.htaccess snippets

.htaccess snippets

· 6 minutos
# ------------------------------------------------------------------------------
# Redirecionar para mobile a partir do agente de usuário
# ------------------------------------------------------------------------------
<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTP_USER_AGENT} "android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|opera mobile|palmos|webos" [NC]
   RewriteRule ^$ http://m.example.com/ [L,R=302]
</IfModule>
<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTP_USER_AGENT} "!(android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|opera mobile|palmos|webos)" [NC]
   RewriteRule ^$ http://www.example.com/ [L,R=302]
</IfModule>

# ------------------------------------------------------------------------------
# Ativar Google Chrome Frame
# ------------------------------------------------------------------------------
<IfModule mod_headers.c>
  Header set X-UA-Compatible "IE=Edge,chrome=1"
  <FilesMatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svg|svgz|ttf|vcf|webm|webp|woff|xml|xpi)$">
      Header unset X-UA-Compatible
  </FilesMatch>
</IfModule>

# ------------------------------------------------------------------------------
# Permissão de acesso às Webfonts
# ------------------------------------------------------------------------------
# Nota: qualquer domínio pode ser especificado no lugar de "*"
<IfModule mod_headers.c>
  <FilesMatch "\.(eot|font.css|otf|ttc|ttf|woff)$">
      Header set Access-Control-Allow-Origin "*"
  </FilesMatch>
</IfModule>

# ------------------------------------------------------------------------------
# MIME type apropriado para todos os arquivos
# ------------------------------------------------------------------------------
AddType application/javascript         js jsonp
AddType application/json               json
AddType audio/mp4                      m4a f4a f4b
AddType audio/ogg                      oga ogg
AddType video/mp4                      mp4 m4v f4v f4p
AddType video/ogg                      ogv
AddType video/webm                     webm
AddType video/x-flv                    flv
AddType     image/svg+xml              svg svgz
AddEncoding gzip                       svgz
AddType application/vnd.ms-fontobject  eot
AddType application/x-font-ttf         ttf ttc
AddType application/x-font-woff        woff
AddType font/opentype                  otf
AddType application/octet-stream            safariextz
AddType application/x-chrome-extension      crx
AddType application/x-opera-extension       oex
AddType application/x-shockwave-flash       swf
AddType application/x-web-app-manifest+json webapp
AddType application/x-xpinstall             xpi
AddType application/xml                     rss atom xml rdf
AddType image/webp                          webp
AddType image/x-icon                        ico
AddType text/cache-manifest                 appcache manifest
AddType text/vtt                            vtt
AddType text/x-component                    htc
AddType text/x-vcard                        vcf

# ------------------------------------------------------------------------------
# Compressão gzip
# ------------------------------------------------------------------------------
<IfModule mod_deflate.c>
  <IfModule mod_setenvif.c>
      <IfModule mod_headers.c>
          SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
          RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
      </IfModule>
  </IfModule>
  <IfModule mod_filter.c>
      AddOutputFilterByType DEFLATE application/atom+xml \
                                    application/javascript \
                                    application/json \
                                    application/rss+xml \
                                    application/vnd.ms-fontobject \
                                    application/x-font-ttf \
                                    application/xhtml+xml \
                                    application/xml \
                                    font/opentype \
                                    image/svg+xml \
                                    image/x-icon \
                                    text/css \
                                    text/html \
                                    text/plain \
                                    text/x-component \
                                    text/xml
  </IfModule>
</IfModule>

# ------------------------------------------------------------------------------
# Expires headers (para um melhor controle de cache)
# ------------------------------------------------------------------------------
<IfModule mod_expires.c>
  ExpiresActive on
  ExpiresDefault                          "access plus 1 minute"

  ExpiresByType text/cache-manifest       "access plus 0 seconds"
  ExpiresByType text/html                 "access plus 0 seconds"
  ExpiresByType application/json          "access plus 0 seconds"
  ExpiresByType application/xml           "access plus 0 seconds"
  ExpiresByType text/xml                  "access plus 0 seconds"
  ExpiresByType application/atom+xml      "access plus 1 hour"
  ExpiresByType application/rss+xml       "access plus 1 hour"
  ExpiresByType image/x-icon              "access plus 1 minute"
  ExpiresByType audio/ogg                 "access plus 1 month"
  ExpiresByType image/gif                 "access plus 1 month"
  ExpiresByType image/jpeg                "access plus 1 month"
  ExpiresByType image/png                 "access plus 1 month"
  ExpiresByType video/mp4                 "access plus 1 month"
  ExpiresByType video/ogg                 "access plus 1 month"
  ExpiresByType video/webm                "access plus 1 month"
  ExpiresByType text/x-component          "access plus 1 month"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
  ExpiresByType application/x-font-ttf    "access plus 1 month"
  ExpiresByType application/x-font-woff   "access plus 1 month"
  ExpiresByType font/opentype             "access plus 1 month"
  ExpiresByType image/svg+xml             "access plus 1 month"
  ExpiresByType application/javascript    "access plus 1 minute"
  ExpiresByType text/css                  "access plus 1 minute"
</IfModule>

# ------------------------------------------------------------------------------
# Remoção de ETag
# ------------------------------------------------------------------------------
<IfModule mod_headers.c>
  Header unset ETag
</IfModule>
FileETag None

# ------------------------------------------------------------------------------
# Remover o flicker em rollovers CSS no Internet Explorer
# ------------------------------------------------------------------------------
BrowserMatch "MSIE" brokenvary=1
BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
BrowserMatch "Opera" !brokenvary
SetEnvIf brokenvary 1 force-no-vary

# ------------------------------------------------------------------------------
# Requisições AJAX cross-domain
# ------------------------------------------------------------------------------
<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"
</IfModule>

# ------------------------------------------------------------------------------
# Imagens CORS habilitadas (@crossorigin)
# ------------------------------------------------------------------------------
<IfModule mod_setenvif.c>
  <IfModule mod_headers.c>
      <FilesMatch "\.(gif|ico|jpe?g|png|svg|svgz|webp)$">
          SetEnvIf Origin ":" IS_CORS
          Header set Access-Control-Allow-Origin "*" env=IS_CORS
      </FilesMatch>
  </IfModule>
</IfModule>

# ------------------------------------------------------------------------------
# Concatenação entre arquivos js e css específicos
# ------------------------------------------------------------------------------
# Nota: e.g., em script.combined.js você pode ter
#       <!--#include file="libs/jquery-1.5.0.min.js" -->
#       <!--#include file="plugins/jquery.idletimer.js" -->
<FilesMatch "\.combined\.js$">
  Options +Includes
  AddOutputFilterByType INCLUDES application/javascript application/json
  SetOutputFilter INCLUDES
</FilesMatch>
<FilesMatch "\.combined\.css$">
  Options +Includes
  AddOutputFilterByType INCLUDES text/css
  SetOutputFilter INCLUDES
</FilesMatch>

# ------------------------------------------------------------------------------
# Impedir provedores de redes mobile (3G) de modificar seu site
# ------------------------------------------------------------------------------
<IfModule mod_headers.c>
  Header set Cache-Control "no-transform"
</IfModule>

# ------------------------------------------------------------------------------
# Keep-Alive
# ------------------------------------------------------------------------------
# Nota: existem algumas desvantagens em habilitar esta opção.
#       Ative-a se você serve muito conteúdo estático
<IfModule mod_headers.c>
  Header set Connection Keep-Alive
</IfModule>

# ------------------------------------------------------------------------------
# Permitir a criação de cookies em iframes
# ------------------------------------------------------------------------------
# Nota: apenas Internet Explorer
<IfModule mod_headers.c>
  Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
</IfModule>

# ------------------------------------------------------------------------------
# Iniciar o motor de reescrita de URLs
# ------------------------------------------------------------------------------
<IfModule mod_rewrite.c>
  Options +FollowSymlinks
  RewriteEngine On
#   RewriteBase /
</IfModule>

# ------------------------------------------------------------------------------
# Reescrever "example.com -> www.example.com"
# ------------------------------------------------------------------------------
<IfModule mod_rewrite.c>
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} !^www\..+$
  # Exceto para localhost
  RewriteCond %{HTTP_HOST} !^localhost$
  # Exceto para endereço IP
  RewriteCond %{HTTP_HOST} !^(\d{1,3}\.){3}\d{1,3}$ [NC]
  RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

# ------------------------------------------------------------------------------
# Reescrever "www.example.com -> example.com"
# ------------------------------------------------------------------------------
<IfModule mod_rewrite.c>
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>

# ------------------------------------------------------------------------------
# Melhor cache baseado em nome de arquivo
# ------------------------------------------------------------------------------
# Nota: link "css/estilos.css" como "css/estilos.123.css"
<IfModule mod_rewrite.c>
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.+)\.(\d+)\.(js|css|png|jpg|gif)$ $1.$3 [L]
</IfModule>

# ------------------------------------------------------------------------------
# Impedir alguns alertas SSL
# ------------------------------------------------------------------------------
<IfModule mod_rewrite.c>
  RewriteCond %{SERVER_PORT} !^443
  RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L]
</IfModule>

# ------------------------------------------------------------------------------
# Impedir erros 404 para pastas não existentes em URIs reescritas
# ------------------------------------------------------------------------------
Options -MultiViews

# ------------------------------------------------------------------------------
# Página 404 personalizada
# ------------------------------------------------------------------------------
ErrorDocument 404 /404.html

# ------------------------------------------------------------------------------
# Codificação UTF-8
# ------------------------------------------------------------------------------
AddDefaultCharset utf-8
AddCharset utf-8 .atom .css .js .json .rss .vtt .xml

# ------------------------------------------------------------------------------
# Remover assinatura do servidor
# ------------------------------------------------------------------------------
# Nota: apenas para a httpd.conf
ServerSignature Off
ServerTokens Prod

# ------------------------------------------------------------------------------
# Impedir listagem em diretórios sem documento padrão
# ------------------------------------------------------------------------------
<IfModule mod_autoindex.c>
  Options -Indexes
</IfModule>

# ------------------------------------------------------------------------------
# Impedir acesso a diretórios ocultos no Linux
# ------------------------------------------------------------------------------
# Nota: são diretórios cujo nome inicial com ponto, e.g. ".git"
<IfModule mod_rewrite.c>
  RewriteCond %{SCRIPT_FILENAME} -d [OR]
  RewriteCond %{SCRIPT_FILENAME} -f
  RewriteRule "(^|/)\." - [F]
</IfModule>

# ------------------------------------------------------------------------------
# Impedir acesso a arquivos de becape, código-fonte e configuração
# ------------------------------------------------------------------------------
<FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$">
  Order allow,deny
  Deny from all
  Satisfy All
</FilesMatch>

# ------------------------------------------------------------------------------
# Configurações seguras para o PHP
# ------------------------------------------------------------------------------
# Nota: nem todos servidores suportam essas modificações via .htaccess
php_flag  register_globals       Off
php_value session.name           SESSIONID
php_flag  magic_quotes_gpc       Off
php_flag  expose_php             Off
php_value error_reporting        -1
php_flag  log_errors             On
php_flag  display_errors         Off
php_flag  display_startup_errors Off
php_flag  html_errors            Off
php_flag  ignore_repeated_errors Off
php_flag  ignore_repeated_source Off
php_value log_errors_max_len     1024
php_value error_prepend_string   " "
php_value error_append_string    " "
<IfModule mod_php5.c>
  php_value session.cookie_httponly true
</IfModule>

# ------------------------------------------------------------------------------
# Redirecionar acesso para router PHP
# ------------------------------------------------------------------------------
# Nota: "E=app:main" especifica a variável
#       $_SERVER['REDIRECT_app'] = 'main';
<IfModule mod_rewrite.c>
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule ^ index.php [QSA,E=app:main,L]
</IfModule>