offmania9/Boostack/master/.htaccess
php_value zlib.output_compression on
###### TIME
SetEnv TZ Europe/Rome
# disable the Server response header totally
<IfModule mod_headers.c>
Header unset Server
Header unset X-Powered-By
</IfModule>
# disable the server signature
#ServerTokens ProductOnly
ServerSignature Off
AddDefaultCharset utf-8
# Secure Your Web Site from Clickjacking Attack
Header append X-FRAME-OPTIONS "SAMEORIGIN"
# set the server administrator email
SetEnv SERVER_ADMIN info@boostack.com
#from boostack.com to www.boostack.com
#RewriteCond %{HTTP_HOST} ^http://www.boostack.com [NC]
#RewriteRule ^(.*)$ boostack.com/$1 [L,R=301]
#AuthType Basic
#AuthName "Authentication Required"
#AuthUserFile /var/www/html/boostack/.htpasswd
#Require valid-user
###### RULES
Options -MultiViews
RewriteEngine on
#---------
RewriteCond %{DOCUMENT_ROOT}/boostack/maintenance.php -f
RewriteCond %{DOCUMENT_ROOT}/boostack/maintenance.enable -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.php
RewriteRule ^.*$ /maintenance.php [R=503,L]
#----------------
RewriteRule ^home$ index.php [L]
RewriteRule ^docs/([a-zA-Z0-9_-]+)$ documentation.php?docpath=$1 [L]
RewriteRule ^docs documentation.php [L]
RewriteRule ^download$ download.php [L]
RewriteRule ^login$ login.php [L]
RewriteRule ^registration$ registration.php [L]
RewriteRule ^logout$ logout.php [L]
RewriteRule ^api/([^.]+)$ api.php?request=$1 [L]
ErrorDocument 400 /boostack/error.php?code=400
ErrorDocument 401 /boostack/error.php?code=401
ErrorDocument 403 /boostack/error.php?code=403
ErrorDocument 404 /boostack/error.php?code=404
ErrorDocument 500 /boostack/error.php?code=500
ErrorDocument 503 /boostack/maintenance.php
#ErrorDocument 400 https://boostack.com/error.php?code=400
#ErrorDocument 401 https://boostack.com/error.php?code=401
#ErrorDocument 403 https://boostack.com/error.php?code=403
#ErrorDocument 404 https://boostack.com/error.php?code=404
#ErrorDocument 500 https://boostack.com/error.php?code=500
#ErrorDocument 503 https://boostack.com/maintenance.php
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css A31536000
ExpiresByType application/x-javascript A31536000
ExpiresByType text/html A31536000
ExpiresByType text/richtext A31536000
ExpiresByType image/svg+xml A31536000
ExpiresByType text/plain A31536000
ExpiresByType text/xsd A31536000
ExpiresByType text/xsl A31536000
ExpiresByType text/xml A31536000
ExpiresByType video/asf A31536000
ExpiresByType video/avi A31536000
ExpiresByType image/bmp A31536000
ExpiresByType application/java A31536000
ExpiresByType video/divx A31536000
ExpiresByType application/msword A31536000
ExpiresByType application/x-msdownload A31536000
ExpiresByType image/gif A31536000
ExpiresByType application/x-gzip A31536000
ExpiresByType image/x-icon A31536000
ExpiresByType application/vnd.ms-access A31536000
ExpiresByType audio/midi A31536000
ExpiresByType video/quicktime A31536000
ExpiresByType audio/mpeg A31536000
ExpiresByType video/mp4 A31536000
ExpiresByType video/mpeg A31536000
ExpiresByType application/vnd.ms-project A31536000
ExpiresByType application/vnd.oasis.opendocument.database A31536000
ExpiresByType application/vnd.oasis.opendocument.chart A31536000
ExpiresByType application/vnd.oasis.opendocument.formula A31536000
ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
ExpiresByType application/vnd.oasis.opendocument.text A31536000
ExpiresByType audio/ogg A31536000
ExpiresByType application/pdf A31536000
ExpiresByType image/png A31536000
ExpiresByType application/vnd.ms-powerpoint A31536000
ExpiresByType audio/x-realaudio A31536000
ExpiresByType application/x-shockwave-flash A31536000
ExpiresByType application/x-tar A31536000
ExpiresByType image/tiff A31536000
ExpiresByType audio/wav A31536000
ExpiresByType audio/wma A31536000
ExpiresByType application/vnd.ms-write A31536000
ExpiresByType application/vnd.ms-excel A31536000
ExpiresByType application/zip A31536000
FileETag MTime Size
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
# Do not cache dynamically generated pages.
ExpiresByType text/html A1
</IfModule>
<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh|sql|inc|phtml|inc.php|Class.php)$">
Order Allow,Deny
Deny from all
</FilesMatch>
# proc/self/environ? no!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
#Blocca ogni script che cerca di settare un valore mosConfig attraverso l'URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block all script: base64_encode crap
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block all requests that contains <script> tag in the URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# block all requests trying to set the PHP global variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# block all requests trying to set the PHP _Request variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})[OR]
# Redirect all blocked request to error page
RewriteRule ^(.*)$ error.php [F,L]
# Start compression
SetOutputFilter DEFLATE
AddOutputFilter DEFLATE text/plain
AddOutputFilter DEFLATE text/html
AddOutputFilter DEFLATE text/xml
AddOutputFilter DEFLATE text/css
AddOutputFilter DEFLATE application/xml
AddOutputFilter DEFLATE application/xhtml+xml
AddOutputFilter DEFLATE application/rss+xml
AddOutputFilter DEFLATE application/javascript
AddOutputFilter DEFLATE application/x-javascript
AddOutputFilter DEFLATE application/x-httpd-php
AddOutputFilter DEFLATE application/x-httpd-fastphp
AddOutputFilter DEFLATE application/x-httpd-fastphp
AddOutputFilter DEFLATE image/svg+xml
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
# Don't compress images
SetEnvIfNoCase Request_URI .(?:gif|jpe?g)$ no-gzip dont-vary
AddOutputFilter DEFLATE image/png
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css image/png
<FilesMatch ".(js|css|html|htm|php|xml|png)$">
SetOutputFilter DEFLATE
</FilesMatch>
<ifModule mod_headers.c>
<filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=2592000, public"
</filesMatch>
<filesMatch "\.(css)$">
Header set Cache-Control "max-age=604800, public"
</filesMatch>
<filesMatch "\.(js)$">
Header set Cache-Control "max-age=604800, private"
</filesMatch>
<filesMatch "\.(xml|txt)$">
Header set Cache-Control "max-age=604800, public, must-revalidate"
</filesMatch>
# 6 mins
#<filesMatch "\.(html|htm|php)$">
# Header set Cache-Control "max-age=600, private, must-revalidate"
#</filesMatch>
<filesMatch "\.(html|htm|php)$">
FileETag None
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</filesMatch>
</ifModule>
# BEGIN Turn ETags Off
<ifModule mod_headers.c>
Header unset ETag
</ifModule>
FileETag None
# END Turn ETags Off
# BEGIN Remove Last-Modified Header
<ifModule mod_headers.c>
Header unset Last-Modified
</ifModule>
# END Remove Last-Modified Header
<ifmodule mod_mime.c="">
AddType text/css .css
AddType application/x-javascript .js
AddType text/x-component .htc
AddType text/html .html .htm
AddType text/richtext .rtf .rtx
AddType image/svg+xml .svg .svgz
AddType text/plain .txt
AddType text/xsd .xsd
AddType text/xsl .xsl
AddType text/xml .xml
AddType video/asf .asf .asx .wax .wmv .wmx
AddType video/avi .avi
AddType image/bmp .bmp
AddType application/java .class
AddType video/divx .divx
AddType application/msword .doc .docx
AddType application/vnd.ms-fontobject .eot
AddType application/x-msdownload .exe
AddType image/gif .gif
AddType application/x-gzip .gz .gzip
AddType image/x-icon .ico
AddType image/jpeg .jpg .jpeg .jpe
AddType application/vnd.ms-access .mdb
AddType audio/midi .mid .midi
AddType video/quicktime .mov .qt
AddType audio/mpeg .mp3 .m4a
AddType video/mp4 .mp4 .m4v
AddType video/mpeg .mpeg .mpg .mpe
AddType application/vnd.ms-project .mpp
AddType application/x-font-otf .otf
AddType application/vnd.oasis.opendocument.database .odb
AddType application/vnd.oasis.opendocument.chart .odc
AddType application/vnd.oasis.opendocument.formula .odf
AddType application/vnd.oasis.opendocument.graphics .odg
AddType application/vnd.oasis.opendocument.presentation .odp
AddType application/vnd.oasis.opendocument.spreadsheet .ods
AddType application/vnd.oasis.opendocument.text .odt
AddType audio/ogg .ogg
AddType application/pdf .pdf
AddType image/png .png
AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
AddType audio/x-realaudio .ra .ram
AddType application/x-shockwave-flash .swf
AddType application/x-tar .tar
AddType image/tiff .tif .tiff
AddType application/x-font-ttf .ttf .ttc
AddType audio/wav .wav
AddType audio/wma .wma
AddType application/vnd.ms-write .wri
AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
AddType application/zip .zip
</ifmodule>
<ifmodule mod_deflate.c="">
# Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
<ifmodule mod_setenvif.c="">
<ifmodule mod_headers.c="">
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)s*,?s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</ifmodule>
</ifmodule>
<ifmodule filter_module="">
# HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
FilterDeclare COMPRESS
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$text/html'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$text/css'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$text/plain'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$text/xml'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$text/x-component'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$application/javascript'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$application/json'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$application/xml'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$application/xhtml+xml'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$application/rss+xml'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$application/atom+xml'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$application/vnd.ms-fontobject'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$image/svg+xml'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$image/x-icon'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$application/x-font-ttf'"
FilterProvider COMPRESS DEFLATE "%{CONTENT_TYPE} = '$font/opentype'"
FilterChain COMPRESS
FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
</ifmodule>
<ifmodule mod_filter.c="">
# Legacy versions of Apache
AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
</ifmodule>
</ifmodule>
# Block access to "hidden" directories whose names begin with a period
<ifmodule mod_rewrite.c="">
RewriteCond %{SCRIPT_FILENAME} -d
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)." - [F]
</ifmodule>
<ifmodule mod_autoindex.c="">
Options -Indexes
</ifmodule>
Options -Indexes
<ifmodule php5_module="">
php_value session.cookie_httponly true
</ifmodule>
#Header set Set-Cookie HttpOnly;Secure
# ----------------------------------------------------------------------
# Force latest IE rendering engine
# ----------------------------------------------------------------------
<ifmodule mod_headers.c="">
Header set X-UA-Compatible "IE=Edge,chrome=1"
# mod_headers can't match by content-type, but we don't want to this header on everything
<filesmatch>
Header unset X-UA-Compatible
</filesmatch>
</ifmodule>
<ifmodule mod_headers.c="">
<filesmatch>
Header append Vary: Accept-Encoding
</filesmatch>
</ifmodule>
#<IfModule mod_php5.c>
# php_value short_open_tag 1
#</IfModule>
#Cache disable
#Header Set Cache-Control "max-age=0, no-store"
On Github License
Files