-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathhttpd-rewrite.conf
116 lines (107 loc) · 5.34 KB
/
httpd-rewrite.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<IfModule rewrite_module>
# rewrite_module guide http://mod-rewrite-cheatsheet.com
#
# Security tips
# http://www.askapache.com/security/mod_rewrite.html
# http://www.askapache.com/htaccess/modrewrite-tips-tricks.html
# Protocol and domain
#
# Handle HTTPS protocol
RewriteRule . - [E=HTTPS:off,E=SCHEME:http]
RewriteCond %{HTTPS} on [OR]
# CloudFlare Universal SSL
RewriteCond %{HTTP:X-Forwarded-Proto} https [OR]
RewriteCond %{HTTP:CF-Visitor} '"scheme":"https"'
RewriteRule . - [E=HTTPS:on,E=SCHEME:https,E=SSL:1]
#
# Rewrite www to no-www domain
RewriteCond %{HTTP_HOST} ^www\.(.+)$
RewriteRule ^ %{ENV:SCHEME}://%1%{REQUEST_URI} [R=301,L]
#
# # Avoid subdomains
# RewriteCond %{HTTP_HOST} !^domain\.com
# RewriteRule . %{ENV:SCHEME}://domain\.com%{REQUEST_URI} [R=301,L]
#
# # Force SSL
# RewriteCond %{ENV:SCHEME} !https
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
<IfModule headers_module>
<IfModule setenvif_module>
# HSTS preload, submit in https://hstspreload.appspot.com
# https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json
# https://hg.mozilla.org/mozilla-central/file/3d079a28317d/security/manager/ssl/nsSTSPreloadList.inc
Header set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" env=SSL
<FilesMatch \.(crx|css|eot|gif|ico|jpe?g|js|json|jsonld|mp4|nex|oga|ogg|ogv|otf|pack|pdf|png|svg|ttf|txt|vcard|vcf|vtt|webapp|webm|webmanifest|webp|woff|woff2|xml|xsl)$>
# Unset HTML-only related headers
Header unset Strict-Transport-Security env=SSL
</FilesMatch>
</IfModule>
</IfModule>
# Clean and safe
#
# Allow GET, HEAD and POST with HTTP/1.1 and HTTP/2.0 https://benchmarks.cisecurity.org/tools2/apache/CIS_Apache_HTTP_Server_2.4_Benchmark_v1.1.0.pdf
RewriteCond %{THE_REQUEST} !^(GET|HEAD|POST)\ /.*\ HTTP/(1\.1|2\.0)$
RewriteRule . - [F]
# # Block access to directories that begins with a period like Git and SVN
# RewriteRule (^|/)\. - [F]
# # Rewrite exceptions for specific path
# RewriteRule ^assets/ - [L]
#
# Remove trailing slash after domain
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\s//+(.*)\sHTTP/ [OR]
# Remove question mark and parameters
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\s/([^?#\s]*)\?[^\s]*\sHTTP/
RewriteRule .* %{REQUEST_URI}? [R=301,L]
#
# RewriteMap to rewrite uppercase letter URL to lowercase
RewriteMap lc int:tolower
#
# Avoid URL rewrite of existing file request
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f
RewriteRule .* - [S=8]
# Remove multiple trailing slashes, dash and ampersand before and after slash
# Firefox backslash removal needs "AllowEncodedSlashes On" in <VirtualHost> https://issues.apache.org/bugzilla/show_bug.cgi?id=35256
RewriteRule (.*)(//|\\|-/|/-|&/|/&)(.*) $1/$3 [N,DPI,E=redir:1]
# Rewrite space and underscore with dash, remove repeated dashes
RewriteRule (.*)(\s|_|--)(.*) $1-$3 [N,DPI,E=redir:1]
# Remove unsafe characters, RFC 1738 http://www.rfc-editor.org/rfc/rfc1738.txt
# Win root ":", "|", "<" and ">" returns 403 https://issues.apache.org/bugzilla/show_bug.cgi?id=41441
RewriteRule (.*)(,|!|=|~|`|'|"|\^|{|}|\[|]|:|\||<|>)(.*) /$1$3 [N,DPI,E=redir:1]
# Remove special characters from URL end
RewriteRule ^(.*)(\.|-|&)$ /$1 [N,DPI,E=redir:1]
# Rewrite dot if not a directory or file, http://stackoverflow.com/questions/4313988/#17851438
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteRule (.*)\.(.+)\.(.+)$ /$1$2.$3 [N,DPI,E=redir:1]
# Remove trailing slash from URL end
RewriteRule (.+)/$ /$1 [N,DPI,E=redir:1]
# Uppercase to lowercase (Latin letters only)
# Requires "RewriteMap lc int:tolower" in server config
RewriteRule (.*[A-Z].*) /${lc:$1} [N,DPI,E=redir:1]
RewriteCond %{ENV:redir} 1
RewriteRule (.*) $1 [R=301,L]
# Transparency
#
# Access index file from directory without trailing slash http://stackoverflow.com/questions/10921456/
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI}/index.php -f
RewriteRule ([^/].+) /$1/index.php [L]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI}/index.html -f
RewriteRule ([^/].+) /$1/index.html [L]
# Access file without extension
RewriteCond %{REQUEST_URI} !^/content($|/)
RewriteCond %{DOCUMENT_ROOT}/$1\.php -f
RewriteRule ^(.+?)/?$ /$1.php [L]
RewriteCond %{DOCUMENT_ROOT}/$1\.html -f
RewriteRule ^(.+?)/?$ /$1.html [L]
# Remove index file
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\s/(|.*/)index\.(php|html)($|\s|\?) [OR]
# Remove file extension, except html files in root - necessary for third-party verifications like mywot.com, pinterest.com, etc.
RewriteCond %{REQUEST_URI} !^/([^\/]*)\.html
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\s/(.*)\.(php|html)($|\s|\?)
RewriteRule (^|.+) /%1 [R=301,L]
# Performance
#
# Save bandwidth and helpout Google Search crawler with If-Modified-Since header https://support.google.com/webmasters/answer/35769#technical_guidelines
RewriteRule . - [E=HTTP_IF_MODIFIED_SINCE:%{HTTP:If-Modified-Since},L]
</IfModule>