Rabu, 24 April 2013
in WHM: Service Configuration >> Apache Configuration >> Include Editor
Under Post virtualhost includes (select your Apache version) is a good place for adding htaccess stuff too.
###----------------------------------------------------###
###-> BEGIN WHM POST-VIRTUAL INCLUDES <-###
###----------------------------------------------------###
# ---
# Help IE users for better experience
# ---
## Use ChromeFrame
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
BrowserMatch MSIE ie
Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
</IfModule>
</IfModule>
## Set proxy notify for changes, choose from 2 flavors!
<IfModule mod_headers.c>
#Header append Vary User-Agent
Header append Vary User-Agent env=!dont-vary
</IfModule>
# ---
# Cross-domain AJAX requests
# ---
## Serve cross-domain ajax requests, disabled
#<IfModule mod_headers.c>
# Header set Access-Control-Allow-Origin "*"
#</IfModule>
# ---
# Webfont access
# ---
## Allow access from all domains for webfonts
## Or only whitelist a domain(s) "*.domain.com"
<FilesMatch "\.(ttf|otf|eot|woff|font.css)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
# ---
# Proper MIME type for all files (default) ok to leave?
# ---
## audio
AddType audio/ogg oga ogg
## video
AddType video/ogg ogv
AddType video/mp4 mp4
AddType video/webm webm
## Proper svg serving. Required for svg webfonts on iPad
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
## webfonts
AddType application/vnd.ms-fontobject eot
AddType font/truetype ttf
AddType font/opentype otf
AddType application/x-font-woff woff
## Assorted types
AddType image/x-icon ico
AddType image/webp webp
AddType text/cache-manifest appcache manifest
AddType text/x-component htc
AddType application/x-chrome-extension crx
AddType application/x-xpinstall xpi
AddType application/octet-stream safariextz
# ---
# Allow concatenation from within specific js and css files (combo)
# ---
## Ex: Inside of script.combined.js you could have
## <!--#include file="libs/jquery-1.5.0.min.js" -->
## <!--#include file="plugins/jquery.idletimer.js" -->
## and they would be included into this single file
# <FilesMatch "\.combined\.(js|css)$">
# Options +Includes
# SetOutputFilter INCLUDES
# </FilesMatch>
# ---
# Mod Deflate gzip compression
# ---
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
DeflateCompressionLevel 9
<IfModule mod_setenvif.c>
## Netscape 4.x has some problems…
BrowserMatch ^Mozilla/4 gzip-only-text/html
## Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
## MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
## NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
## the above regex won’t work. You can use the following
## workaround to get the desired effect:
#BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
## Don’t compress already-compressed files
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .(?:avi|mov|mp3|mp4|rm|flv|swf|mp?g)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .pdf$ no-gzip dont-vary
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s,?\s(gzip|deflate)?|X{4,13}|~{4,13}|-{4,13})$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
## End SetEnvIf
</IfModule>
## html, txt, css, js, json, xml, htc:
<IfModule filter_module>
FilterDeclare COMPRESS
FilterProvider COMPRESS DEFLATE resp=Content-Type /text/(html|css|javascript|plain|x(ml|-component))/
FilterProvider COMPRESS DEFLATE resp=Content-Type /application/(javascript|json|xml|x-javascript)/
FilterChain COMPRESS
FilterProtocol COMPRESS change=yes;byteranges=no
</IfModule>
## Legacy versions of Apache
<IfModule !mod_filter.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript
AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
</IfModule>
## webfonts and svg graphics
<FilesMatch "\.(ttf|otf|eot|svg)$" >
SetOutputFilter DEFLATE
</FilesMatch>
## End Mod Deflate
</IfModule>
# ---
# Expires headers, better browser cache control
# ---
<IfModule mod_expires.c>
ExpiresActive on
## Default file expires
ExpiresDefault "access plus 1 month"
## cache.appcache needs re-requests in FF 3.6
ExpiresByType text/cache-manifest "access plus 0 seconds"
## your document html
ExpiresByType text/html "access plus 0 seconds"
## data
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"
## rss feed
ExpiresByType application/rss+xml "access plus 1 hour"
## favicon (cannot be renamed)
ExpiresByType image/x-icon "access plus 1 week"
## media: images, video, audio
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
## htc files (css3pie)
ExpiresByType text/x-component "access plus 1 month"
## webfonts
ExpiresByType font/truetype "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
## css and javascript
ExpiresByType text/css "access plus 1 week"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
<IfModule mod_headers.c>
Header append Cache-Control "public"
</IfModule>
</IfModule>
# ---
# ETag removal (default)
# ---
## Active by Default
## Since using far-future expires, no need ETags for static content
#FileETag None
# ---
# Stop screen flicker in IE on CSS rollovers
# ---
## The following directives stop screen flicker in IE on CSS rollovers
## in combination with the "ExpiresByType" rules for images, see above
BrowserMatch "MSIE" brokenvary=1
BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
BrowserMatch "Opera" !brokenvary
SetEnvIf brokenvary 1 force-no-vary
# ---
# Cookie setting from iframes
# ---
## Allow cookies to be set from iframes (for IE only)
## If needed, uncomment and specify a path or regex in the Location directive
<IfModule mod_headers.c>
<Location />
Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
</Location>
</IfModule>
# ---
# Start rewrite engine (default)
# ---
## Active by Default
## Make sure rewrite engine is on, needed for the following rules
#<IfModule mod_rewrite.c>
# RewriteEngine On
#</IfModule>
# ---
# Suppress or force the "www." at the beginning of URLs
# ---
## The same content should never be available under two different URLs
## Remember: Shorter URLs are sexier, rewrite "www.domain.com -> domain.com"
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
</IfModule>
# ---
# Add/remove trailing slash to (non-file) URLs
# ---
## Google treats URLs with and without trailing slashes separately
## Forcing a trailing slash is usually preferred
## Rewrite "domain.com/foo -> domain.com/foo/"
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/|#(.*))$
RewriteRule ^(.*)$ /$1/ [R=301,L]
</IfModule>
# ---
# Built-in filename-based cache busting
# ---
## Enable filename version revving, ex: /css/style.20110203.css to /css/style.css
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)\.(\d+)\.(js|css|png|jpg|gif)$ $1.$3 [L]
</IfModule>
# ---
# Prevent SSL cert warnings
# ---
## Rewrite secure requests properly to prevent browser SSL cert warnings
<IfModule mod_rewrite.c>
RewriteCond %{SERVER_PORT} !^443
RewriteRule (.*) https://example-domain-please-change-me.com/$1 [R=301,L]
</IfModule>
# ---
# Prevent 404 errors for non-existing redirected folders (default)
# ---
## Active by Default
#Options -MultiViews
# ---
# Custom 404 page (default)
# ---
## Active by Default
## You can add custom pages to handle 500 or 403
#ErrorDocument 404 /404.html
# ---
# UTF-8 encoding
# ---
## Use utf-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8
## Force utf-8 for a number of file formats
AddCharset utf-8 .html .css .js .xml .json .rss
# ---
# More Security
# ---
## Active by Default
#ServerTokens Prod
## "-Indexes" will have Apache block users from browsing folders without a default document
# Active by Default
#Options -Indexes
## Block access to "hidden" directories that begin with a period, ie Subversion or Git
<IfModule mod_rewrite.c>
RewriteRule "(^|/)\." - [F]
</IfModule>
###-------------------------------------------------###
###-> END WHM POST-VIRTUAL INCLUDES <-###
###-------------------------------------------------###
Rating: 4.5
Reviewer: Unknown
ItemReviewed: Tweaking WHM Server for Security
