Posted By

zachharkey on 03/14/11


Tagged


Versions (?)

Who likes this?

4 people have marked this snippet as a favorite

AllKnightAccess
sethmbruce
CKOink
mitry


HTML5 Boilerplate .htaccess


 / Published in: Other
 

  1. # Apache configuration file
  2. # httpd.apache.org/docs/2.2/mod/quickreference.html
  3.  
  4. # Note .htaccess files are an overhead, this logic should be in your Apache config if possible
  5. # httpd.apache.org/docs/2.2/howto/htaccess.html
  6.  
  7. # Techniques in here adapted from all over, including:
  8. # Kroc Camen: camendesign.com/.htaccess
  9. # perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
  10. # Sample .htaccess file of CMS MODx: modxcms.com
  11.  
  12.  
  13. ###
  14. ### If you run a webserver other than apache, consider:
  15. ### github.com/paulirish/html5-boilerplate-server-configs
  16. ###
  17.  
  18.  
  19.  
  20. # ----------------------------------------------------------------------
  21. # Better website experience for IE users
  22. # ----------------------------------------------------------------------
  23.  
  24. # Force the latest IE version, in various cases when it may fall back to IE7 mode
  25. # github.com/rails/rails/commit/123eb25#commitcomment-118920
  26. # Use ChromeFrame if it's installed for a better experience for the poor IE folk
  27.  
  28. <IfModule mod_setenvif.c>
  29. <IfModule mod_headers.c>
  30. BrowserMatch MSIE ie
  31. Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
  32. </IfModule>
  33. </IfModule>
  34.  
  35. <IfModule mod_headers.c>
  36. # Because X-UA-Compatible isn't sent to non-IE (to save header bytes),
  37. # We need to inform proxies that content changes based on UA
  38. Header append Vary User-Agent
  39. # Cache control is set only if mod_headers is enabled, so that's unncessary to declare
  40. </IfModule>
  41.  
  42.  
  43. # ----------------------------------------------------------------------
  44. # Cross-domain AJAX requests
  45. # ----------------------------------------------------------------------
  46.  
  47. # Serve cross-domain ajax requests, disabled.
  48. # enable-cors.org
  49. # code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
  50.  
  51. # <IfModule mod_headers.c>
  52. # Header set Access-Control-Allow-Origin "*"
  53. # </IfModule>
  54.  
  55.  
  56.  
  57. # ----------------------------------------------------------------------
  58. # Webfont access
  59. # ----------------------------------------------------------------------
  60.  
  61. # allow access from all domains for webfonts
  62. # alternatively you could only whitelist
  63. # your subdomains like "sub.domain.com"
  64.  
  65. <FilesMatch "\.(ttf|otf|eot|woff|font.css)$">
  66. <IfModule mod_headers.c>
  67. Header set Access-Control-Allow-Origin "*"
  68. </IfModule>
  69. </FilesMatch>
  70.  
  71.  
  72.  
  73. # ----------------------------------------------------------------------
  74. # Proper MIME type for all files
  75. # ----------------------------------------------------------------------
  76.  
  77. # audio
  78. AddType audio/ogg oga ogg
  79.  
  80. # video
  81. AddType video/ogg ogv
  82. AddType video/mp4 mp4
  83. AddType video/webm webm
  84.  
  85. # Proper svg serving. Required for svg webfonts on iPad
  86. # twitter.com/FontSquirrel/status/14855840545
  87. AddType image/svg+xml svg svgz
  88. AddEncoding gzip svgz
  89.  
  90. # webfonts
  91. AddType application/vnd.ms-fontobject eot
  92. AddType font/truetype ttf
  93. AddType font/opentype otf
  94. AddType application/x-font-woff woff
  95.  
  96. # assorted types
  97. AddType image/x-icon ico
  98. AddType image/webp webp
  99. AddType text/cache-manifest appcache manifest
  100. AddType text/x-component htc
  101. AddType application/x-chrome-extension crx
  102. AddType application/x-xpinstall xpi
  103. AddType application/octet-stream safariextz
  104.  
  105.  
  106.  
  107. # ----------------------------------------------------------------------
  108. # Allow concatenation from within specific js and css files
  109. # ----------------------------------------------------------------------
  110.  
  111. # e.g. Inside of script.combined.js you could have
  112. # <!--#include file="libs/jquery-1.5.0.min.js" -->
  113. # <!--#include file="plugins/jquery.idletimer.js" -->
  114. # and they would be included into this single file
  115.  
  116. # this is not in use in the boilerplate as it stands. you may
  117. # choose to name your files in this way for this advantage
  118. # or concatenate and minify them manually.
  119. # Disabled by default.
  120.  
  121. # <FilesMatch "\.combined\.(js|css)$">
  122. # Options +Includes
  123. # SetOutputFilter INCLUDES
  124. # </FilesMatch>
  125.  
  126.  
  127.  
  128. # ----------------------------------------------------------------------
  129. # gzip compression
  130. # ----------------------------------------------------------------------
  131.  
  132. <IfModule mod_deflate.c>
  133.  
  134.  
  135. # force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
  136. <IfModule mod_setenvif.c>
  137. <IfModule mod_headers.c>
  138. SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s,?\s(gzip|deflate)?|X{4,13}|~{4,13}|-{4,13})$ HAVE_Accept-Encoding
  139. RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
  140. </IfModule>
  141. </IfModule>
  142. # html, txt, css, js, json, xml, htc:
  143. <IfModule filter_module>
  144. FilterDeclare COMPRESS
  145. FilterProvider COMPRESS DEFLATE resp=Content-Type /text/(html|css|javascript|plain|x(ml|-component))/
  146. FilterProvider COMPRESS DEFLATE resp=Content-Type /application/(javascript|json|xml|x-javascript)/
  147. FilterChain COMPRESS
  148. FilterProtocol COMPRESS change=yes;byteranges=no
  149. </IfModule>
  150.  
  151. <IfModule !mod_filter.c>
  152. # Legacy versions of Apache
  153. AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
  154. AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript
  155. AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
  156. </IfModule>
  157.  
  158. # webfonts and svg:
  159. <FilesMatch "\.(ttf|otf|eot|svg)$" >
  160. SetOutputFilter DEFLATE
  161. </FilesMatch>
  162. </IfModule>
  163.  
  164.  
  165.  
  166. # ----------------------------------------------------------------------
  167. # Expires headers (for better cache control)
  168. # ----------------------------------------------------------------------
  169.  
  170. # these are pretty far-future expires headers
  171. # they assume you control versioning with cachebusting query params like
  172. # <script src="application.js?20100608">
  173. # additionally, consider that outdated proxies may miscache
  174. # www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
  175.  
  176. # if you don't use filenames to version, lower the css and js to something like
  177. # "access plus 1 week" or so
  178.  
  179. <IfModule mod_expires.c>
  180. ExpiresActive on
  181.  
  182. # Perhaps better to whitelist expires rules? Perhaps.
  183. ExpiresDefault "access plus 1 month"
  184.  
  185. # cache.appcache needs re-requests in FF 3.6 (thx Remy ~Introducing HTML5)
  186. ExpiresByType text/cache-manifest "access plus 0 seconds"
  187.  
  188. # your document html
  189. ExpiresByType text/html "access plus 0 seconds"
  190.  
  191. # data
  192. ExpiresByType text/xml "access plus 0 seconds"
  193. ExpiresByType application/xml "access plus 0 seconds"
  194. ExpiresByType application/json "access plus 0 seconds"
  195.  
  196. # rss feed
  197. ExpiresByType application/rss+xml "access plus 1 hour"
  198.  
  199. # favicon (cannot be renamed)
  200. ExpiresByType image/x-icon "access plus 1 week"
  201.  
  202. # media: images, video, audio
  203. ExpiresByType image/gif "access plus 1 month"
  204. ExpiresByType image/png "access plus 1 month"
  205. ExpiresByType image/jpg "access plus 1 month"
  206. ExpiresByType image/jpeg "access plus 1 month"
  207. ExpiresByType video/ogg "access plus 1 month"
  208. ExpiresByType audio/ogg "access plus 1 month"
  209. ExpiresByType video/mp4 "access plus 1 month"
  210. ExpiresByType video/webm "access plus 1 month"
  211.  
  212. # htc files (css3pie)
  213. ExpiresByType text/x-component "access plus 1 month"
  214.  
  215. # webfonts
  216. ExpiresByType font/truetype "access plus 1 month"
  217. ExpiresByType font/opentype "access plus 1 month"
  218. ExpiresByType application/x-font-woff "access plus 1 month"
  219. ExpiresByType image/svg+xml "access plus 1 month"
  220. ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
  221.  
  222. # css and javascript
  223. ExpiresByType text/css "access plus 2 months"
  224. ExpiresByType application/javascript "access plus 2 months"
  225. ExpiresByType text/javascript "access plus 2 months"
  226.  
  227. <IfModule mod_headers.c>
  228. Header append Cache-Control "public"
  229. </IfModule>
  230.  
  231. </IfModule>
  232.  
  233.  
  234.  
  235. # ----------------------------------------------------------------------
  236. # ETag removal
  237. # ----------------------------------------------------------------------
  238.  
  239. # Since we're sending far-future expires, we don't need ETags for
  240. # static content.
  241. # developer.yahoo.com/performance/rules.html#etags
  242. FileETag None
  243.  
  244.  
  245.  
  246. # ----------------------------------------------------------------------
  247. # Stop screen flicker in IE on CSS rollovers
  248. # ----------------------------------------------------------------------
  249.  
  250. # The following directives stop screen flicker in IE on CSS rollovers - in
  251. # combination with the "ExpiresByType" rules for images (see above). If
  252. # needed, un-comment the following rules.
  253.  
  254. # BrowserMatch "MSIE" brokenvary=1
  255. # BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
  256. # BrowserMatch "Opera" !brokenvary
  257. # SetEnvIf brokenvary 1 force-no-vary
  258.  
  259.  
  260.  
  261. # ----------------------------------------------------------------------
  262. # Cookie setting from iframes
  263. # ----------------------------------------------------------------------
  264.  
  265. # Allow cookies to be set from iframes (for IE only)
  266. # If needed, uncomment and specify a path or regex in the Location directive
  267.  
  268. # <IfModule mod_headers.c>
  269. # <Location />
  270. # Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
  271. # </Location>
  272. # </IfModule>
  273.  
  274.  
  275.  
  276. # ----------------------------------------------------------------------
  277. # Start rewrite engine
  278. # ----------------------------------------------------------------------
  279.  
  280. # Turning on the rewrite engine is necessary for the following rules and features.
  281.  
  282. <IfModule mod_rewrite.c>
  283. RewriteEngine On
  284. </IfModule>
  285.  
  286.  
  287.  
  288. # ----------------------------------------------------------------------
  289. # Suppress or force the "www." at the beginning of URLs
  290. # ----------------------------------------------------------------------
  291.  
  292. # The same content should never be available under two different URLs - especially not with and
  293. # without "www." at the beginning, since this can cause SEO problems (duplicate content).
  294. # That's why you should choose one of the alternatives and redirect the other one.
  295.  
  296. # By default option 1 (no "www.") is activated. Remember: Shorter URLs are sexier.
  297. # no-www.org/faq.php?q=class_b
  298.  
  299. # If you rather want to use option 2, just comment out all option 1 lines
  300. # and uncomment option 2.
  301. # IMPORTANT: NEVER USE BOTH RULES AT THE SAME TIME!
  302.  
  303. # ----------------------------------------------------------------------
  304.  
  305. # Option 1:
  306. # Rewrite "www.domain.com -> domain.com"
  307.  
  308. <IfModule mod_rewrite.c>
  309. RewriteCond %{HTTPS} !=on
  310. RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  311. RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
  312. </IfModule>
  313.  
  314. # ----------------------------------------------------------------------
  315.  
  316. # Option 2:
  317. # To rewrite "domain.com -> www.domain.com" uncomment the following lines.
  318. # Be aware that the following rule might not be a good idea if you
  319. # use "real" subdomains for certain parts of your website.
  320.  
  321. # <IfModule mod_rewrite.c>
  322. # RewriteCond %{HTTPS} !=on
  323. # RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
  324. # RewriteCond %{HTTP_HOST} (.+)$ [NC]
  325. # RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]
  326. # </IfModule>
  327.  
  328.  
  329.  
  330. # ----------------------------------------------------------------------
  331. # Add/remove trailing slash to (non-file) URLs
  332. # ----------------------------------------------------------------------
  333.  
  334. # Google treats URLs with and without trailing slashes separately.
  335. # Forcing a trailing slash is usually preferred, but all that's really
  336. # important is that one correctly redirects to the other.
  337.  
  338. # By default option 1 (force trailing slash) is activated.
  339. # http://googlewebmastercentral.blogspot.com/2010/04/to-slash-or-not-to-slash.html
  340. # http://www.alistapart.com/articles/slashforward/
  341. # http://httpd.apache.org/docs/2.0/misc/rewriteguide.html#url Trailing Slash Problem
  342.  
  343. # ----------------------------------------------------------------------
  344.  
  345. # Option 1:
  346. # Rewrite "domain.com/foo -> domain.com/foo/"
  347.  
  348. <IfModule mod_rewrite.c>
  349. RewriteCond %{REQUEST_FILENAME} !-f
  350. RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/|#(.*))$
  351. RewriteRule ^(.*)$ /$1/ [R=301,L]
  352. </IfModule>
  353.  
  354. # ----------------------------------------------------------------------
  355.  
  356. # Option 2:
  357. # Rewrite "domain.com/foo/ -> domain.com/foo"
  358.  
  359. #<IfModule mod_rewrite.c>
  360. # RewriteRule ^(.*)/$ /$1 [R=301,L]
  361. #</IfModule>
  362.  
  363.  
  364.  
  365. # ----------------------------------------------------------------------
  366. # Built-in filename-based cache busting
  367. # ----------------------------------------------------------------------
  368.  
  369. # If you're not using the build script to manage your filename version revving,
  370. # you might want to consider enabling this, which will route requests for
  371. # /css/all.20110203.css to /res/all.css
  372.  
  373. # To understand why this is important and a better idea than all.css?v1231,
  374. # read: github.com/paulirish/html5-boilerplate/wiki/Version-Control-with-Cachebusting
  375.  
  376. # Uncomment to enable.
  377. # <IfModule mod_rewrite.c>
  378. # RewriteCond %{REQUEST_FILENAME} !-f
  379. # RewriteCond %{REQUEST_FILENAME} !-d
  380. # RewriteRule ^(.+)\.(\d+)\.(js|css|png|jpg|gif)$ $1.$3 [L]
  381. # </IfModule>
  382.  
  383.  
  384.  
  385. # ----------------------------------------------------------------------
  386. # Prevent SSL cert warnings
  387. # ----------------------------------------------------------------------
  388.  
  389. # Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent
  390. # https://www.domain.com when your cert only allows https://secure.domain.com
  391. # Uncomment the following lines to use this feature.
  392.  
  393. # <IfModule mod_rewrite.c>
  394. # RewriteCond %{SERVER_PORT} !^443
  395. # RewriteRule (.*) https://example-domain-please-change-me.com/$1 [R=301,L]
  396. # </IfModule>
  397.  
  398.  
  399.  
  400. # ----------------------------------------------------------------------
  401. # Prevent 404 errors for non-existing redirected folders
  402. # ----------------------------------------------------------------------
  403.  
  404. # without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist
  405. # e.g. /blog/hello : webmasterworld.com/apache/3808792.htm
  406.  
  407. Options -MultiViews
  408.  
  409.  
  410.  
  411. # ----------------------------------------------------------------------
  412. # custom 404 page
  413. # ----------------------------------------------------------------------
  414.  
  415. # You can add custom pages to handle 500 or 403 pretty easily, if you like.
  416. ErrorDocument 404 /404.html
  417.  
  418.  
  419.  
  420. # ----------------------------------------------------------------------
  421. # UTF-8 encoding
  422. # ----------------------------------------------------------------------
  423.  
  424. # use utf-8 encoding for anything served text/plain or text/html
  425. AddDefaultCharset utf-8
  426.  
  427. # force utf-8 for a number of file formats
  428. AddCharset utf-8 .html .css .js .xml .json .rss
  429.  
  430.  
  431.  
  432. # ----------------------------------------------------------------------
  433. # A little more security
  434. # ----------------------------------------------------------------------
  435.  
  436.  
  437. # Do we want to advertise the exact version number of Apache we're running?
  438. # Probably not.
  439. ## This can only be enabled if used in httpd.conf - It will not work in .htaccess
  440. # ServerTokens Prod
  441.  
  442.  
  443. # "-Indexes" will have Apache block users from browsing folders without a default document
  444. # Usually you should leave this activated, because you shouldn't allow everybody to surf through
  445. # every folder on your server (which includes rather private places like CMS system folders).
  446. # Options -Indexes
  447.  
  448.  
  449. # Block access to "hidden" directories whose names begin with a period. This
  450. # includes directories used by version control systems such as Subversion or Git.
  451. <IfModule mod_rewrite.c>
  452. RewriteRule "(^|/)\." - [F]
  453. </IfModule>
  454.  
  455.  
  456. # If your server is not already configured as such, the following directive
  457. # should be uncommented in order to set PHP's register_globals option to OFF.
  458. # This closes a major security hole that is abused by most XSS (cross-site
  459. # scripting) attacks. For more information: http://php.net/register_globals
  460. #
  461. # IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :
  462. #
  463. # Your server does not allow PHP directives to be set via .htaccess. In that
  464. # case you must make this change in your php.ini file instead. If you are
  465. # using a commercial web host, contact the administrators for assistance in
  466. # doing this. Not all servers allow local php.ini files, and they should
  467. # include all PHP configurations (not just this one), or you will effectively
  468. # reset everything to PHP defaults. Consult www.php.net for more detailed
  469. # information about setting PHP directives.
  470.  
  471. # php_flag register_globals Off
  472.  
  473.  
  474.  
  475.  
  476.  

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: mahalie on March 25, 2011

Hey there, make sure you are checking the official boilerplate for the latest as there is constantly testing and folks reporting issues with various bits. In particular I know there was recently and issue with the IE header stuff when IE9 was officially released causing a rather serious bug.

http://html5boilerplate.com/

You need to login to post a comment.