
      ExpiresByType font/woff                             "access plus 1 month"

      # Web Open Font Format (WOFF) 2.0
      ExpiresByType application/font-woff2                "access plus 1 month"

    # Other
      ExpiresByType text/x-cross-domain-policy            "access plus 1 week"

</IfModule>

On Github License

Files

Download PDF of Htaccess file
DEFLATE, ENV, HTTP_HOST, HTTP_USER_AGENT, HTTPS, ORIGIN, PROTO, REQUEST_URI, SERVER_ADDR, static

Comments

Apache