-
Notifications
You must be signed in to change notification settings - Fork 218
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Emmanuel Campait
committed
Jan 18, 2016
1 parent
a718031
commit 2eb1357
Showing
5 changed files
with
393 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,379 @@ | ||
| # ###################################################################### | ||
| # # CROSS-ORIGIN # | ||
| # ###################################################################### | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Cross-origin images | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_setenvif.c> | ||
| <IfModule mod_headers.c> | ||
| <FilesMatch "\.(bmp|cur|gif|ico|jpe?g|png|svgz?|webp)$"> | ||
| SetEnvIf Origin ":" IS_CORS | ||
| Header set Access-Control-Allow-Origin "*" env=IS_CORS | ||
| </FilesMatch> | ||
| </IfModule> | ||
| </IfModule> | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Cross-origin web fonts | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_headers.c> | ||
| <FilesMatch "\.(eot|otf|tt[cf]|woff2?)$"> | ||
| Header set Access-Control-Allow-Origin "*" | ||
| </FilesMatch> | ||
| </IfModule> | ||
|
|
||
|
|
||
| # ###################################################################### | ||
| # # ERRORS # | ||
| # ###################################################################### | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Custom error messages/pages | | ||
| # ---------------------------------------------------------------------- | ||
| ErrorDocument 404 /404.html | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Error prevention | | ||
| # ---------------------------------------------------------------------- | ||
| Options -MultiViews | ||
|
|
||
|
|
||
| # ###################################################################### | ||
| # # INTERNET EXPLORER # | ||
| # ###################################################################### | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Document modes | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_headers.c> | ||
| Header set X-UA-Compatible "IE=edge" | ||
|
|
||
| <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$"> | ||
| Header unset X-UA-Compatible | ||
| </FilesMatch> | ||
| </IfModule> | ||
|
|
||
|
|
||
| # ###################################################################### | ||
| # # MEDIA TYPES AND CHARACTER ENCODINGS # | ||
| # ###################################################################### | ||
| <IfModule mod_mime.c> | ||
| # Data interchange | ||
| AddType application/atom+xml atom | ||
| AddType application/json json map topojson | ||
| AddType application/ld+json jsonld | ||
| AddType application/rss+xml rss | ||
| AddType application/vnd.geo+json geojson | ||
| AddType application/xml rdf xml | ||
|
|
||
| # JavaScript | ||
| AddType application/javascript js | ||
|
|
||
| # Manifest files | ||
| AddType application/manifest+json webmanifest | ||
| AddType application/x-web-app-manifest+json webapp | ||
| AddType text/cache-manifest appcache | ||
|
|
||
| # Media files | ||
| AddType audio/mp4 f4a f4b m4a | ||
| AddType audio/ogg oga ogg opus | ||
| AddType image/bmp bmp | ||
| AddType image/svg+xml svg svgz | ||
| AddType image/webp webp | ||
| AddType video/mp4 f4v f4p m4v mp4 | ||
| AddType video/ogg ogv | ||
| AddType video/webm webm | ||
| AddType video/x-flv flv | ||
| AddType image/x-icon cur ico | ||
|
|
||
| # Web fonts | ||
| AddType application/font-woff woff | ||
| AddType application/font-woff2 woff2 | ||
| AddType application/vnd.ms-fontobject eot | ||
| AddType application/x-font-ttf ttc ttf | ||
| AddType font/opentype otf | ||
|
|
||
| # Other | ||
| AddType application/octet-stream safariextz | ||
| AddType application/x-bb-appworld bbaw | ||
| AddType application/x-chrome-extension crx | ||
| AddType application/x-opera-extension oex | ||
| AddType application/x-xpinstall xpi | ||
| AddType text/vcard vcard vcf | ||
| AddType text/vnd.rim.location.xloc xloc | ||
| AddType text/vtt vtt | ||
| AddType text/x-component htc | ||
| </IfModule> | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Character encodings | | ||
| # ---------------------------------------------------------------------- | ||
| AddDefaultCharset utf-8 | ||
|
|
||
| # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
|
|
||
| <IfModule mod_mime.c> | ||
| AddCharset utf-8 .atom \ | ||
| .bbaw \ | ||
| .css \ | ||
| .geojson \ | ||
| .js \ | ||
| .json \ | ||
| .jsonld \ | ||
| .manifest \ | ||
| .rdf \ | ||
| .rss \ | ||
| .topojson \ | ||
| .vtt \ | ||
| .webapp \ | ||
| .webmanifest \ | ||
| .xloc \ | ||
| .xml | ||
| </IfModule> | ||
|
|
||
|
|
||
| # ###################################################################### | ||
| # # REWRITES # | ||
| # ###################################################################### | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Rewrite engine | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_rewrite.c> | ||
| RewriteEngine On | ||
| RewriteEngine On | ||
| Options +FollowSymlinks | ||
|
|
||
| # - - - Use for 1and1 - - - | ||
| # RewriteBase / | ||
|
|
||
| RewriteCond %{REQUEST_FILENAME} !-f | ||
| RewriteCond %{REQUEST_FILENAME} !-d | ||
| RewriteRule ^(.*)$ index.php/$1 [L] | ||
| </IfModule> | ||
|
|
||
|
|
||
| # ###################################################################### | ||
| # # SECURITY # | ||
| # ###################################################################### | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Clickjacking | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_headers.c> | ||
| Header set X-Frame-Options "SAMEORIGIN" | ||
| </IfModule> | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Content Security Policy (CSP) | | ||
| # ---------------------------------------------------------------------- | ||
| # <IfModule mod_headers.c> | ||
| # Header set Content-Security-Policy "script-src 'self'; object-src 'self'" | ||
| # </IfModule> | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | File access | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_autoindex.c> | ||
| Options -Indexes | ||
| </IfModule> | ||
|
|
||
| # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
|
|
||
| <IfModule mod_rewrite.c> | ||
| RewriteEngine On | ||
| RewriteCond %{REQUEST_URI} "!(^|/)\.well-known/([^./]+./?)+$" [NC] | ||
| RewriteCond %{SCRIPT_FILENAME} -d [OR] | ||
| RewriteCond %{SCRIPT_FILENAME} -f | ||
| RewriteRule "(^|/)\." - [F] | ||
| </IfModule> | ||
|
|
||
| # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
|
|
||
| <FilesMatch "(^#.*#|\.(bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$"> | ||
| # Apache < 2.3 | ||
| <IfModule !mod_authz_core.c> | ||
| Order allow,deny | ||
| Deny from all | ||
| Satisfy All | ||
| </IfModule> | ||
|
|
||
| # Apache ≥ 2.3 | ||
| <IfModule mod_authz_core.c> | ||
| Require all denied | ||
| </IfModule> | ||
| </FilesMatch> | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Reducing MIME type security risks | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_headers.c> | ||
| Header set X-Content-Type-Options "nosniff" | ||
| </IfModule> | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Reflected Cross-Site Scripting (XSS) attacks | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_headers.c> | ||
| Header set X-XSS-Protection "1; mode=block" | ||
|
|
||
| <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$"> | ||
| Header unset X-XSS-Protection | ||
| </FilesMatch> | ||
| </IfModule> | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Server-side technology information | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_headers.c> | ||
| Header unset X-Powered-By | ||
| </IfModule> | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Server software information | | ||
| # ---------------------------------------------------------------------- | ||
| ServerSignature Off | ||
|
|
||
|
|
||
| # ###################################################################### | ||
| # # WEB PERFORMANCE # | ||
| # ###################################################################### | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Compression | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_deflate.c> | ||
| <IfModule mod_setenvif.c> | ||
| <IfModule mod_headers.c> | ||
| SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding | ||
| RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding | ||
| </IfModule> | ||
| </IfModule> | ||
| <IfModule mod_headers.c> | ||
| <FilesMatch ".(js|css|xml|gz)$"> | ||
| Header append Vary: Accept-Encoding | ||
| </FilesMatch> | ||
| </IfModule> | ||
|
|
||
| # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
|
|
||
| <IfModule mod_filter.c> | ||
| AddOutputFilterByType DEFLATE "application/atom+xml" \ | ||
| "application/javascript" \ | ||
| "application/json" \ | ||
| "application/ld+json" \ | ||
| "application/manifest+json" \ | ||
| "application/rdf+xml" \ | ||
| "application/rss+xml" \ | ||
| "application/schema+json" \ | ||
| "application/vnd.geo+json" \ | ||
| "application/vnd.ms-fontobject" \ | ||
| "application/x-font-ttf" \ | ||
| "application/x-javascript" \ | ||
| "application/x-web-app-manifest+json" \ | ||
| "application/xhtml+xml" \ | ||
| "application/xml" \ | ||
| "font/eot" \ | ||
| "font/opentype" \ | ||
| "image/bmp" \ | ||
| "image/svg+xml" \ | ||
| "image/vnd.microsoft.icon" \ | ||
| "image/x-icon" \ | ||
| "text/cache-manifest" \ | ||
| "text/css" \ | ||
| "text/html" \ | ||
| "text/javascript" \ | ||
| "text/plain" \ | ||
| "text/vcard" \ | ||
| "text/vnd.rim.location.xloc" \ | ||
| "text/vtt" \ | ||
| "text/x-component" \ | ||
| "text/x-cross-domain-policy" \ | ||
| "text/xml" | ||
|
|
||
| </IfModule> | ||
|
|
||
| # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
|
|
||
| <IfModule mod_mime.c> | ||
| AddEncoding gzip svgz | ||
| </IfModule> | ||
| </IfModule> | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | ETags | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_headers.c> | ||
| Header unset ETag | ||
| </IfModule> | ||
|
|
||
| FileETag None | ||
|
|
||
| # ---------------------------------------------------------------------- | ||
| # | Expires headers | | ||
| # ---------------------------------------------------------------------- | ||
| <IfModule mod_expires.c> | ||
| ExpiresActive on | ||
| ExpiresDefault "access plus 1 month" | ||
|
|
||
| # CSS | ||
| ExpiresByType text/css "access plus 1 year" | ||
|
|
||
| # Data interchange | ||
| ExpiresByType application/atom+xml "access plus 1 hour" | ||
| ExpiresByType application/rdf+xml "access plus 1 hour" | ||
| ExpiresByType application/rss+xml "access plus 1 hour" | ||
| ExpiresByType application/json "access plus 0 seconds" | ||
| ExpiresByType application/ld+json "access plus 0 seconds" | ||
| ExpiresByType application/schema+json "access plus 0 seconds" | ||
| ExpiresByType application/vnd.geo+json "access plus 0 seconds" | ||
| ExpiresByType application/xml "access plus 0 seconds" | ||
| ExpiresByType text/xml "access plus 0 seconds" | ||
|
|
||
| # Favicon (cannot be renamed!) and cursor images | ||
| ExpiresByType image/vnd.microsoft.icon "access plus 1 week" | ||
| ExpiresByType image/x-icon "access plus 1 week" | ||
|
|
||
| # HTML | ||
| ExpiresByType text/html "access plus 0 seconds" | ||
|
|
||
| # JavaScript | ||
| ExpiresByType application/javascript "access plus 1 year" | ||
| ExpiresByType application/x-javascript "access plus 1 year" | ||
| ExpiresByType text/javascript "access plus 1 year" | ||
|
|
||
| # Manifest files | ||
| ExpiresByType application/manifest+json "access plus 1 week" | ||
| ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" | ||
| ExpiresByType text/cache-manifest "access plus 0 seconds" | ||
|
|
||
| # Media files | ||
| ExpiresByType audio/ogg "access plus 1 month" | ||
| ExpiresByType image/bmp "access plus 1 month" | ||
| ExpiresByType image/gif "access plus 1 month" | ||
| ExpiresByType image/jpeg "access plus 1 month" | ||
| ExpiresByType image/png "access plus 1 month" | ||
| ExpiresByType image/svg+xml "access plus 1 month" | ||
| ExpiresByType image/webp "access plus 1 month" | ||
| ExpiresByType video/mp4 "access plus 1 month" | ||
| ExpiresByType video/ogg "access plus 1 month" | ||
| ExpiresByType video/webm "access plus 1 month" | ||
|
|
||
| # Web fonts | ||
| # Embedded OpenType (EOT) | ||
| ExpiresByType application/vnd.ms-fontobject "access plus 1 month" | ||
| ExpiresByType font/eot "access plus 1 month" | ||
| # OpenType | ||
| ExpiresByType font/opentype "access plus 1 month" | ||
| # TrueType | ||
| ExpiresByType application/x-font-ttf "access plus 1 month" | ||
| # Web Open Font Format (WOFF) 1.0 | ||
| ExpiresByType application/font-woff "access plus 1 month" | ||
| ExpiresByType application/x-font-woff "access plus 1 month" | ||
| ExpiresByType font/woff "access plus 1 month" | ||
| # Web Open Font Format (WOFF) 2.0 | ||
| ExpiresByType application/font-woff2 "access plus 1 month" | ||
|
|
||
| # Other | ||
| ExpiresByType text/x-cross-domain-policy "access plus 1 week" | ||
| </IfModule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.