Htaccess File

offmania9/Boostack/master/.htaccess

CONTENT_TYPE, DEFLATE, DOCUMENT_ROOT, downgrade-1.0, force-response-1.0, HTTP_HOST, no-cache, no-gzip, nokeepalive, ORIGIN, Pragma, QUERY_STRING, REQUEST_URI, SCRIPT_FILENAME, SERVER_ADMIN, TIME, TZ
php_value zlib.output_compression on

###### TIME
SetEnv TZ Europe/Rome

# disable the Server response header totally
<IfModule mod_headers.c>
  Header unset Server
  Header unset X-Powered-By
</IfModule>

# disable the server signature
#ServerTokens ProductOnly
ServerSignature Off

AddDefaultCharset utf-8

# Secure Your Web Site from Clickjacking Attack
Header append X-FRAME-OPTIONS "SAMEORIGIN"

# set the server administrator email
SetEnv SERVER_ADMIN info@boostack.com

#from boostack.com to www.boostack.com
#RewriteCond %{HTTP_HOST} ^http://www.boostack.com [NC]
#RewriteRule ^(.*)$ boostack.com/$1 [L,R=301]

#AuthType Basic
#AuthName "Authentication Required"
#AuthUserFile /var/www/html/boostack/.htpasswd
#Require valid-user

###### RULES
Options -MultiViews
RewriteEngine on
#---------
RewriteCond %{DOCUMENT_ROOT}/boostack/maintenance.php -f
RewriteCond %{DOCUMENT_ROOT}/boostack/maintenance.enable -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.php
RewriteRule ^.*$ /maintenance.php [R=503,L]
#----------------
RewriteRule ^home$ index.php [L]
RewriteRule ^docs/([a-zA-Z0-9_-]+)$ documentation.php?docpath=$1 [L]
RewriteRule ^docs documentation.php [L]
RewriteRule ^download$ download.php [L]
RewriteRule ^login$ login.php [L]
RewriteRule ^registration$ registration.php [L]
RewriteRule ^logout$ logout.php [L]
RewriteRule ^api/([^.]+)$ api.php?request=$1 [L]

ErrorDocument 400 /boostack/error.php?code=400
ErrorDocument 401 /boostack/error.php?code=401
ErrorDocument 403 /boostack/error.php?code=403
ErrorDocument 404 /boostack/error.php?code=404
ErrorDocument 500 /boostack/error.php?code=500
ErrorDocument 503 /boostack/maintenance.php
#ErrorDocument 400 https://boostack.com/error.php?code=400
#ErrorDocument 401 https://boostack.com/error.php?code=401
#ErrorDocument 403 https://boostack.com/error.php?code=403
#ErrorDocument 404 https://boostack.com/error.php?code=404
#ErrorDocument 500 https://boostack.com/error.php?code=500
#ErrorDocument 503 https://boostack.com/maintenance.php

<IfModule mod_gzip.c>
    mod_gzip_on       Yes
    mod_gzip_dechunk  Yes
    mod_gzip_item_include file      .(html?|txt|css|js|php|pl)$
    mod_gzip_item_include handler   ^cgi-script$
    mod_gzip_item_include mime      ^text/.*
    mod_gzip_item_include mime      ^application/x-javascript.*
    mod_gzip_item_exclude mime      ^image/.*
    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css A31536000
ExpiresByType application/x-javascript A31536000
ExpiresByType text/html A31536000
ExpiresByType text/richtext A31536000
ExpiresByType image/svg+xml A31536000
ExpiresByType text/plain A31536000
ExpiresByType text/xsd A31536000
ExpiresByType text/xsl A31536000
ExpiresByType text/xml A31536000
ExpiresByType video/asf A31536000
ExpiresByType video/avi A31536000
ExpiresByType image/bmp A31536000
ExpiresByType application/java A31536000
ExpiresByType video/divx A31536000
ExpiresByType application/msword A31536000
ExpiresByType application/x-msdownload A31536000
ExpiresByType image/gif A31536000
ExpiresByType application/x-gzip A31536000
ExpiresByType image/x-icon A31536000
ExpiresByType application/vnd.ms-access A31536000
ExpiresByType audio/midi A31536000
ExpiresByType video/quicktime A31536000
ExpiresByType audio/mpeg A31536000
ExpiresByType video/mp4 A31536000
ExpiresByType video/mpeg A31536000
ExpiresByType application/vnd.ms-project A31536000
ExpiresByType application/vnd.oasis.opendocument.database A31536000
ExpiresByType application/vnd.oasis.opendocument.chart A31536000
ExpiresByType application/vnd.oasis.opendocument.formula A31536000
ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
ExpiresByType application/vnd.oasis.opendocument.text A31536000
ExpiresByType audio/ogg A31536000
ExpiresByType application/pdf A31536000
ExpiresByType image/png A31536000
ExpiresByType application/vnd.ms-powerpoint A31536000
ExpiresByType audio/x-realaudio A31536000
ExpiresByType application/x-shockwave-flash A31536000
ExpiresByType application/x-tar A31536000
ExpiresByType image/tiff A31536000
ExpiresByType audio/wav A31536000
ExpiresByType audio/wma A31536000
ExpiresByType application/vnd.ms-write A31536000
ExpiresByType application/vnd.ms-excel A31536000
ExpiresByType application/zip A31536000

FileETag MTime Size

# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600

# Do not cache dynamically generated pages.
ExpiresByType text/html A1

</IfModule>

<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh|sql|inc|phtml|inc.php|Class.php)$">
Order Allow,Deny
Deny from all
</FilesMatch>

# proc/self/environ? no!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]

#Blocca ogni script che cerca di settare un valore mosConfig attraverso l'URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]

# Block all script: base64_encode crap
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]

# Block all requests that contains <script> tag in the URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

# block all requests trying to set the PHP global variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]

# block all requests trying to set the PHP _Request variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})[OR]

# Redirect all blocked request to error page
RewriteRule ^(.*)$ error.php [F,L]

# Start compression
SetOutputFilter DEFLATE
AddOutputFilter DEFLATE text/plain
AddOutputFilter DEFLATE text/html
AddOutputFilter DEFLATE text/xml
AddOutputFilter DEFLATE text/css
AddOutputFilter DEFLATE application/xml
AddOutputFilter DEFLATE application/xhtml+xml
AddOutputFilter DEFLATE application/rss+xml
AddOutputFilter DEFLATE application/javascript
AddOutputFilter DEFLATE application/x-javascript
AddOutputFilter DEFLATE application/x-httpd-php
AddOutputFilter DEFLATE application/x-httpd-fastphp
AddOutputFilter DEFLATE application/x-httpd-fastphp
AddOutputFilter DEFLATE image/svg+xml
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
# Don't compress images
SetEnvIfNoCase Request_URI .(?:gif|jpe?g)$ no-gzip dont-vary
AddOutputFilter DEFLATE image/png

AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css image/png
<FilesMatch ".(js|css|html|htm|php|xml|png)$">
SetOutputFilter DEFLATE
</FilesMatch>

<ifModule mod_headers.c>
  <filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$">
    Header set Cache-Control "max-age=2592000, public"
  </filesMatch>
  <filesMatch "\.(css)$">
    Header set Cache-Control "max-age=604800, public"
  </filesMatch>
  <filesMatch "\.(js)$">
    Header set Cache-Control "max-age=604800, private"
  </filesMatch>
  <filesMatch "\.(xml|txt)$">
    Header set Cache-Control "max-age=604800, public, must-revalidate"
  </filesMatch>
  # 6 mins
  #<filesMatch "\.(html|htm|php)$">
  #  Header set Cache-Control "max-age=600, private, must-revalidate"
  #</filesMatch>
    <filesMatch "\.(html|htm|php)$">
       FileETag None
       Header unset ETag
       Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
       Header set Pragma "no-cache"
       Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
    </filesMatch>
</ifModule>

# BEGIN Turn ETags Off
<ifModule mod_headers.c>
  Header unset ETag
</ifModule>
FileETag None
# END Turn ETags Off

# BEGIN Remove Last-Modified Header
<ifModule mod_headers.c>
  Header unset Last-Modified
</ifModule>
# END Remove Last-Modified Header

<ifmodule mod_mime.c="">
    AddType text/css .css
    AddType application/x-javascript .js
    AddType text/x-component .htc
    AddType text/html .html .htm
    AddType text/richtext .rtf .rtx
    AddType image/svg+xml .svg .svgz
    AddType text/plain .txt
    AddType text/xsd .xsd
    AddType text/xsl .xsl
    AddType text/xml .xml
    AddType video/asf .asf .asx .wax .wmv .wmx
    AddType video/avi .avi
    AddType image/bmp .bmp
    AddType application/java .class
    AddType video/divx .divx
    AddType application/msword .doc .docx
    AddType application/vnd.ms-fontobject .eot
    AddType application/x-msdownload .exe
    AddType image/gif .gif
    AddType application/x-gzip .gz .gzip
    AddType image/x-icon .ico
    AddType image/jpeg .jpg .jpeg .jpe
    AddType application/vnd.ms-access .mdb
    AddType audio/midi .mid .midi
    AddType video/quicktime .mov .qt
    AddType audio/mpeg .mp3 .m4a
    AddType video/mp4 .mp4 .m4v
    AddType video/mpeg .mpeg .mpg .mpe
    AddType application/vnd.ms-project .mpp
    AddType application/x-font-otf .otf
    AddType application/vnd.oasis.opendocument.database .odb
    AddType application/vnd.oasis.opendocument.chart .odc
    AddType application/vnd.oasis.opendocument.formula .odf
    AddType application/vnd.oasis.opendocument.graphics .odg
    AddType application/vnd.oasis.opendocument.presentation .odp
    AddType application/vnd.oasis.opendocument.spreadsheet .ods
    AddType application/vnd.oasis.opendocument.text .odt
    AddType audio/ogg .ogg
    AddType application/pdf .pdf
    AddType image/png .png
    AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
    AddType audio/x-realaudio .ra .ram
    AddType application/x-shockwave-flash .swf
    AddType application/x-tar .tar
    AddType image/tiff .tif .tiff
    AddType application/x-font-ttf .ttf .ttc
    AddType audio/wav .wav
    AddType audio/wma .wma
    AddType application/vnd.ms-write .wri
    AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
    AddType application/zip .zip
</ifmodule>

<ifmodule mod_deflate.c="">
    # Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
    <ifmodule mod_setenvif.c="">
        <ifmodule mod_headers.c="">
            SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)s*,?s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
            RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
        </ifmodule>
    </ifmodule>

    <ifmodule filter_module="">
        # HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
        FilterDeclare   COMPRESS
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/html'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/css'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/plain'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/x-component'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/javascript'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/json'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/xhtml+xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/rss+xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/atom+xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/vnd.ms-fontobject'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$image/svg+xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$image/x-icon'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/x-font-ttf'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$font/opentype'"
        FilterChain     COMPRESS
        FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no
    </ifmodule>

    <ifmodule mod_filter.c="">
        # Legacy versions of Apache
        AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
        AddOutputFilterByType DEFLATE application/javascript
        AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
        AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
        AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
    </ifmodule>

</ifmodule>

# Block access to "hidden" directories whose names begin with a period
<ifmodule mod_rewrite.c="">
    RewriteCond %{SCRIPT_FILENAME} -d
    RewriteCond %{SCRIPT_FILENAME} -f
    RewriteRule "(^|/)." - [F]
</ifmodule>

<ifmodule mod_autoindex.c="">
    Options -Indexes
</ifmodule>
Options -Indexes
<ifmodule php5_module="">
    php_value session.cookie_httponly true
</ifmodule>
#Header set Set-Cookie HttpOnly;Secure
# ----------------------------------------------------------------------
# Force latest IE rendering engine
# ----------------------------------------------------------------------
<ifmodule mod_headers.c="">
    Header set X-UA-Compatible "IE=Edge,chrome=1"
        # mod_headers can't match by content-type, but we don't want to this header on everything
        <filesmatch>
            Header unset X-UA-Compatible
        </filesmatch>
</ifmodule>

<ifmodule mod_headers.c="">
  <filesmatch>
    Header append Vary: Accept-Encoding
  </filesmatch>
</ifmodule>

#<IfModule mod_php5.c>
#    php_value short_open_tag 1
#</IfModule>
#Cache disable
#Header Set Cache-Control "max-age=0, no-store"
Exit mobile version