-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.htaccess
executable file
·109 lines (96 loc) · 4.04 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
RewriteEngine On
RewriteBase /
# ----------------------------------------------------------------------
# Webfont access
# ----------------------------------------------------------------------
# Allow access from all domains for webfonts.
<IfModule mod_headers.c>
<FilesMatch "\.(md|tpl|ttf|ttc|otf|eot|woff|font.css|css|js)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
# Deflate files to fasten the loading
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE application/x-httpd-php text/html text/xml text/plain text/css text/javascript application/javascript application/x-javascript image/jpeg image/jpg image/png image/gif font/ttf font/eot font/otf
</IfModule>
<IfModule mod_headers.c>
# properly handle requests coming from behind proxies
Header append Vary User-Agent
</IfModule>
<IfModule mod_deflate.c>
# Properly handle old browsers that do not support compression
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Explicitly exclude binary files from compression just in case
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|swf|ico|zip|ttf|eot|svg)$ no-gzip
</IfModule>
# ----------- REMOVE UNWANTED ELEMENTS FROM URI -----------
#
# Replace spaces " " and plus "+" symbols with underscore "_"
RewriteCond %{REQUEST_URI} !^/(common/md|common/md/.*?)($|/)
RewriteCond %{REQUEST_URI} !^/(common/tpl|common/tpl/.*?)($|/)
RewriteRule (.*)\ (.*) http://%{SERVER_NAME}/$1_$2 [R=303,L]
RewriteRule (.*)\+(.*) http://%{SERVER_NAME}/$1_$2 [R=303,L]
# Replace double quotes �"� with single quotes �'�
RewriteRule (.*)\"(.*) http://%{SERVER_NAME}/$1'$2 [R=303,L]
# Replace all double-slashes "//" with single slash "/"
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . http://%{SERVER_NAME}/%1/%2 [R=303,L]
# ----------- URI CONVERSION -----------
#
#RewriteRule ^API/(.*)/? pgrdg/API/index.php?$1 [L]
#RewriteCond %{QUERY_STRING} id=1
#RewriteRule ^API$ /API/index.php? [L,R=301]
# Convert GET keys "(?|&)x=" in slash "/"
RewriteCond $0 !^(API|API/.*?)($|/)
RewriteRule ^([^/\.]+)/?$ /index.php?p=$1 [QSA]
RewriteCond $0 !^(API|API/.*?)($|/)
RewriteRule ^([^/\.]+)/([^/]+)/?$ /index.php?p=$1&s=$2 [QSA]
RewriteCond $0 !^(API|API/.*?)($|/)
RewriteRule ^([^/\.]+)/([^/]+)/([^/\.]+)/?$ /index.php?p=$1&s=$2&ss=$3 [QSA]
# Error pages
RewriteRule ^error-doc-([0-9]{3})$ /index.php?error=$1 [L]
# ----------- ERROR PAGES -----------
#
ErrorDocument 401 /error-doc-401
ErrorDocument 401 /error-doc-403
ErrorDocument 404 /error-doc-404
ErrorDocument 405 /error-doc-405
# ----------- SECURITY -----------
#
# ENABLE CORS
# ONLY FOR DEVELOPING PURPOSES
# See here for more information: http://enable-cors.org/server_apache.html
# Header set Access-Control-Allow-Origin "*"
# proc/self/environ? no!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block any script that trying to set mosConfig value via URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block any script base64_encode crap
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block any script that contains tag <script>
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block any script that trying to set a PHP global variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block any script that trying to edit a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
# Send all blocked requests to 403 error page
RewriteRule ^(.*)$ error-doc-403 [F,L]
# ----------- PHP -----------
#
# PHP error handling for development servers
php_flag display_startup_errors off
php_flag display_errors on
php_flag html_errors off
php_flag log_errors on
php_flag ignore_repeated_errors off
php_flag ignore_repeated_source off
php_flag report_memleaks on
php_flag track_errors on
php_value docref_root 0
php_value docref_ext 0
# php_value error_log /home/path/public_html/domain/PHP_errors.log
php_value error_reporting -1
php_value log_errors_max_len 0