HTML5 Boilerplate .htaccess


/ Published in: Other
Save to your folder(s)



Copy this code and paste it in your HTML
  1. # Apache configuration file
  2. # httpd.apache.org/docs/2.2/mod/quickreference.html
  3.  
  4. # Note .htaccess files are an overhead, this logic should be in your Apache config if possible
  5. # httpd.apache.org/docs/2.2/howto/htaccess.html
  6.  
  7. # Techniques in here adapted from all over, including:
  8. # Kroc Camen: camendesign.com/.htaccess
  9. # perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
  10. # Sample .htaccess file of CMS MODx: modxcms.com
  11.  
  12.  
  13. ###
  14. ### If you run a webserver other than apache, consider:
  15. ### github.com/paulirish/html5-boilerplate-server-configs
  16. ###
  17.  
  18.  
  19.  
  20. # ----------------------------------------------------------------------
  21. # Better website experience for IE users
  22. # ----------------------------------------------------------------------
  23.  
  24. # Force the latest IE version, in various cases when it may fall back to IE7 mode
  25. # github.com/rails/rails/commit/123eb25#commitcomment-118920
  26. # Use ChromeFrame if it's installed for a better experience for the poor IE folk
  27.  
  28. <IfModule mod_setenvif.c>
  29. <IfModule mod_headers.c>
  30. BrowserMatch MSIE ie
  31. Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
  32. </IfModule>
  33. </IfModule>
  34.  
  35. <IfModule mod_headers.c>
  36. # Because X-UA-Compatible isn't sent to non-IE (to save header bytes),
  37. # We need to inform proxies that content changes based on UA
  38. Header append Vary User-Agent
  39. # Cache control is set only if mod_headers is enabled, so that's unncessary to declare
  40. </IfModule>
  41.  
  42.  
  43. # ----------------------------------------------------------------------
  44. # Cross-domain AJAX requests
  45. # ----------------------------------------------------------------------
  46.  
  47. # Serve cross-domain ajax requests, disabled.
  48. # enable-cors.org
  49. # code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
  50.  
  51. # <IfModule mod_headers.c>
  52. # Header set Access-Control-Allow-Origin "*"
  53. # </IfModule>
  54.  
  55.  
  56.  
  57. # ----------------------------------------------------------------------
  58. # Webfont access
  59. # ----------------------------------------------------------------------
  60.  
  61. # allow access from all domains for webfonts
  62. # alternatively you could only whitelist
  63. # your subdomains like "sub.domain.com"
  64.  
  65. <FilesMatch "\.(ttf|otf|eot|woff|font.css)$">
  66. <IfModule mod_headers.c>
  67. Header set Access-Control-Allow-Origin "*"
  68. </IfModule>
  69. </FilesMatch>
  70.  
  71.  
  72.  
  73. # ----------------------------------------------------------------------
  74. # Proper MIME type for all files
  75. # ----------------------------------------------------------------------
  76.  
  77. # audio
  78. AddType audio/ogg oga ogg
  79.  
  80. # video
  81. AddType video/ogg ogv
  82. AddType video/mp4 mp4
  83. AddType video/webm webm
  84.  
  85. # Proper svg serving. Required for svg webfonts on iPad
  86. # twitter.com/FontSquirrel/status/14855840545
  87. AddType image/svg+xml svg svgz
  88. AddEncoding gzip svgz
  89.  
  90. # webfonts
  91. AddType application/vnd.ms-fontobject eot
  92. AddType font/truetype ttf
  93. AddType font/opentype otf
  94. AddType application/x-font-woff woff
  95.  
  96. # assorted types
  97. AddType image/x-icon ico
  98. AddType image/webp webp
  99. AddType text/cache-manifest appcache manifest
  100. AddType text/x-component htc
  101. AddType application/x-chrome-extension crx
  102. AddType application/x-xpinstall xpi
  103. AddType application/octet-stream safariextz
  104.  
  105.  
  106.  
  107. # ----------------------------------------------------------------------
  108. # Allow concatenation from within specific js and css files
  109. # ----------------------------------------------------------------------
  110.  
  111. # e.g. Inside of script.combined.js you could have
  112. # <!--#include file="libs/jquery-1.5.0.min.js" -->
  113. # <!--#include file="plugins/jquery.idletimer.js" -->
  114. # and they would be included into this single file
  115.  
  116. # this is not in use in the boilerplate as it stands. you may
  117. # choose to name your files in this way for this advantage
  118. # or concatenate and minify them manually.
  119. # Disabled by default.
  120.  
  121. # <FilesMatch "\.combined\.(js|css)$">
  122. # Options +Includes
  123. # SetOutputFilter INCLUDES
  124. # </FilesMatch>
  125.  
  126.  
  127.  
  128. # ----------------------------------------------------------------------
  129. # gzip compression
  130. # ----------------------------------------------------------------------
  131.  
  132. <IfModule mod_deflate.c>
  133.  
  134.  
  135. # force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
  136. <IfModule mod_setenvif.c>
  137. <IfModule mod_headers.c>
  138. SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s,?\s(gzip|deflate)?|X{4,13}|~{4,13}|-{4,13})$ HAVE_Accept-Encoding
  139. RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
  140. </IfModule>
  141. </IfModule>
  142. # html, txt, css, js, json, xml, htc:
  143. <IfModule filter_module>
  144. FilterDeclare COMPRESS
  145. FilterProvider COMPRESS DEFLATE resp=Content-Type /text/(html|css|javascript|plain|x(ml|-component))/
  146. FilterProvider COMPRESS DEFLATE resp=Content-Type /application/(javascript|json|xml|x-javascript)/
  147. FilterChain COMPRESS
  148. FilterProtocol COMPRESS change=yes;byteranges=no
  149. </IfModule>
  150.  
  151. <IfModule !mod_filter.c>
  152. # Legacy versions of Apache
  153. AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
  154. AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript
  155. AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
  156. </IfModule>
  157.  
  158. # webfonts and svg:
  159. <FilesMatch "\.(ttf|otf|eot|svg)$" >
  160. SetOutputFilter DEFLATE
  161. </FilesMatch>
  162. </IfModule>
  163.  
  164.  
  165.  
  166. # ----------------------------------------------------------------------
  167. # Expires headers (for better cache control)
  168. # ----------------------------------------------------------------------
  169.  
  170. # these are pretty far-future expires headers
  171. # they assume you control versioning with cachebusting query params like
  172. # <script src="application.js?20100608">
  173. # additionally, consider that outdated proxies may miscache
  174. # www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
  175.  
  176. # if you don't use filenames to version, lower the css and js to something like
  177. # "access plus 1 week" or so
  178.  
  179. <IfModule mod_expires.c>
  180. ExpiresActive on
  181.  
  182. # Perhaps better to whitelist expires rules? Perhaps.
  183. ExpiresDefault "access plus 1 month"
  184.  
  185. # cache.appcache needs re-requests in FF 3.6 (thx Remy ~Introducing HTML5)
  186. ExpiresByType text/cache-manifest "access plus 0 seconds"
  187.  
  188. # your document html
  189. ExpiresByType text/html "access plus 0 seconds"
  190.  
  191. # data
  192. ExpiresByType text/xml "access plus 0 seconds"
  193. ExpiresByType application/xml "access plus 0 seconds"
  194. ExpiresByType application/json "access plus 0 seconds"
  195.  
  196. # rss feed
  197. ExpiresByType application/rss+xml "access plus 1 hour"
  198.  
  199. # favicon (cannot be renamed)
  200. ExpiresByType image/x-icon "access plus 1 week"
  201.  
  202. # media: images, video, audio
  203. ExpiresByType image/gif "access plus 1 month"
  204. ExpiresByType image/png "access plus 1 month"
  205. ExpiresByType image/jpg "access plus 1 month"
  206. ExpiresByType image/jpeg "access plus 1 month"
  207. ExpiresByType video/ogg "access plus 1 month"
  208. ExpiresByType audio/ogg "access plus 1 month"
  209. ExpiresByType video/mp4 "access plus 1 month"
  210. ExpiresByType video/webm "access plus 1 month"
  211.  
  212. # htc files (css3pie)
  213. ExpiresByType text/x-component "access plus 1 month"
  214.  
  215. # webfonts
  216. ExpiresByType font/truetype "access plus 1 month"
  217. ExpiresByType font/opentype "access plus 1 month"
  218. ExpiresByType application/x-font-woff "access plus 1 month"
  219. ExpiresByType image/svg+xml "access plus 1 month"
  220. ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
  221.  
  222. # css and javascript
  223. ExpiresByType text/css "access plus 2 months"
  224. ExpiresByType application/javascript "access plus 2 months"
  225. ExpiresByType text/javascript "access plus 2 months"
  226.  
  227. <IfModule mod_headers.c>
  228. Header append Cache-Control "public"
  229. </IfModule>
  230.  
  231. </IfModule>
  232.  
  233.  
  234.  
  235. # ----------------------------------------------------------------------
  236. # ETag removal
  237. # ----------------------------------------------------------------------
  238.  
  239. # Since we're sending far-future expires, we don't need ETags for
  240. # static content.
  241. # developer.yahoo.com/performance/rules.html#etags
  242. FileETag None
  243.  
  244.  
  245.  
  246. # ----------------------------------------------------------------------
  247. # Stop screen flicker in IE on CSS rollovers
  248. # ----------------------------------------------------------------------
  249.  
  250. # The following directives stop screen flicker in IE on CSS rollovers - in
  251. # combination with the "ExpiresByType" rules for images (see above). If
  252. # needed, un-comment the following rules.
  253.  
  254. # BrowserMatch "MSIE" brokenvary=1
  255. # BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
  256. # BrowserMatch "Opera" !brokenvary
  257. # SetEnvIf brokenvary 1 force-no-vary
  258.  
  259.  
  260.  
  261. # ----------------------------------------------------------------------
  262. # Cookie setting from iframes
  263. # ----------------------------------------------------------------------
  264.  
  265. # Allow cookies to be set from iframes (for IE only)
  266. # If needed, uncomment and specify a path or regex in the Location directive
  267.  
  268. # <IfModule mod_headers.c>
  269. # <Location />
  270. # Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
  271. # </Location>
  272. # </IfModule>
  273.  
  274.  
  275.  
  276. # ----------------------------------------------------------------------
  277. # Start rewrite engine
  278. # ----------------------------------------------------------------------
  279.  
  280. # Turning on the rewrite engine is necessary for the following rules and features.
  281.  
  282. <IfModule mod_rewrite.c>
  283. RewriteEngine On
  284. </IfModule>
  285.  
  286.  
  287.  
  288. # ----------------------------------------------------------------------
  289. # Suppress or force the "www." at the beginning of URLs
  290. # ----------------------------------------------------------------------
  291.  
  292. # The same content should never be available under two different URLs - especially not with and
  293. # without "www." at the beginning, since this can cause SEO problems (duplicate content).
  294. # That's why you should choose one of the alternatives and redirect the other one.
  295.  
  296. # By default option 1 (no "www.") is activated. Remember: Shorter URLs are sexier.
  297. # no-www.org/faq.php?q=class_b
  298.  
  299. # If you rather want to use option 2, just comment out all option 1 lines
  300. # and uncomment option 2.
  301. # IMPORTANT: NEVER USE BOTH RULES AT THE SAME TIME!
  302.  
  303. # ----------------------------------------------------------------------
  304.  
  305. # Option 1:
  306. # Rewrite "www.domain.com -> domain.com"
  307.  
  308. <IfModule mod_rewrite.c>
  309. RewriteCond %{HTTPS} !=on
  310. RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  311. RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
  312. </IfModule>
  313.  
  314. # ----------------------------------------------------------------------
  315.  
  316. # Option 2:
  317. # To rewrite "domain.com -> www.domain.com" uncomment the following lines.
  318. # Be aware that the following rule might not be a good idea if you
  319. # use "real" subdomains for certain parts of your website.
  320.  
  321. # <IfModule mod_rewrite.c>
  322. # RewriteCond %{HTTPS} !=on
  323. # RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
  324. # RewriteCond %{HTTP_HOST} (.+)$ [NC]
  325. # RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]
  326. # </IfModule>
  327.  
  328.  
  329.  
  330. # ----------------------------------------------------------------------
  331. # Add/remove trailing slash to (non-file) URLs
  332. # ----------------------------------------------------------------------
  333.  
  334. # Google treats URLs with and without trailing slashes separately.
  335. # Forcing a trailing slash is usually preferred, but all that's really
  336. # important is that one correctly redirects to the other.
  337.  
  338. # By default option 1 (force trailing slash) is activated.
  339. # http://googlewebmastercentral.blogspot.com/2010/04/to-slash-or-not-to-slash.html
  340. # http://www.alistapart.com/articles/slashforward/
  341. # http://httpd.apache.org/docs/2.0/misc/rewriteguide.html#url Trailing Slash Problem
  342.  
  343. # ----------------------------------------------------------------------
  344.  
  345. # Option 1:
  346. # Rewrite "domain.com/foo -> domain.com/foo/"
  347.  
  348. <IfModule mod_rewrite.c>
  349. RewriteCond %{REQUEST_FILENAME} !-f
  350. RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/|#(.*))$
  351. RewriteRule ^(.*)$ /$1/ [R=301,L]
  352. </IfModule>
  353.  
  354. # ----------------------------------------------------------------------
  355.  
  356. # Option 2:
  357. # Rewrite "domain.com/foo/ -> domain.com/foo"
  358.  
  359. #<IfModule mod_rewrite.c>
  360. # RewriteRule ^(.*)/$ /$1 [R=301,L]
  361. #</IfModule>
  362.  
  363.  
  364.  
  365. # ----------------------------------------------------------------------
  366. # Built-in filename-based cache busting
  367. # ----------------------------------------------------------------------
  368.  
  369. # If you're not using the build script to manage your filename version revving,
  370. # you might want to consider enabling this, which will route requests for
  371. # /css/all.20110203.css to /res/all.css
  372.  
  373. # To understand why this is important and a better idea than all.css?v1231,
  374. # read: github.com/paulirish/html5-boilerplate/wiki/Version-Control-with-Cachebusting
  375.  
  376. # Uncomment to enable.
  377. # <IfModule mod_rewrite.c>
  378. # RewriteCond %{REQUEST_FILENAME} !-f
  379. # RewriteCond %{REQUEST_FILENAME} !-d
  380. # RewriteRule ^(.+)\.(\d+)\.(js|css|png|jpg|gif)$ $1.$3 [L]
  381. # </IfModule>
  382.  
  383.  
  384.  
  385. # ----------------------------------------------------------------------
  386. # Prevent SSL cert warnings
  387. # ----------------------------------------------------------------------
  388.  
  389. # Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent
  390. # https://www.domain.com when your cert only allows https://secure.domain.com
  391. # Uncomment the following lines to use this feature.
  392.  
  393. # <IfModule mod_rewrite.c>
  394. # RewriteCond %{SERVER_PORT} !^443
  395. # RewriteRule (.*) https://example-domain-please-change-me.com/$1 [R=301,L]
  396. # </IfModule>
  397.  
  398.  
  399.  
  400. # ----------------------------------------------------------------------
  401. # Prevent 404 errors for non-existing redirected folders
  402. # ----------------------------------------------------------------------
  403.  
  404. # without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist
  405. # e.g. /blog/hello : webmasterworld.com/apache/3808792.htm
  406.  
  407. Options -MultiViews
  408.  
  409.  
  410.  
  411. # ----------------------------------------------------------------------
  412. # custom 404 page
  413. # ----------------------------------------------------------------------
  414.  
  415. # You can add custom pages to handle 500 or 403 pretty easily, if you like.
  416. ErrorDocument 404 /404.html
  417.  
  418.  
  419.  
  420. # ----------------------------------------------------------------------
  421. # UTF-8 encoding
  422. # ----------------------------------------------------------------------
  423.  
  424. # use utf-8 encoding for anything served text/plain or text/html
  425. AddDefaultCharset utf-8
  426.  
  427. # force utf-8 for a number of file formats
  428. AddCharset utf-8 .html .css .js .xml .json .rss
  429.  
  430.  
  431.  
  432. # ----------------------------------------------------------------------
  433. # A little more security
  434. # ----------------------------------------------------------------------
  435.  
  436.  
  437. # Do we want to advertise the exact version number of Apache we're running?
  438. # Probably not.
  439. ## This can only be enabled if used in httpd.conf - It will not work in .htaccess
  440. # ServerTokens Prod
  441.  
  442.  
  443. # "-Indexes" will have Apache block users from browsing folders without a default document
  444. # Usually you should leave this activated, because you shouldn't allow everybody to surf through
  445. # every folder on your server (which includes rather private places like CMS system folders).
  446. # Options -Indexes
  447.  
  448.  
  449. # Block access to "hidden" directories whose names begin with a period. This
  450. # includes directories used by version control systems such as Subversion or Git.
  451. <IfModule mod_rewrite.c>
  452. RewriteRule "(^|/)\." - [F]
  453. </IfModule>
  454.  
  455.  
  456. # If your server is not already configured as such, the following directive
  457. # should be uncommented in order to set PHP's register_globals option to OFF.
  458. # This closes a major security hole that is abused by most XSS (cross-site
  459. # scripting) attacks. For more information: http://php.net/register_globals
  460. #
  461. # IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :
  462. #
  463. # Your server does not allow PHP directives to be set via .htaccess. In that
  464. # case you must make this change in your php.ini file instead. If you are
  465. # using a commercial web host, contact the administrators for assistance in
  466. # doing this. Not all servers allow local php.ini files, and they should
  467. # include all PHP configurations (not just this one), or you will effectively
  468. # reset everything to PHP defaults. Consult www.php.net for more detailed
  469. # information about setting PHP directives.
  470.  
  471. # php_flag register_globals Off
  472.  
  473.  
  474.  
  475.  
  476.  

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.