-
Notifications
You must be signed in to change notification settings - Fork 5
/
.htaccess
98 lines (83 loc) · 2.43 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# BEGIN Gzip Compression
<ifmodule mod_rewrite.c>
AddEncoding gzip .gz
<filesmatch "\.js\.gz$">
AddType "text/javascript" .gz
</filesmatch>
<filesmatch "\.css\.gz$">
AddType "text/css" .gz
</filesmatch>
</ifmodule>
AddType font/ttf .ttf
AddType font/otf .otf
AddType application/font-woff .woff
AddType application/vnd.ms-fontobject .eot
<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript
</ifmodule>
# END Gzip Compression
# Force mime for javascript files
<Files "*.js">
ForceType text/javascript
</Files>
# BEGIN Caching
<ifModule mod_expires.c>
ExpiresActive On
ExpiresDefault A300
ExpiresByType image/x-icon A2592000
<FilesMatch ".(php)$">
ExpiresDefault A0
Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
Header set Pragma "no-cache"
</FilesMatch>
</ifModule>
# END Caching
# BEGIN Spelling
<IfModule mod_speling.c>
CheckSpelling On
CheckCaseOnly On
</IfModule>
# END Spelling
# BEGIN URL rewrite
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME} \.(js|css)$
RewriteCond %{REQUEST_FILENAME}.gz -f
RewriteRule ^(.*)$ $1.gz [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /?{QUERY_STRING} [QSA]
</ifmodule>
# END URL rewrite
# BEGIN Access control
# TODO: implement access control limitation to only allow index.php access (also consider modrewrite)
# END Access control
# Disable directory view
Options All -Indexes
# Disable unsupported scripts
Options -ExecCGI
AddHandler cgi-script .pl .py .jsp .asp .shtml .sh .cgi
#<ifmodule mod_headers.c>
# # XSS protection
# header always set x-xss-protection "1; mode=block"
#
# # Nosnif
# header always set x-content-type-options "nosniff"
#
# # Iframes only from self
# header always set x-frame-options "SAMEORIGIN"
#</ifmodule>
<FilesMatch "ServiceWorker.js$">
<ifmodule mod_headers.c>
Header set Service-Worker-Allowed "/"
</ifmodule>
</FilesMatch>
# Php config
# This should be removed from here and adjusted in the php.ini file
php_value upload_max_filesize 40M
php_value post_max_size 40M
php_value memory_limit 128M
php_value max_input_time 30
php_value max_execution_time 30