=============================================================================#
MAIN SETTINGS AND OPTIONS
=============================================================================#
Options: ALL,FollowSymLinks,Includes,IncludesNOEXEC,SymLinksIfOwnerMatch
##########
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
SetEnv TZ America/Las_Vegas
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
SetEnv SERVER_ADMIN webmaster@askapache.com
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.0/mod/core.html#options
# for more information.
#
Options -ExecCGI -MultiViews -Includes -Indexes FollowSymLinks
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
DirectoryIndex index.html index.php /index.php
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
Action php5-cgi /bin/php.cgi
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler php5-cgi .php .inc
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddDefaultCharset UTF-8
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#
AddType 'application/rdf+xml; charset=UTF-8' .rdf
AddType 'application/xhtml+xml; charset=UTF-8' .xhtml
AddType 'application/xhtml+xml; charset=UTF-8' .xhtml.gz
AddType 'text/html; charset=UTF-8' .html
AddType 'text/html; charset=UTF-8' .html.gz
AddType application/octet-stream .rar .chm .bz2 .tgz .msi .pdf .exe
AddType application/vnd.ms-excel .csv
AddType application/x-httpd-php-source .phps
AddType application/x-pilot .prc .pdb
AddType application/x-shockwave-flash .swf
AddType application/xrds+xml .xrdf
AddType text/plain .ini .sh .bsh .bash .awk .nawk .gawk .csh .var .c .in .h .asc .md5 .sha .sha1
AddType video/x-flv .flv
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/html
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature Off
## MAIN DEFAULTS ###
Options +ExecCGI -Indexes
DirectoryIndex index.html index.htm index.php
DefaultLanguage en-US
AddDefaultCharset UTF-8
ServerSignature Off
## ENVIRONMENT VARIABLES ###
SetEnv PHPRC /webroot/includes
SetEnv TZ America/Las_Vegas
SetEnv SERVER_ADMIN webmaster@domain.tld
## MIME TYPES ###
AddType video/x-flv .flv
AddType application/x-shockwave-flash .swf
AddType image/x-icon .ico
## FORCE FILE TO DOWNLOAD INSTEAD OF APPEAR IN BROWSER ###
-> http://www.htaccesselite.com/addtype-addhandler-action-vf6.html
AddType application/octet-stream .mov .mp3 .zip
## ERRORDOCUMENTS ###
-> http://askapache.com/htaccess/apache-status-code-headers-errordocument/
ErrorDocument 100 /error-100/
ErrorDocument 101 /error-101/
ErrorDocument 102 /error-102/
ErrorDocument 200 /error-200/
ErrorDocument 201 /error-201/
ErrorDocument 202 /error-202/
ErrorDocument 203 /error-203/
ErrorDocument 204 /error-204/
ErrorDocument 205 /error-205/
ErrorDocument 206 /error-206/
ErrorDocument 207 /error-207/
ErrorDocument 400 /error-400/
ErrorDocument 401 /error-401/
ErrorDocument 402 /error-402/
ErrorDocument 403 /error-403/
ErrorDocument 404 /error-404/
ErrorDocument 405 /error-405/
ErrorDocument 406 /error-406/
ErrorDocument 407 /error-407/
ErrorDocument 408 /error-408/
ErrorDocument 409 /error-409/
ErrorDocument 410 /error-410/
ErrorDocument 411 /error-411/
ErrorDocument 412 /error-412/
ErrorDocument 413 /error-413/
ErrorDocument 414 /error-414/
ErrorDocument 415 /error-415/
ErrorDocument 416 /error-416/
ErrorDocument 417 /error-417/
ErrorDocument 418 /error-418/
ErrorDocument 419 /error-419/
ErrorDocument 420 /error-420/
ErrorDocument 421 /error-421/
ErrorDocument 422 /error-422/
ErrorDocument 423 /error-423/
ErrorDocument 424 /error-424/
ErrorDocument 425 /error-425/
ErrorDocument 426 /error-426/
ErrorDocument 500 /error-500/
ErrorDocument 501 /error-501/
ErrorDocument 502 /error-502/
ErrorDocument 503 /error-503/
ErrorDocument 504 /error-504/
ErrorDocument 505 /error-505/
ErrorDocument 506 /error-506/
ErrorDocument 507 /error-507/
ErrorDocument 508 /error-508/
ErrorDocument 509 /error-509/
ErrorDocument 510 /error-510/
=============================================================================#
SCRIPTING, ACTION, ADDHANDLER
=============================================================================#
Handlers be builtin, included in a module, or added with Action directive
default-handler: default, handles static content (core)
send-as-is: Send file with HTTP headers (mod_asis)
cgi-script: treat file as CGI script (mod_cgi)
imap-file: Parse as an imagemap rule file (mod_imap)
server-info: Get server config info (mod_info)
server-status: Get server status report (mod_status)
type-map: type map file for content negotiation (mod_negotiation)
fastcgi-script: treat file as fastcgi script (mod_fastcgi)
##########
-> https://www.askapache.com/php/custom-phpini-tips-and-tricks/
## PARSE AS CGI ###
AddHandler cgi-script .cgi .pl .spl
## RUN PHP AS APACHE MODULE ###
AddHandler application/x-httpd-php .php .htm
## RUN PHP AS CGI ###
AddHandler php-cgi .php .htm
## CGI PHP WRAPPER FOR CUSTOM PHP.INI ###
AddHandler phpini-cgi .php .htm
Action phpini-cgi /cgi-bin/php5-custom-ini.cgi
## FAST-CGI SETUP WITH PHP-CGI WRAPPER FOR CUSTOM PHP.INI ###
AddHandler fastcgi-script .fcgi
AddHandler php-cgi .php .htm
Action php-cgi /cgi-bin/php5-wrapper.fcgi
## CUSTOM PHP CGI BINARY SETUP ###
AddHandler php-cgi .php .htm
Action php-cgi /cgi-bin/php.cgi
## PROCESS SPECIFIC FILETYPES WITH CGI-SCRIPT ###
Action image/gif /cgi-bin/img-create.cgi
## CREATE CUSTOM HANDLER FOR SPECIFIC FILE EXTENSIONS ###
AddHandler custom-processor .ssp
Action custom-processor /cgi-bin/myprocessor.cgi
### HEADER CACHING ####
-> https://www.askapache.com/htaccess/speed-up-sites-with-htaccess-caching/
Header set Cache-Control "max-age=2592000"
Header set Cache-Control "max-age=604800"
Header set Cache-Control "max-age=600"
Header unset Cache-Control
## ALTERNATE EXPIRES CACHING ###
-> htaccesselite.com/d/use-htaccess-to-speed-up-your-site-discussion-vt67.html
ExpiresActive On
ExpiresDefault A604800
ExpiresByType image/x-icon A2592000
ExpiresByType application/x-javascript A2592000
ExpiresByType text/css A2592000
ExpiresByType text/html A300
ExpiresActive Off
## META HTTP-EQUIV REPLACEMENTS ###
Header set imagetoolbar "no"
## REWRITE DEFAULTS ###
RewriteEngine On
RewriteBase /
## REQUIRE SUBDOMAIN ###
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^subdomain\.domain\.tld$ [NC]
RewriteRule ^/(.*)$ http://subdomain.domain.tld/$1 [L,R=301]
## SEO REWRITES ###
RewriteRule ^(.*)/ve/(.*)$ $1/voluntary-employee/$2 [L,R=301]
RewriteRule ^(.*)/hsa/(.*)$ $1/health-saving-account/$2 [L,R=301]
## WORDPRESS ###
RewriteCond %{REQUEST_FILENAME} !-f # Existing File
RewriteCond %{REQUEST_FILENAME} !-d # Existing Directory
RewriteRule . /index.php [L]
## ALTERNATIVE ANTI-HOTLINKING ###
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(subdomain\.)?domain.tld/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ - [F]
## REDIRECT HOTLINKERS ###
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(subdomain\.)?domain.tld/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ http://google.com [R]
## DENY REQUEST BASED ON REQUEST METHOD ###
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD)$ [NC]
RewriteRule ^.*$ - [F]
## REDIRECT UPLOADS ###
RewriteCond %{REQUEST_METHOD} ^(PUT|POST)$ [NC]
RewriteRule ^(.*)$ /cgi-bin/form-upload-processor.cgi?p=$1 [L,QSA]
## REQUIRE SSL EVEN WHEN MOD_SSL IS NOT LOADED ###
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
### ALTERNATATIVE TO USING ERRORDOCUMENT ###
-> http://www.htaccesselite.com/d/htaccess-errordocument-examples-vt11.html
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /error.php [L]
## SEO REDIRECTS ###
Redirect 301 /2006/oldfile.html http://subdomain.domain.tld/newfile.html
RedirectMatch 301 /o/(.*)$ http://subdomain.domain.tld/s/dl/$1
Require (user|group|valid-user) (username|groupname)
## BASIC PASSWORD PROTECTION ###
AuthType basic
AuthName "prompt"
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
Require valid-user
## ALLOW FROM IP OR VALID PASSWORD ###
Require valid-user
Allow from 192.168.1.23
Satisfy Any
## PROTECT FILES ###
Order Allow,Deny
Deny from all
## PREVENT HOTLINKING ###
SetEnvIfNoCase Referer "^http://subdomain.domain.tld/" good
SetEnvIfNoCase Referer "^$" good
Order Deny,Allow
Deny from all
Allow from env=good
ErrorDocument 403 http://www.google.com/intl/en_ALL/images/logo.gif
ErrorDocument 403 /images/you_bad_hotlinker.gif
## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK ###
LimitRequestBody 10240000 #bytes, 0-2147483647(2GB)
## MOST SECURE WAY TO REQUIRE SSL ###
-> https://www.askapache.com/htaccess/apache-ssl-in-htaccess-examples/
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "domain.tld"
ErrorDocument 403 https://domain.tld
## COMBINED DEVELOPER HTACCESS CODE-USE THIS ###
Header set Cache-Control "max-age=5"
AuthType basic
AuthName "Ooops! Temporarily Under Construction..."
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
Require valid-user # password prompt for everyone else
Order Deny,Allow
Deny from all
Allow from 192.168.64.5 # Your, the developers IP address
Allow from w3.org # css/xhtml check jigsaw.w3.org/css-validator/
Allow from googlebot.com # Allows google to crawl your pages
Satisfy Any # no password required if host/ip is Allowed
## DONT HAVE TO EMPTY CACHE OR RELOAD TO SEE CHANGES ###
ExpiresDefault A5 #If using mod_expires
Header set Cache-Control "max-age=5"
## ALLOW ACCESS WITH PASSWORD OR NO PASSWORD FOR SPECIFIC IP/HOSTS ###
AuthType basic
AuthName "Ooops! Temporarily Under Construction..."
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
Require valid-user # password prompt for everyone else
Order Deny,Allow
Deny from all
Allow from 192.168.64.5 # Your, the developers IP address
Allow from w3.org # css/xhtml check jigsaw.w3.org/css-validator/
Allow from googlebot.com # Allows google to crawl your pages
Satisfy Any # no password required if host/ip is Allowed