[ { "path": ".editorconfig", "content": "# editorconfig.org\n\nroot = true\n\n[*]\ncharset = utf-8\nend_of_line = lf\nindent_size = 4\nindent_style = space\ninsert_final_newline = true\ntrim_trailing_whitespace = true\n\n[*.md]\ntrim_trailing_whitespace = false\n" }, { "path": ".github/FUNDING.yml", "content": "# These are supported funding model platforms\n\ngithub: [phanan]\nopen_collective: koel\n" }, { "path": "CONTRIBUTING.md", "content": "# Contributing\n\n1. Fork the repo.\n2. Add your section following the [styling guide](#styling). One snippet per PR, please!\n3. Commit changes.\n4. Push your commit.\n5. Create a pull request.\n6. Wait with your fingers crossed.\n\n## Styling\n\n- Put your snippets into corresponding sections.\n- Put the snippet names into the [Table of Contents](README.md#table-of-contents) and link them using relative URLs.\n- Use `###` headers for your snippets.\n- Use [Title Case](https://en.wikipedia.org/wiki/Letter_case#Title_case) for headers.\n- Add some note/description if applicable. People will thank you for that.\n- Be grateful. Indicate a source using this format `[Source](link)` if applicable. \n- For Apache-related examples, wrap your commands in a `apacheconf` code block.\n- For command-line examples, wrap your commands in a `bash` code block.\n" }, { "path": "LICENSE", "content": "Snippets with specified source belong to their respective owners and have\ntheir own license(s), whenever appropriate. \n\nOther content belongs to the public domain. Refer to \nfor more information.\n" }, { "path": "README.md", "content": "# .htaccess Snippets [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\nA collection of useful .htaccess snippets, all in one place.\n\n> [!NOTE]\n> `.htaccess` files are for people that do not have rights to edit the main server configuration file. They are intrinsically slower and more complicated than using the main config. Please see the [howto in the httpd documentation](https://httpd.apache.org/docs/current/howto/htaccess.html) for further details.\n\n> [!WARNING]\n> While dropping the snippet into an `.htaccess` file is most of the time sufficient, there are cases when certain modifications might be required. Use at your own risk.\n\n> [!IMPORTANT]\n> These snippets are for Apache 2.4. If you are still using Apache 2.2, check the [`2.2` branch](https://github.com/phanan/htaccess/tree/2.2). For details on the breaking changes between 2.2 and 2.4, see the [upgrading document](https://httpd.apache.org/docs/2.4/upgrading.html) as well as [this issue](https://github.com/phanan/htaccess/issues/2).\n\n## Credits\nWhat we are doing here is mostly collecting useful snippets from all over the interwebs (for example, a good chunk is from [Apache Server Configs](https://github.com/h5bp/server-configs-apache)) into one place. While we’ve been trying to credit where due, things might be missing. If you believe anything here is your work and credits should be given, let us know, or just send a PR.\n\n## Table of Contents\n- [Rewrite and Redirection](#rewrite-and-redirection)\n - [Force www](#force-www)\n - [Force www in a Generic Way](#force-www-in-a-generic-way)\n - [Force non-www](#force-non-www)\n - [Force non-www in a Generic Way](#force-non-www-in-a-generic-way)\n - [Force HTTPS](#force-https)\n - [Force HTTPS Behind a Proxy](#force-https-behind-a-proxy)\n - [Force Trailing Slash](#force-trailing-slash)\n - [Remove Trailing Slash](#remove-trailing-slash)\n - [Redirect a Single Page](#redirect-a-single-page)\n - [Redirect Using RedirectMatch](#redirect-using-redirectmatch)\n - [Alias a Single Directory](#alias-a-single-directory)\n - [Alias Paths to Script](#alias-paths-to-script)\n - [Redirect an Entire Site](#redirect-an-entire-site)\n - [Alias \"Clean\" URLs](#alias-clean-urls)\n - [Exclude a URL from Redirection](#exclude-url-from-redirection)\n- [Security](#security)\n - [Deny All Access](#deny-all-access)\n - [Deny All Access Except Yours](#deny-all-access-except-yours)\n - [Allow All Access Except Spammers'](#allow-all-access-except-spammers)\n - [Deny Access to Hidden Files and Directories](#deny-access-to-hidden-files-and-directories)\n - [Deny Access to Backup and Source Files](#deny-access-to-backup-and-source-files)\n - [Disable Directory Browsing](#disable-directory-browsing)\n - [Disable Image Hotlinking](#disable-image-hotlinking)\n - [Disable Image Hotlinking for Specific Domains](#disable-image-hotlinking-for-specific-domains)\n - [Password Protect a Directory](#password-protect-a-directory)\n - [Password Protect a File or Several Files](#password-protect-a-file-or-several-files)\n - [Block Visitors by Referrer](#block-visitors-by-referrer)\n - [Block Specific User Agents](#block-specific-user-agents)\n - [Prevent Framing the Site](#prevent-framing-the-site)\n - [Content Security Policy (CSP)](#content-security-policy-csp)\n - [Prevent MIME Type Sniffing](#prevent-mime-type-sniffing)\n - [Set Referrer Policy](#set-referrer-policy)\n - [Set Permissions Policy](#set-permissions-policy)\n - [Remove Server Signature](#remove-server-signature)\n- [Performance](#performance)\n - [Compress Text Files](#compress-text-files)\n - [Set Expires Headers](#set-expires-headers)\n - [Set Cache-Control Headers](#set-cache-control-headers)\n - [Turn eTags Off](#turn-etags-off)\n- [Miscellaneous](#miscellaneous)\n - [Set PHP Variables](#set-php-variables)\n - [Custom Error Pages](#custom-error-pages)\n - [Custom Maintenance Page](#custom-maintenance-page)\n - [Force Downloading](#force-downloading)\n - [Prevent Downloading](#prevent-downloading)\n - [Allow Cross-Domain Fonts](#allow-cross-domain-fonts)\n - [Enable CORS](#enable-cors)\n - [Auto UTF-8 Encode](#auto-utf-8-encode)\n - [Set Custom MIME Types](#set-custom-mime-types)\n - [Switch to Another PHP Version](#switch-to-another-php-version)\n - [Serve WebP/AVIF Images](#serve-webpavif-images)\n\n## Rewrite and Redirection\nNote: It is assumed that you have `mod_rewrite` installed and enabled.\n\n### Force www\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^example\\.com [NC]\nRewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301,NC]\n```\n\n### Force www in a Generic Way\n``` apacheconf\nRewriteCond %{HTTP_HOST} !^$\nRewriteCond %{HTTP_HOST} !^www\\. [NC]\nRewriteCond %{HTTPS}s ^on(s)|\nRewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]\n```\nThis works for _any_ domain. [Source](https://stackoverflow.com/questions/4916222/htaccess-how-to-force-www-in-a-generic-way)\n\n### Force non-www\nIt’s [still](https://www.sitepoint.com/domain-www-or-no-www/) [open](https://devcenter.heroku.com/articles/apex-domains) [for](https://yes-www.org/) [debate](https://no-www.org/) whether www or non-www is the way to go, so if you happen to be a fan of bare domains, here you go:\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.example\\.com [NC]\nRewriteRule ^(.*)$ https://example.com/$1 [L,R=301]\n```\n\n### Force non-www in a Generic Way\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.\nRewriteCond %{HTTPS}s ^on(s)|off\nRewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\\.)?(.+)$\nRewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]\n```\n\n### Force HTTPS\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTPS} !on\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n\n# Note: It’s also recommended to enable HTTP Strict Transport Security (HSTS)\n# on your HTTPS website to help prevent man-in-the-middle attacks.\n# See https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security\n\n # Remove \"includeSubDomains\" if you don't want to enforce HSTS on all subdomains\n Header always set Strict-Transport-Security \"max-age=31536000;includeSubDomains\"\n\n```\n\n### Force HTTPS Behind a Proxy\nUseful if you have a proxy in front of your server performing TLS termination.\n``` apacheconf\nRewriteCond %{HTTP:X-Forwarded-Proto} !https\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n```\n\n### Force Trailing Slash\n``` apacheconf\nRewriteCond %{REQUEST_URI} /+[^\\.]+$\nRewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]\n```\n\n### Remove Trailing Slash\nThis snippet will redirect paths ending in slashes to their non-slash-terminated counterparts (except for actual directories), e.g. `https://www.example.com/blog/` to `https://www.example.com/blog`. This is important for SEO, since it’s [recommended](https://overit.com/blog/canonical-urls) to have a canonical URL for every page.\n``` apacheconf\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteCond %{REQUEST_URI} (.+)/$\nRewriteRule ^ %1 [R=301,L]\n```\n[Source](https://stackoverflow.com/questions/21417263/htaccess-add-remove-trailing-slash-from-url#27264788)\n\n### Redirect a Single Page\n``` apacheconf\nRedirect 301 /oldpage.html https://www.example.com/newpage.html\nRedirect 301 /oldpage2.html https://www.example.com/folder/\n```\n[Source](https://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Redirect Using RedirectMatch\n``` apacheconf\nRedirectMatch 301 /subdirectory(.*) https://www.newsite.com/newfolder/$1\nRedirectMatch 301 ^/(.*).htm$ /$1.html\nRedirectMatch 301 ^/200([0-9])/([^01])(.*)$ /$2$3\nRedirectMatch 301 ^/category/(.*)$ /$1\nRedirectMatch 301 ^/(.*)/htaccesselite-ultimate-htaccess-article.html(.*) /htaccess/htaccess.html\nRedirectMatch 301 ^/(.*).html/1/(.*) /$1.html$2\nRedirectMatch 301 ^/manual/(.*)$ https://www.php.net/manual/$1\nRedirectMatch 301 ^/old-directory/(.*)$ /new-directory/$1\nRedirectMatch 301 ^/z/(.*)$ https://static.askapache.com/$1\n```\n[Source](https://www.askapache.com/htaccess/301-redirect-with-mod_rewrite-or-redirectmatch.html#301_Redirects_RedirectMatch)\n\n### Alias a Single Directory\n``` apacheconf\nRewriteEngine On\nRewriteRule ^source-directory/(.*) /target-directory/$1 [R=301,L]\n```\n\n### Alias Paths to Script\n``` apacheconf\nFallbackResource /index.fcgi\n```\nThis example has an `index.fcgi` file in some directory, and any requests within that directory that fail to resolve a filename/directory will be sent to the `index.fcgi` script. It’s good if you want `baz.foo/some/cool/path` to be handled by `baz.foo/index.fcgi` (which also supports requests to `baz.foo`) while maintaining `baz.foo/css/style.css` and the like. Get access to the original path from the PATH_INFO environment variable, as exposed to your scripting environment.\n\n``` apacheconf\nRewriteEngine On\nRewriteRule ^$ index.fcgi/ [QSA,L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]\n```\nThis is a less efficient version of the FallbackResource directive (because using `mod_rewrite` is more complex than just handling the `FallbackResource` directive), but it’s also more flexible.\n\n### Redirect an Entire Site\n``` apacheconf\nRedirect 301 / https://newsite.com/\n```\nThis way does it with links intact. That is `www.oldsite.com/some/crazy/link.html` will become `www.newsite.com/some/crazy/link.html`. This is extremely helpful when you are just “moving” a site to a new domain. [Source](https://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Alias “Clean” URLs\nThis snippet lets you use “clean” URLs -- those without a PHP extension, e.g. `example.com/users` instead of `example.com/users.php`.\n``` apacheconf\nRewriteEngine On\nRewriteCond %{SCRIPT_FILENAME} !-d\nRewriteRule ^([^.]+)$ $1.php [NC,L]\n```\n[Source](https://www.abeautifulsite.net/access-pages-without-the-php-extension-using-htaccess/)\n\n### Exclude URL from Redirection\nThis snippet allows you to exclude a URL from redirection. For example, if you have redirection rules setup but want to exclude robots.txt so search engines can access that URL as expected.\n``` apacheconf\nRewriteEngine On\nRewriteRule ^robots.txt - [L]\n```\n\n## Security\n### Deny All Access\n``` apacheconf\nRequire all denied\n```\n\nBut wait, this will lock you out from your content as well! Thus introducing...\n\n### Deny All Access Except Yours\n``` apacheconf\nRequire all denied\nRequire ip xxx.xxx.xxx.xxx\n```\n`xxx.xxx.xxx.xxx` is your IP. If you replace the last three digits with `0/12` for example, this will specify a range of IPs within the same network, thus saving you the trouble to list all allowed IPs separately. [Source](https://speckyboy.com/2013/01/08/useful-htaccess-snippets-and-hacks/)\n\nNow of course there's a reversed version:\n\n### Allow All Access Except Spammers'\n``` apacheconf\nRequire all granted\nRequire not ip xxx.xxx.xxx.xxx\nRequire not ip xxx.xxx.xxx.xxy\n```\n\n### Deny Access to Hidden Files and Directories\nHidden files and directories (those whose names start with a dot `.`) should most, if not all, of the time be secured. For example: `.htaccess`, `.htpasswd`, `.git`, `.hg`...\n``` apacheconf\nRewriteCond %{SCRIPT_FILENAME} -d [OR]\nRewriteCond %{SCRIPT_FILENAME} -f\nRewriteRule \"(^|/)\\.\" - [F]\n```\n\nAlternatively, you can just raise a “Not Found” error, giving the attacker no clue:\n``` apacheconf\nRedirectMatch 404 /\\..*$\n```\n\n### Deny Access to Backup and Source Files\nThese files may be left by some text/HTML editors (like Vi/Vim) and pose a great security danger if exposed to public.\n``` apacheconf\n\n Require all denied\n\n```\n[Source](https://github.com/h5bp/server-configs-apache)\n\n### Disable Directory Browsing\n``` apacheconf\nOptions All -Indexes\n```\n\n### Disable Image Hotlinking\n``` apacheconf\nRewriteEngine on\n# Remove the following line if you want to block blank referrer too\nRewriteCond %{HTTP_REFERER} !^$\n\nRewriteCond %{HTTP_REFERER} !^https?://(.+\\.)?example.com [NC]\nRewriteRule \\.(jpe?g|png|gif|bmp|webp|avif|svg|ico)$ - [NC,F,L]\n\n# If you want to display a “blocked” banner in place of the hotlinked image,\n# replace the above rule with:\n# RewriteRule \\.(jpe?g|png|gif|bmp|webp|avif|svg|ico) https://example.com/blocked.png [R,L]\n```\n\n### Disable Image Hotlinking for Specific Domains\nSometimes you want to disable image hotlinking from some bad guys only.\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_REFERER} ^https?://(.+\\.)?badsite\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} ^https?://(.+\\.)?badsite2\\.com [NC,OR]\nRewriteRule \\.(jpe?g|png|gif|bmp|webp|avif|svg|ico)$ - [NC,F,L]\n\n# If you want to display a “blocked” banner in place of the hotlinked image,\n# replace the above rule with:\n# RewriteRule \\.(jpe?g|png|gif|bmp|webp|avif|svg|ico) https://example.com/blocked.png [R,L]\n```\n\n### Password Protect a Directory\nFirst you need to create a `.htpasswd` file somewhere in the system:\n``` bash\nhtpasswd -c /home/fellowship/.htpasswd boromir\n```\n\nThen you can use it for authentication:\n``` apacheconf\nAuthType Basic\nAuthName \"One does not simply\"\nAuthUserFile /home/fellowship/.htpasswd\nRequire valid-user\n```\n\n### Password Protect a File or Several Files\n``` apacheconf\nAuthName \"One still does not simply\"\nAuthType Basic\nAuthUserFile /home/fellowship/.htpasswd\n\n\nRequire valid-user\n\n\n\nRequire valid-user\n\n```\n\n### Block Visitors by Referrer\nThis denies access for all users who are coming from (referred by) a specific domain.\n[Source](https://www.htaccess-guide.com/deny-visitors-by-referrer/)\n``` apacheconf\nRewriteEngine on\n# Options +FollowSymlinks\nRewriteCond %{HTTP_REFERER} somedomain\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} anotherdomain\\.com\nRewriteRule .* - [F]\n```\n\n### Block Specific User Agents\nThis will block specific user agents from accessing your site, useful for blocking scrapers and bad bots.\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_USER_AGENT} BadBot [NC,OR]\nRewriteCond %{HTTP_USER_AGENT} EvilScraper [NC]\nRewriteRule .* - [F,L]\n```\n\n### Prevent Framing the Site\nThis prevents the website to be framed (i.e. put into an `iframe` tag), when still allows framing for a specific URI.\n``` apacheconf\nSetEnvIf Request_URI \"/starry-night\" allow_framing=true\nHeader set X-Frame-Options SAMEORIGIN env=!allow_framing\n```\n\n### Content Security Policy (CSP)\nA Content Security Policy header helps mitigate cross-site scripting (XSS) and other code injection attacks by declaring which dynamic resources are allowed to load.\n``` apacheconf\n\n Header set Content-Security-Policy \"default-src 'self'; script-src 'self'; style-src 'self'\"\n\n```\nAdjust the directives to fit your needs. See the [CSP reference](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) for all available directives.\n\n### Prevent MIME Type Sniffing\nThis prevents browsers from trying to guess (\"sniff\") the MIME type of a resource, which can have security implications. The browser will trust what the server says and block the resource if it doesn't match the expected type.\n``` apacheconf\n\n Header set X-Content-Type-Options \"nosniff\"\n\n```\n\n### Set Referrer Policy\nControl how much referrer information is included with requests. This helps protect user privacy by preventing the full URL from leaking to external sites.\n``` apacheconf\n\n Header set Referrer-Policy \"strict-origin-when-cross-origin\"\n\n```\n\n### Set Permissions Policy\nRestrict which browser features your site can use, such as camera, microphone, geolocation, etc.\n``` apacheconf\n\n Header set Permissions-Policy \"camera=(), microphone=(), geolocation=(), interest-cohort=()\"\n\n```\n\n### Remove Server Signature\nPrevent Apache from exposing its version number and OS information in HTTP headers and error pages.\n``` apacheconf\nServerSignature Off\n```\n\n## Performance\n### Compress Text Files\n``` apacheconf\n\n\n # Force compression for mangled headers.\n # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html\n \n \n SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\\s*,?\\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding\n RequestHeader append Accept-Encoding \"gzip,deflate\" env=HAVE_Accept-Encoding\n \n \n\n # Compress all output labeled with one of the following MIME-types\n # (mod_filter is required for Apache 2.4)\n \n AddOutputFilterByType DEFLATE application/atom+xml \\\n application/javascript \\\n application/json \\\n application/rss+xml \\\n application/x-font-ttf \\\n application/x-web-app-manifest+json \\\n application/xhtml+xml \\\n application/xml \\\n font/opentype \\\n image/svg+xml \\\n image/x-icon \\\n text/css \\\n text/html \\\n text/plain \\\n text/xml\n \n\n\n```\n[Source](https://github.com/h5bp/server-configs-apache)\n\n\n### Set Expires Headers\n_Expires headers_ tell the browser whether they should request a specific file from the server or just grab it from the cache. It is advisable to set static content's expires headers to something far in the future.\n\nIf you don’t control versioning with filename-based cache busting, consider lowering the cache time for resources like CSS and JS to something like 1 week. [Source](https://github.com/h5bp/server-configs-apache)\n``` apacheconf\n\n ExpiresActive on\n ExpiresDefault \"access plus 1 month\"\n\n # CSS\n ExpiresByType text/css \"access plus 1 year\"\n\n # Data interchange\n ExpiresByType application/json \"access plus 0 seconds\"\n ExpiresByType application/xml \"access plus 0 seconds\"\n ExpiresByType text/xml \"access plus 0 seconds\"\n\n # Favicon (cannot be renamed!)\n ExpiresByType image/x-icon \"access plus 1 week\"\n\n # HTML\n ExpiresByType text/html \"access plus 0 seconds\"\n\n # JavaScript\n ExpiresByType application/javascript \"access plus 1 year\"\n\n # Manifest files\n ExpiresByType application/x-web-app-manifest+json \"access plus 0 seconds\"\n\n # Media\n ExpiresByType audio/ogg \"access plus 1 month\"\n ExpiresByType image/gif \"access plus 1 month\"\n ExpiresByType image/jpeg \"access plus 1 month\"\n ExpiresByType image/png \"access plus 1 month\"\n ExpiresByType video/mp4 \"access plus 1 month\"\n ExpiresByType video/ogg \"access plus 1 month\"\n ExpiresByType video/webm \"access plus 1 month\"\n\n # Web feeds\n ExpiresByType application/atom+xml \"access plus 1 hour\"\n ExpiresByType application/rss+xml \"access plus 1 hour\"\n\n # Web fonts\n ExpiresByType application/font-woff2 \"access plus 1 month\"\n ExpiresByType application/font-woff \"access plus 1 month\"\n ExpiresByType application/x-font-ttf \"access plus 1 month\"\n ExpiresByType font/opentype \"access plus 1 month\"\n ExpiresByType image/svg+xml \"access plus 1 month\"\n\n```\n\n### Set Cache-Control Headers\n`Cache-Control` headers provide more fine-grained control over browser caching than Expires headers. You can use both together for maximum compatibility.\n``` apacheconf\n\n # Cache CSS and JS for 1 year\n \n Header set Cache-Control \"max-age=31536000, public\"\n \n\n # Cache images for 1 month\n \n Header set Cache-Control \"max-age=2592000, public\"\n \n\n # Cache fonts for 1 month\n \n Header set Cache-Control \"max-age=2592000, public\"\n \n\n # Do not cache HTML\n \n Header set Cache-Control \"no-cache, no-store, must-revalidate\"\n \n\n```\n\n### Turn eTags Off\nBy removing the `ETag` header, you disable caches and browsers from being able to validate files, so they are forced to rely on your `Cache-Control` and `Expires` header. [Source](https://www.askapache.com/htaccess/apache-speed-etags.html)\n``` apacheconf\n\n Header unset ETag\n\nFileETag None\n```\n\n## Miscellaneous\n\n### Set PHP Variables\n``` apacheconf\nphp_value \n\n# For example:\nphp_value upload_max_filesize 50M\nphp_value max_execution_time 240\n```\n\n### Custom Error Pages\n``` apacheconf\nErrorDocument 500 \"Houston, we have a problem.\"\nErrorDocument 401 https://error.example.com/mordor.html\nErrorDocument 404 /errors/halflife3.html\n```\n\n### Custom Maintenance Page\nRedirect all traffic to a maintenance page while still allowing access from a specific IP address.\n``` apacheconf\nRewriteEngine on\nRewriteCond %{REMOTE_ADDR} !^xxx\\.xxx\\.xxx\\.xxx\nRewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]\nRewriteCond %{REQUEST_URI} !\\.(css|js|png|jpe?g|gif|svg|ico)$ [NC]\nRewriteRule .* /maintenance.html [R=503,L]\n```\nReplace `xxx.xxx.xxx.xxx` with your IP address to retain access while the site is under maintenance.\n\n### Force Downloading\nSometimes you want to force the browser to download some content instead of displaying it.\n``` apacheconf\n\n ForceType application/octet-stream\n Header set Content-Disposition attachment\n\n```\n\nNow there is a yang to this yin:\n\n### Prevent Downloading\nSometimes you want to force the browser to display some content instead of downloading it.\n``` apacheconf\n\n Header set Content-Type text/plain\n\n```\n\n### Allow Cross-Domain Fonts\nCDN-served webfonts might not work in Firefox due to [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing). This snippet solves the problem.\n``` apacheconf\n\n \n Header set Access-Control-Allow-Origin \"*\"\n \n\n```\n[Source](https://github.com/h5bp/server-configs-apache/issues/32)\n\n### Enable CORS\nEnable Cross-Origin Resource Sharing (CORS) for your site, allowing other domains to make requests to your server.\n``` apacheconf\n\n Header set Access-Control-Allow-Origin \"*\"\n Header set Access-Control-Allow-Methods \"GET, POST, PUT, DELETE, OPTIONS\"\n Header set Access-Control-Allow-Headers \"Content-Type, Authorization\"\n\n```\nTo restrict access to specific domains, replace `*` with the domain, e.g. `https://example.com`.\n\n### Auto UTF-8 Encode\nYour text content should always be UTF-8 encoded, no?\n``` apacheconf\n# Use UTF-8 encoding for anything served text/plain or text/html\nAddDefaultCharset utf-8\n\n# Force UTF-8 for a number of file formats\nAddCharset utf-8 .atom .css .js .json .rss .vtt .xml\n```\n[Source](https://github.com/h5bp/server-configs-apache)\n\n### Set Custom MIME Types\nDefine custom MIME types for file formats that Apache may not recognize by default.\n``` apacheconf\nAddType application/manifest+json .webmanifest\nAddType application/wasm .wasm\nAddType application/x-ndjson .ndjson\nAddType text/vtt .vtt\n```\n\n### Switch to Another PHP Version\nIf you’re on a shared host, chances are there are more than one version of PHP installed, and sometimes you want a specific version for your website. The following snippet should switch the PHP version for you.\n\n``` apacheconf\nAddHandler application/x-httpd-php84 .php\n\n# Alternatively, you can use AddType\nAddType application/x-httpd-php84 .php\n```\n\n### Serve WebP/AVIF Images\nIf a modern format image (AVIF or WebP) with the same name exists alongside the original jpg/png, it will be served instead. AVIF is preferred over WebP when the browser supports both.\n\n``` apacheconf\nRewriteEngine On\n\n# Serve AVIF if supported and available\nRewriteCond %{HTTP_ACCEPT} image/avif\nRewriteCond %{DOCUMENT_ROOT}/$1.avif -f\nRewriteRule (.+)\\.(jpe?g|png)$ $1.avif [T=image/avif,E=accept:1]\n\n# Otherwise, serve WebP if supported and available\nRewriteCond %{HTTP_ACCEPT} image/webp\nRewriteCond %{DOCUMENT_ROOT}/$1.webp -f\nRewriteRule (.+)\\.(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]\n```\n" }, { "path": "Translations/French/README.md", "content": "# .htaccess Snippets [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\n\n> Une collection utile de fragments de configuration de fichier `.htaccess`, le\n> tout regroupé dans un seul endroit.\n\n**Avertissement** : Bien que l'extrait mis dans un fichier `.htaccess` est la\nplupart du temps suffisant, il ya des cas où certaines modifications pourraient\nêtre nécessaires. À utiliser à vos propres risques.\n\n**IMPORTANT** : Apache 2.4 a introduit quelques changements de rupture,\nnotamment dans la configuration de contrôle d'accès. Pour plus d'information,\nconsultez le\n[document de mise à niveau](https://httpd.apache.org/docs/2.4/upgrading.html)\nainsi que [cette issue](https://github.com/phanan/htaccess/issues/2).\n\n\n## Crédits\n\nCe que nous faisons ici est principalement la collection d'extraits pratiques en\nprovenance d'un peu partout sur le web, par exemple, une bonne partie provient\ndu dépôt [Apache Server Configs](https://github.com/h5bp/server-configs-apache).\nBien qu'ayant essayé de créditer la bonne personne, des éléments peuvent être\nmanquants. Si vous pensez que quelque chose ici provient de votre travail et que\nvous devriez en être crédité, faites le moi savoir, ou faites une PR.\n\n\n## Table des matières\n\n- [Réécriture et redirection](#réécriture-et-redirection)\n - [Forcer www](#forcer-www)\n - [Forcer www d'une manière générique](#forcer-www-dune-manière-générique)\n - [Forcer non-www](#forcer-non-www)\n - [Forcer non-www d'une manière générique](#forcer-non-www-dune-manière-générique)\n - [Forcer HTTPS](#forcer-https)\n - [Forcer HTTPS derrière un proxy](#forcer-https-derrière-un-proxy)\n - [Forcer le slash de fin](#forcer-le-slash-de-fin)\n - [Supprimer le slash de fin](#supprimer-le-slash-de-fin)\n - [Rediriger une seule page](#rediriger-une-seule-page)\n - [Alias pour un seul dossier](#alias-pour-un-seul-dossier)\n - [Alias de chemins vers un script](#alias-de-chemins-vers-un-script)\n - [Rediriger un site entier](#rediriger-un-site-entier)\n - [Alias en URLs propres](#alias-en-urls-propres)\n- [Sécurité](#securité)\n - [Refuser tout accès](#refuser-tout-accès)\n - [Refuser tout accès sauf soi-même](#refuser-tout-accès-sauf-soi-même)\n - [Autoriser tout accès sauf aux spammeurs'](#autoriser-tout-accès-sauf-aux-spammeurs)\n - [Refuser l'accès aux fichiers et répertoires cachés](#refuser-laccès-aux-fichiers-et-dossiers-cachés)\n - [Refuser l'accès aux sources et fichiers de sauvegarde](#refuser-laccès-aux-sources-et-fichiers-de-sauvegarde)\n - [Désactiver la navigation de dossier](#désactiver-la-navigation-de-dossier)\n - [Désactiver le hotlink des images](#désactiver-le-hotlink-des-images)\n - [Désactiver le hotlink des images pour des domaines spécifiques](#désactiver-le-hotlink-des-images-pour-des-domaines-spécifiques)\n - [Protéger un dossier par mot de passe](#protéger-un-dossier-par-mot-de-passe)\n - [Protéger un ou plusieurs fichiers par mot de passe](#protéger-un-ou-plusieurs-fichiers-par-mot-de-passe)\n- [Performance](#performance)\n - [Compresser les fichiers texte](#compresser-les-fichiers-texte)\n - [Ajouter l'en-tête \"Expires\"](#ajouter-len-tête-expires)\n - [Désactiver eTags](#désactiver-etags)\n- [Divers](#divers)\n - [Définir des variables PHP](#définir-des-variables-php)\n - [Pages d'erreur personnalisées](#pages-derreur-personnalisées)\n - [Forcer le téléchargement](#forcer-le-téléchargement)\n - [Empêcher le téléchargement](#empêcher-le-téléchargement)\n - [Autoriser les polices Cross-Domain](#autoriser-les-polices-cross-domain)\n - [Encodage UTF-8 automatique](#encodage-utf-8-automatique)\n - [Basculer vers une autre version de PHP](#basculer-vers-une-autre-version-de-php)\n - [Désactiver le mode de compatibilité pour Internet Explorer](#désactiver-le-mode-de-compatibilité-pour-internet-explorer)\n - [Servir des images WebP](#servir-des-images-webp)\n\n\n## Réécriture et redirection\n\nRemarque: On suppose avoir le module `mod_rewrite` installé et activé.\n\n\n### Forcer www\n\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^example\\.com [NC]\nRewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]\n```\n\n\n### Forcer www d'une manière générique\n\n``` apacheconf\nRewriteCond %{HTTP_HOST} !^$\nRewriteCond %{HTTP_HOST} !^www\\. [NC]\nRewriteCond %{HTTPS}s ^on(s)|\nRewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]\n```\n\nCela fonctionne pour _tous_ les domaines.\n[Source](https://stackoverflow.com/questions/4916222/htaccess-how-to-force-www-in-a-generic-way)\n\n\n### Forcer non-www\n\nC'est [toujours](http://www.sitepoint.com/domain-www-or-no-www/)\n[en cours](https://devcenter.heroku.com/articles/apex-domains)\n[de](http://yes-www.org/) [débat](http://no-www.org/) selon s'il faut\nprévilégier la forme avec ou sans `www`, donc si vous êtes un fan de domaine\n\"à nu\", ceci est pour vous :\n\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.example\\.com [NC]\nRewriteRule ^(.*)$ http://example.com/$1 [L,R=301]\n```\n\n\n### Forcer non-www d'une manière générique\n\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.\nRewriteCond %{HTTPS}s ^on(s)|off\nRewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\\.)?(.+)$\nRewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]\n```\n\n\n### Forcer HTTPS\n\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTPS} !on\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n```\n\n\n### Forcer HTTPS derrière un proxy\n\nCeci est utile si vous avez un proxy devant votre serveur faisant une\ntermination TLS :\n\n``` apacheconf\nRewriteCond %{HTTP:X-Forwarded-Proto} !https\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n```\n\n\n### Forcer le slash de fin\n\n``` apacheconf\nRewriteCond %{REQUEST_URI} /+[^\\.]+$\nRewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]\n```\n\n\n### Supprimer le slash de fin\n\n``` apacheconf\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)/$ /$1 [R=301,L]\n```\n\n\n### Rediriger une seule page\n\n``` apacheconf\nRedirect 301 /anciennepage.html http://www.votresite.com/nouvellepage.html\nRedirect 301 /anciennepage2.html http://www.votresite.com/dossier/\n```\n\n[Source](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n\n### Alias pour un seul dossier\n\n``` apacheconf\nRewriteEngine On\nRewriteRule ^source-directory/(.*) target-directory/$1\n```\n\n\n### Alias de chemins vers un script\n\n``` apacheconf\nFallbackResource /index.fcgi\n```\n\nCet exemple a un fichier `index.fcgi` dans un répertoire, et toutes les requêtes\nà l'intérieur de ce dossier qui ne peuvent résoudre le fichier/dossier demandé\nseront renvoyées vers le script `index.fcgi`. Ceci est utile si vous souhaitez\nque `baz.foo/une/route/sympa` soit manipulé par `baz.foo/index.fcgi` (qui prend\négalement en charge les demandes vers `baz.foo`) tout en maintenant\n`baz.foo/css/style.css` ou autre fonctionnels. Accédez au chemin d'origine de la\nvariable d'environnement `PATH_INFO`, comme exposé à votre environnement de\nscriptage.\n\n``` apacheconf\nRewriteEngine On\nRewriteRule ^$ index.fcgi/ [QSA,L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]\n```\n\nCeci est une version moins efficace de la directive `FallbackResource` (car\nl'utilisation de `mod_rewrite` est plus complexe que de maintenir la directive \n`FallbackResource`), mais offre d'avantage de flexibilité.\n\n\n### Rediriger un site entier\n\n``` apacheconf\nRedirect 301 / http://nouveausite.com/\n```\n\nCeci laisse les liens intacts. Ainsi `anciensite.com/lien/super/genial.html`\ndeviendra `nouveausite.com/lien/super/genial.html`. Cela est très pratique\nlorsque vous souhaitez déplacer un site vers un nouveau domaine.\n\n[Source](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n\n### Alias en URLs propres\n\nCe snippet vous permet d'utiliser des \"URLs propres\" –celles sans extension–,\npar exemple : `example.com/users` à la place de `example.com/users.php`.\n\n``` apacheconf\nRewriteEngine On\nRewriteCond %{SCRIPT_FILENAME} !-d\nRewriteRule ^([^.]+)$ $1.php [NC,L]\n```\n\n[Source](http://www.abeautifulsite.net/access-pages-without-the-php-extension-using-htaccess/)\n\n\n## Securité\n\n### Refuser tout accès\n\n``` apacheconf\n## Apache 2.2\nDeny from all\n\n## Apache 2.4\n# Require all denied\n```\n\nMais… ceci vous bloquera vous également ! Si ce n'est pas ce que vous souhaitez,\nla partie suivante est sûrement faite pour vous !\n\n\n### Refuser tout accès sauf soi-même\n\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from all\nAllow from xxx.xxx.xxx.xxx\n\n## Apache 2.4\n# Require all denied\n# Require ip xxx.xxx.xxx.xxx\n```\n\nEn remplaçant `xxx.xxx.xxx.xxx` par votre adresse IP, vous n'autoriserez l'accès\nà votre site que par vous. Si vous remplacez les 3 dernièrs numéros par `0/12`\npar exemple, ceci spécifiera un intervalle d'adresses IPs à l'intérieur d'un\nmême réseau, vous évitant ainsi de lister toutes les IPs autorisées\nindividuellement.\n\n[Source](http://speckyboy.com/2013/01/08/useful-htaccess-snippets-and-hacks/)\n\nBien sûr, il y a la version inverse :\n\n\n### Autoriser tout accès sauf aux spammeurs\n\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from xxx.xxx.xxx.xxx\nDeny from xxx.xxx.xxx.xxy\n\n## Apache 2.4\n# Require all granted\n# Require not ip xxx.xxx.xxx.xxx\n# Require not ip xxx.xxx.xxx.xxy\n```\n\n\n### Refuser l'accès aux fichiers et dossiers cachés\n\nLes fichiers et dossiers cachés (ceux dont les noms commencent par un point `.`)\ndevraient être pour la majorité d'entre eux sécurisés. On ne devrait par exemple\npas avoir accès aux éléments suivants : `.htaccess`, `.htpasswd`, `.git`,\n`.hg`...\n\n``` apacheconf\nRewriteCond %{SCRIPT_FILENAME} -d [OR]\nRewriteCond %{SCRIPT_FILENAME} -f\nRewriteRule \"(^|/)\\.\" - [F]\n```\n\nUne autre solution serait de lever une erreur `404 Not Found`, ne donnant aucun\nindice à l'attaquant quant à l'existance de la ressource :\n\n``` apacheconf\nRedirectMatch 404 /\\..*$\n```\n\n\n### Refuser l'accès aux sources et fichiers de sauvegarde\n\nCes fichiers peuvent être laissés par certains éditeurs de texte/html (comme\nVi/Vim) et poser un grand danger en terme de sécurité, quand quelqu'un y a\naccès.\n\n``` apacheconf\n\n ## Apache 2.2\n Order allow,deny\n Deny from all\n Satisfy All\n\n ## Apache 2.4\n # Require all denied\n\n```\n\n[Source](https://github.com/h5bp/server-configs-apache)\n\n\n### Désactiver la navigation de dossier\n\n``` apacheconf\nOptions All -Indexes\n```\n\n\n### Désactiver le hotlink des images\n\n``` apacheconf\nRewriteEngine on\n# Enlever la ligne ci-dessous si vous souhaitez bloquer le referrer vide \nRewriteCond %{HTTP_REFERER} !^$\n\nRewriteCond %{HTTP_REFERER} !^http(s)?://(.+\\.)?votredomaine.com [NC]\nRewriteRule \\.(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]\n\n# Si vous souhaitez afficher une bannière \"Bloquée\" d'url 'blocked.png' au lieu\n# du hotlink de l'image, replacez la règle ci-dessus par celle-ci :\n# RewriteRule \\.(jpg|jpeg|png|gif|bmp) http://votredomaine.com/blocked.png [R,L]\n```\n\n\n### Désactiver le hotlink des images pour des domaines spécifiques\n\nParfois vous souhaitez désactiver le hotlink d'images seulement pour quelques\ndomaines spécifiques. L'extrait suivant devrait vous aider :\n\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_REFERER} ^http(s)?://(.+\\.)?mauvaissite\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} ^http(s)?://(.+\\.)?mauvaissite2\\.com [NC,OR]\nRewriteRule \\.(jpg|jpeg|png|gif)$ - [NC,F,L]\n\n# Si vous souhaitez afficher une bannière \"Bloquée\" d'url 'blocked.png' au lieu\n# du hotlink de l'image, replacez la règle ci-dessus par celle-ci :\n# RewriteRule \\.(jpg|jpeg|png|gif|bmp) http://votredomaine.com/blocked.png [R,L]\n```\n\n\n### Protéger un dossier par mot de passe\n\nD'abord, vous aurez besoin de créer un fichier `.htpasswd` quelque part sur le\nsystème, avec l'aide de la commande suivante :\n\n``` bash\nhtpasswd -c /home/fellowship/.htpasswd boromir\n```\n\nEnsuite, vous pouvez utiliser ceci pour activer l'authentification :\n\n``` apacheconf\nAuthType Basic\nAuthName \"One does not simply\"\nAuthUserFile /home/fellowship/.htpasswd\nRequire valid-user\n```\n\n\n### Protéger un ou plusieurs fichiers par mot de passe\n\n``` apacheconf\nAuthName \"One still does not simply\"\nAuthType Basic\nAuthUserFile /home/fellowship/.htpasswd\n\n\nRequire valid-user\n\n\n\nRequire valid-user\n\n```\n\n\n## Performance\n\n### Compresser les fichiers texte\n\n``` apacheconf\n\n\n # Force compression for mangled headers.\n # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html\n \n \n SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\\s*,?\\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding\n RequestHeader append Accept-Encoding \"gzip,deflate\" env=HAVE_Accept-Encoding\n \n \n\n # Compresse toutes les sorties ayant un de ces types MIME\n # (pour Apache < 2.3.7, vous n'avez pas besoin d'activer `mod_filter`\n # et vous pouvez supprimer le `` et ``\n # comme `AddOutputFilterByType` sera toujours dans les directives du noyau).\n \n AddOutputFilterByType DEFLATE application/atom+xml \\\n application/javascript \\\n application/json \\\n application/rss+xml \\\n application/vnd.ms-fontobject \\\n application/x-font-ttf \\\n application/x-web-app-manifest+json \\\n application/xhtml+xml \\\n application/xml \\\n font/opentype \\\n image/svg+xml \\\n image/x-icon \\\n text/css \\\n text/html \\\n text/plain \\\n text/x-component \\\n text/xml\n \n\n\n```\n\n[Source](https://github.com/h5bp/server-configs-apache)\n\n\n### Ajouter l'en-tête \"Expires\"\n\nL'en-tête *Expires* indique au navigateur s'il doit effectuer une requête au\nserveur pour récupérer un fichier spécifique ou bien se contenter du cache. On\npeut conseiller pour les contenus statiques un en-tête d'expiration loin dans le\nfutur.\n\nSi vous n'utilisez pas la méthode du nom de fichier modifié par un système de\ncontrôle de version, vous devriez diminuer le temps de cache des ressources\ntelles que les fichiers CSS ou JS vers quelque chose proche de la semaine.\n\n``` apacheconf\n\n ExpiresActive on\n ExpiresDefault \"access plus 1 month\"\n\n # CSS\n ExpiresByType text/css \"access plus 1 year\"\n\n # Data interchange\n ExpiresByType application/json \"access plus 0 seconds\"\n ExpiresByType application/xml \"access plus 0 seconds\"\n ExpiresByType text/xml \"access plus 0 seconds\"\n\n # Favicon (cannot be renamed!)\n ExpiresByType image/x-icon \"access plus 1 week\"\n\n # HTML components (HTCs)\n ExpiresByType text/x-component \"access plus 1 month\"\n\n # HTML\n ExpiresByType text/html \"access plus 0 seconds\"\n\n # JavaScript\n ExpiresByType application/javascript \"access plus 1 year\"\n\n # Manifest files\n ExpiresByType application/x-web-app-manifest+json \"access plus 0 seconds\"\n ExpiresByType text/cache-manifest \"access plus 0 seconds\"\n\n # Media\n ExpiresByType audio/ogg \"access plus 1 month\"\n ExpiresByType image/gif \"access plus 1 month\"\n ExpiresByType image/jpeg \"access plus 1 month\"\n ExpiresByType image/png \"access plus 1 month\"\n ExpiresByType video/mp4 \"access plus 1 month\"\n ExpiresByType video/ogg \"access plus 1 month\"\n ExpiresByType video/webm \"access plus 1 month\"\n\n # Web feeds\n ExpiresByType application/atom+xml \"access plus 1 hour\"\n ExpiresByType application/rss+xml \"access plus 1 hour\"\n\n # Web fonts\n ExpiresByType application/font-woff2 \"access plus 1 month\"\n ExpiresByType application/font-woff \"access plus 1 month\"\n ExpiresByType application/vnd.ms-fontobject \"access plus 1 month\"\n ExpiresByType application/x-font-ttf \"access plus 1 month\"\n ExpiresByType font/opentype \"access plus 1 month\"\n ExpiresByType image/svg+xml \"access plus 1 month\"\n\n```\n\n[Source](https://github.com/h5bp/server-configs-apache)\n\n\n### Désactiver eTags\n\nEn retirant l'en-tête \"eTag\", vous empêchez le cache et les navigateurs de\npouvoir valider les fichiers, ils sont donc forcés de se baser sur le\nCache-Control (contrôle de cache) et les Expires header (en-tête d'expiration).\n\n[Source](http://www.askapache.com/htaccess/apache-speed-etags.html)\n\n``` apacheconf\n\n Header unset ETag\n\nFileETag None\n```\n\n\n## Divers\n\n### Définir des variables PHP\n\n``` apacheconf\nphp_value \n\n# Par exemple :\nphp_value upload_max_filesize 50M\nphp_value max_execution_time 240\n```\n\n\n### Pages d'erreur personnalisées\n\n``` apacheconf\nErrorDocument 500 \"Houston, on a un problème.\"\nErrorDocument 401 http://error.votredomaine.com/mordor.html\nErrorDocument 404 /errors/halflife3.html\n```\n\n\n### Forcer le téléchargement\n\nParfois, vous souhaitez forcer le navigateur à télécharger certaines ressources\nau lieu de les afficher. Le snippet suivant vous sera utile :\n\n``` apacheconf\n\n ForceType application/octet-stream\n Header set Content-Disposition attachment\n\n```\n\nSi vous souhaitez l'action inverse :\n\n\n### Empêcher le téléchargement\n\nParfois, vous souhaitez forcer le navigateur à afficher certains contenus au\nlieu de les télécharger. Le snippet suivant devrait vous aider :\n\n``` apacheconf\n\n Header set Content-Type text/plain\n\n```\n\n### Autoriser les polices Cross-Domain\n\nLes polices desservies par un serveur CDN peuvent ne pas fonctionner sur Firefox\nou IE à cause de\n[CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing). Le snippet\nsuivant de [alrra](https://github.com/h5bp/server-configs-apache/issues/32)\ndevrait corriger cela :\n\n``` apacheconf\n\n \n Header set Access-Control-Allow-Origin \"*\"\n \n\n```\n\n### Encodage UTF-8 automatique\n\nVotre contenu textuel devrait toujours être encodé en UTF-8, non ?\n\n``` apacheconf\n# Utiliser l'encodage UTF-8 pour tout ce qui est servi en text/plain ou text/html\nAddDefaultCharset utf-8\n\n# Forcer l'UTF-8 pour certains formats de fichier\nAddCharset utf-8 .atom .css .js .json .rss .vtt .xml\n```\n\n[Source](https://github.com/h5bp/server-configs-apache)\n\n\n### Basculer vers une autre version de PHP\n\nSi vous êtes sur un serveur mutualisé, il y a des chances pour qu'il y ait plus\nd'une version de PHP installée, et parfois, vous avez besoin d'une version\nspécifique pour votre site web.\n\nPar exemple [Laravel](https://github.com/laravel/laravel) nécessite PHP >= 5.4.\nLe snippet suivant devrait passer d'une version à l'autre de PHP pour vous :\n\n``` apacheconf\nAddHandler application/x-httpd-php55 .php\n\n# Autrement, vous pouvez utiliser AddType\nAddType application/x-httpd-php55 .php\n```\n\n\n### Désactiver le mode de compatibilité pour Internet Explorer\n\nLe mode de compatibilité dans IE peut affecter l'affichage de certains sites\nweb. L'extrait suivant devrait forcer IE à utiliser le moteur d'interprétation\nEdge et ainsi désactiver le mode de compatibilité.\n\n``` apacheconf\n\n BrowserMatch MSIE is-msie\n Header set X-UA-Compatible IE=edge env=is-msie\n\n```\n\n\n### Servir des images WebP\n\nSi [WebP images](https://developers.google.com/speed/webp/?csw=1) est supporté\net que l'image avec l'extension `.webp` a le même nom qu'une image jpg/png alors\nl'image Webp sera servie à la place.\n\n``` apacheconf\nRewriteEngine On\nRewriteCond %{HTTP_ACCEPT} image/webp\nRewriteCond %{DOCUMENT_ROOT}/$1.webp -f\nRewriteRule (.+)\\.(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]\n```\n\n[Source](https://github.com/vincentorback/WebP-images-with-htaccess)\n" }, { "path": "Translations/German/README.md", "content": "# .htaccess-Ausschnitte\nEine Sammlung nützlicher .htaccess-Ausschnitte, alle an einem Ort.\n\n**Haftungsausschluss**: Während das Einfügen der Ausschnitte in eine `.htaccess`-Datei sehr zeitsparend ist, gibt es Fälle, in denen bestimme Veränderungen nötig sein könnten. Die Benutzung der Ausschnitte erfolgt auf eigene Gefahr.\n\n**WICHTIG**: Apache 2.4 führt einige Änderungen ein, welche die Konfiguration zerstören könnten, hauptsächlich im Bereich der Zugangskontrolle. Für mehr Informationen sehen Sie sich das [\"Upgrading\"-Dokument](https://httpd.apache.org/docs/2.4/upgrading.html) und [dieses Ticket](https://github.com/phanan/htaccess/issues/2) an.\n\n## Danksagungen\nWir sammeln hier hauptsächlich nützliche Ausschnitte aus dem Internet (beispielsweise aus [Apache Server Configs](https://github.com/h5bp/server-configs-apache)) an einem Ort. Obwohl wir versuchen, alle Autoren zu erwähnen, ist es möglich, dass einige vergessen wurden. Sollten Sie glauben, dass etwas hiervon Ihre Arbeit ist und Sie erwähnt werden sollten, lassen Sie uns dies wissen oder erstellen Sie einfach eine Pull-Anfrage.\n\n## Inhalt\n- [Umschreibung und Weiterleitung](#umschreibung-und-weiterleitung)\n - [www erzwingen](#www-erzwingen)\n - [www allgemein erzwingen](#www-allgemein-erzwingen)\n - [nicht-www erzwingen](#nicht-www-erzwingen)\n - [nicht-www allgemein erzwingen](#nicht-www-allgemein-erzwingen)\n - [HTTPS erzwingen](#https-erzwingen)\n - [HTTPS hinter einem Proxy erzwingen](#https-hinter-einem-proxy-erzwingen)\n - [Abschließende Querstriche erzwingen](#abschlie%C3%9Fende-querstriche-erzwingen)\n - [Abschließende Querstriche entfernen](#abschlie%C3%9Fende-querstriche-entfernen)\n - [Eine einzelne Seite weiterleiten](#eine-einzelne-seite-weiterleiten)\n - [Alias für ein einzelnes Verzeichnis hinzufügen](#alias-f%C3%BCr-ein-einzelnes-verzeichnis-hinzuf%C3%BCgen)\n - [Verzeichnisalias für ein Skript hinzufügen](#verzeichnisalias-f%C3%BCr-ein-skript-hinzuf%C3%BCgen)\n - [Eine komplette Seite weiterleiten](#eine-komplette-seite-weiterleiten)\n - [Alias für \"saubere\" URLs hinzufügen](#alias-f%C3%BCr-saubere-urls-hinzuf%C3%BCgen)\n- [Sicherheit](#sicherheit)\n - [Kompletten Zugriff verbieten](#kompletten-zugriff-verbieten)\n - [Kompletten Zugriff außer Ihren verbieten](#kompletten-zugriff-au%C3%9Fer-ihren-verbieten)\n - [Zugriff erlauben, außer von Spammern](#zugriff-erlauben-au%C3%9Fer-von-spammern)\n - [Zugriff zu versteckten Dateien und Verzeichnissen verbieten](#zugriff-zu-versteckten-dateien-und-verzeichnissen-verbieten)\n - [Zugriff zu Backup- und Quelldateien verbieten](#zugriff-zu-backup--und-quelldateien-verbieten)\n - [Verzeichnis-Auflistung abschalten](#verzeichnis-auflistung-abschalten)\n - [Bild-Hotlinking abschalten](#bild-hotlinking-abschalten)\n - [Bild-Hotlinking für spezielle Domains abschalten](#bild-hotlinking-f%C3%BCr-spezielle-domains-abschalten)\n - [Ein Verzeichnis mit Passwort schützen](#ein-verzeichnis-mit-passwort-sch%C3%BCtzen)\n - [Eine oder mehrere Dateien mit Passwort schützen](#eine-oder-mehrere-dateien-mit-passwort-sch%C3%BCtzen)\n - [Besucher nach Referrer blockieren](#besucher-nach-referrer-blockieren)\n - [Verbieten, die Seite in Frames zu verwenden](#verbieten-die-seite-in-frames-zu-verwenden)\n- [Leistung](#leistung)\n - [Textdateien komprimieren](#textdateien-komprimieren)\n - [Ablaufdatum im Header setzen](#ablaufdatum-im-header-setzen)\n - [eTags abschalten](#etags-abschalten)\n- [Verschiedenes](#verschiedenes)\n - [PHP Variablen setzen](#php-variablen-setzen)\n - [Eigene Fehlerseiten](#eigene-fehlerseiten)\n - [Download erzwingen](#download-erzwingen)\n - [Download verhindern](#download-verhindern)\n - [Domainübergreifende Schriftarten erlauben](#domain%C3%BCbergreifende-schriftarten-erlauben)\n - [Automatische UTF-8-Kodierung](#automatische-utf-8-kodierung)\n - [Zu einer anderen PHP-Version wechseln](#zu-einer-anderen-php-version-wechseln)\n - [Kompatibilitätsansicht des Internet Explorer deaktivieren](#kompatibilit%C3%A4tsansicht-des-internet-explorer-deaktivieren)\n - [WebP-Bilder bereitstellen](#webp-bilder-bereitstellen)\n\n## Umschreibung und Weiterleitung\nAnmerkung: Es wird vorausgesetzt, dass Sie `mod_rewrite` installiert und aktiviert haben.\n\n### www erzwingen\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^example\\.com [NC]\nRewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]\n```\n\n### www allgemein erzwingen\n``` apacheconf\nRewriteCond %{HTTP_HOST} !^$\nRewriteCond %{HTTP_HOST} !^www\\. [NC]\nRewriteCond %{HTTPS}s ^on(s)|\nRewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]\n```\nDies funktioniert für _jede_ Domain. [Quelle](https://stackoverflow.com/questions/4916222/htaccess-how-to-force-www-in-a-generic-way)\n\n### nicht-www erzwingen\nEs [wird](http://no-www.org/) [noch](http://www.sitepoint.com/domain-www-or-no-www/) [immer](https://devcenter.heroku.com/articles/apex-domains) [diskutiert](http://yes-www.org/), ob www oder nicht-www besser ist, wenn Sie also ein Fan von knappen Domains sind:\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.example\\.com [NC]\nRewriteRule ^(.*)$ http://example.com/$1 [L,R=301]\n```\n\n### nicht-www allgemein erzwingen\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.\nRewriteCond %{HTTPS}s ^on(s)|off\nRewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\\.)?(.+)$\nRewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]\n```\n\n### HTTPS erzwingen\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTPS} !on\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n\n# Bemerkung: Es wird außerdem empfohlen, HTTP Strict Transport Security (HSTS)\n# auf Ihrer HTTPS-Webseite zu aktivieren, um Man-in-the-Middle-Attacken zu vermeiden.\n# Siehe https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security\n\n Header always set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"\n\n```\n\n### HTTPS hinter einem Proxy erzwingen\nNützlich, wenn Sie einen Proxy vor Ihrem Server haben, der TLS-Termination ausführt.\n``` apacheconf\nRewriteCond %{HTTP:X-Forwarded-Proto} !https\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n```\n\n### Abschließende Querstriche erzwingen\n``` apacheconf\nRewriteCond %{REQUEST_URI} /+[^\\.]+$\nRewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]\n```\n\n### Abschließende Querstriche entfernen\n``` apacheconf\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)/$ /$1 [R=301,L]\n```\n### Eine einzelne Seite weiterleiten\n``` apacheconf\nRedirect 301 /oldpage.html http://www.example.com/newpage.html\nRedirect 301 /oldpage2.html http://www.example.com/folder/\n```\n[Quelle](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Alias für ein einzelnes Verzeichnis hinzufügen\n``` apacheconf\nRewriteEngine On\nRewriteRule ^source-directory/(.*) target-directory/$1\n```\n\n### Verzeichnisalias für ein Skript hinzufügen\n``` apacheconf\nFallbackResource /index.fcgi\n```\nIn diesem Beispiel ist eine `index.fcgi`-Datei in einem Verzeichnis vorhanden und alle Anfragen in dieses Verzeichnis, die keinem vorhandenen Datei- oder Verzeichnisnamen zugewiesen werden können, werden stattdessen an das `index.fcgi`-Skript gesendet. Dies ist nützlich, wenn Sie möchten, dass `baz.foo/index.fcgi` (was auch Anfragen an `baz.foo` bearbeitet) von `baz.foo/some/cool/path` aufgerufen wird, während `baz.foo/css/style.css` und ähnliche Dateien weiterhin funktionieren. Sie können über die Umgebungsvariable `PATH_INFO`, die von Ihrer Skriptingumgebung zur Verfügung gestellt wird, auf den ursprünglichen Pfad zugreifen.\n\n``` apacheconf\nRewriteEngine On\nRewriteRule ^$ index.fcgi/ [QSA,L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]\n```\nDies ist eine weniger effiziente Variante der FallbackResource-Direktive (da die Verwendung von `mod_rewrite` komplexer ist, als einfach nur die `FallbackResource`-Direktive zu nutzen), allerdings ist sie auch flexibler.\n\n### Eine komplette Seite weiterleiten\n``` apacheconf\nRedirect 301 / http://newsite.com/\n```\nAuf diese Art bleiben die Links intakt. `www.oldsite.com/some/crazy/link.html` wird zu `www.newsite.com/some/crazy/link.html`. Dies ist sehr hilfreich, wenn Sie eine Seite nur zu einer neuen Domain \"umziehen\". [Quelle](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Alias für \"saubere\" URLs hinzufügen\nDieser Ausschnitt erlaubt Ihnen, \"saubere URLs\", also URLs ohne Dateinamenserweiterung, beispielsweise `example.com/users` anstelle von `example.com/users.php` zu verwenden.\n``` apacheconf\nRewriteEngine On\nRewriteCond %{SCRIPT_FILENAME} !-d\nRewriteRule ^([^.]+)$ $1.php [NC,L]\n```\n[Quelle](http://www.abeautifulsite.net/access-pages-without-the-php-extension-using-htaccess/)\n\n## Sicherheit\n### Kompletten Zugriff verbieten\n``` apacheconf\n## Apache 2.2\nDeny from all\n\n## Apache 2.4\n# Require all denied\n```\n\nAchtung, dadurch werden alle Benutzer, auch Sie selbst, von der Webseite ausgesperrt.\n\n### Kompletten Zugriff außer Ihren verbieten\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from all\nAllow from xxx.xxx.xxx.xxx\n\n## Apache 2.4\n# Require all denied\n# Require ip xxx.xxx.xxx.xxx\n```\n`xxx.xxx.xxx.xxx` ist Ihre IP-Adresse. Wenn Sie die letzten drei Ziffern beispielsweise mit 0/12 ersetzen, geben Sie einen Bereich von IP-Adressen im selben Netzwerk an. Dadurch müssen Sie nicht alle erlaubten IP-Adressen aus einem Netzwerk separat auflisten. [Quelle](http://speckyboy.com/2013/01/08/useful-htaccess-snippets-and-hacks/)\n\nNatürlich gibt es auch eine umgekehrte Version:\n\n### Zugriff erlauben, außer von Spammern\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from xxx.xxx.xxx.xxx\nDeny from xxx.xxx.xxx.xxy\n\n## Apache 2.4\n# Require all granted\n# Require not ip xxx.xxx.xxx.xxx\n# Require not ip xxx.xxx.xxx.xxy\n```\n\n### Zugriff zu versteckten Dateien und Verzeichnissen verbieten\nVersteckte Dateien und Verzeichnisse (die, deren Name mit einem Punkt `.` startet) sollen meistens, wenn nicht immer, abgesichert werden. Zum Beispiel: `.htaccess`, `.htpasswd`, `.git`, `.hg`...\n``` apacheconf\nRewriteCond %{SCRIPT_FILENAME} -d [OR]\nRewriteCond %{SCRIPT_FILENAME} -f\nRewriteRule \"(^|/)\\.\" - [F]\n```\n\nAlternativ können Sie auch einen `Not Found`-Fehler ausgeben, damit der Angreifer keinen Hinweis auf die Existenz der Dateien erhält:\n``` apacheconf\nRedirectMatch 404 /\\..*$\n```\n\n### Zugriff zu Backup- und Quelldateien verbieten\nDiese Dateien können von manchen Editoren (wie Vi/Vim) zurückgelassen werden, und stellen ein großes Sicherheitsrisiko dar, wenn diese der Öffentlichkeit preisgegeben werden.\n``` apacheconf\n\n ## Apache 2.2\n Order allow,deny\n Deny from all\n Satisfy All\n\n ## Apache 2.4\n # Require all denied\n\n```\n[Quelle](https://github.com/h5bp/server-configs-apache)\n\n### Verzeichnis-Auflistung abschalten\n``` apacheconf\nOptions All -Indexes\n```\n\n### Bild-Hotlinking abschalten\n``` apacheconf\nRewriteEngine on\n# Entfernen Sie die folgende Zeile, wenn Sie auch Anfragen mit leerem Referrer blockieren möchten\nRewriteCond %{HTTP_REFERER} !^$\n\nRewriteCond %{HTTP_REFERER} !^http(s)?://(.+\\.)?example.com [NC]\nRewriteRule \\.(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]\n\n# Wenn Sie einen \"Blockiert\"-Banner anstatt des gehotlinkten Bildes\n# anzeigen möchten, ersetzen Sie die obere Regel mit:\n# RewriteRule \\.(jpg|jpeg|png|gif|bmp) http://example.com/blocked.png [R,L]\n```\n\n### Bild-Hotlinking für spezielle Domains abschalten\nManchmal möchte man Bild-Hotlinking nur für manche Seiten deaktivieren.\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_REFERER} ^http(s)?://(.+\\.)?badsite\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} ^http(s)?://(.+\\.)?badsite2\\.com [NC,OR]\nRewriteRule \\.(jpg|jpeg|png|gif)$ - [NC,F,L]\n\n# Wenn Sie einen \"Blockiert\"-Banner anstatt des gehotlinkten Bildes\n# anzeigen möchten, ersetzen Sie die obere Regel mit:\n# RewriteRule \\.(jpg|jpeg|png|gif|bmp) http://example.com/blocked.png [R,L]\n```\n\n### Ein Verzeichnis mit Passwort schützen\nZuerst müssen Sie irgendwo eine `.htpasswd`-Datei erstellen:\n``` bash\nhtpasswd -c /home/fellowship/.htpasswd boromir\n```\n\nDann können Sie diese zur Authentifizierung benutzen:\n``` apacheconf\nAuthType Basic\nAuthName \"One does not simply\"\nAuthUserFile /home/fellowship/.htpasswd\nRequire valid-user\n```\n\n### Eine oder mehrere Dateien mit Passwort schützen\n``` apacheconf\nAuthName \"One still does not simply\"\nAuthType Basic\nAuthUserFile /home/fellowship/.htpasswd\n\n\nRequire valid-user\n\n\n\nRequire valid-user\n\n```\n\n### Besucher nach Referrer blockieren\nVerbietet den Zugriff für alle Benutzer, die von einer bestimmten Domain weitergeleitet wurden.\n[Quelle](http://www.htaccess-guide.com/deny-visitors-by-referrer/)\n``` apacheconf\nRewriteEngine on\n# Options +FollowSymlinks\nRewriteCond %{HTTP_REFERER} somedomain\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} anotherdomain\\.com\nRewriteRule .* - [F]\n```\n\n### Verbieten, die Seite in Frames zu verwenden\nDies schützt die Webseite davor, in einem Frame (z.B. einem iframe) dargestellt zu werden, wobei eine bestimmte URI immer noch in einen Frame eingebettet werden darf.\n``` apacheconf\nSetEnvIf Request_URI \"/starry-night\" allow_framing=true\nHeader set X-Frame-Options SAMEORIGIN env=!allow_framing\n```\n\n## Leistung\n### Textdateien komprimieren\n``` apacheconf\n\n\n # Kompression für verstümmelte Header erzwingen.\n # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html\n \n \n SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\\s*,?\\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding\n RequestHeader append Accept-Encoding \"gzip,deflate\" env=HAVE_Accept-Encoding\n \n \n\n # Alles mit den folgenden MIME-Typen komprimieren:\n # (für Apache-Versionen unter 2.3.7, müssen Sie `mod_filter` nicht aktivieren\n # und können die Zeilen `` und `` entfernen\n # da `AddOutputFilterByType` noch immer in den Hauptdirektiven ist).\n \n AddOutputFilterByType DEFLATE application/atom+xml \\\n application/javascript \\\n application/json \\\n application/rss+xml \\\n application/vnd.ms-fontobject \\\n application/x-font-ttf \\\n application/x-web-app-manifest+json \\\n application/xhtml+xml \\\n application/xml \\\n font/opentype \\\n image/svg+xml \\\n image/x-icon \\\n text/css \\\n text/html \\\n text/plain \\\n text/x-component \\\n text/xml\n \n\n\n```\n[Quelle](https://github.com/h5bp/server-configs-apache)\n\n\n### Ablaufdatum im Header setzen\n_Expire headers_ (Ablauf-Header) teilen dem Browser mit, ob er eine bestimmte Datei vom Server oder aus dem Cache laden soll. Es ist ratsam, das Ablaufdatum von statischen Inhalten weit in die Zukunft zu legen.\nWenn Sie die Versionierung nicht durch Dateinamen kontrollieren, ziehen Sie in Betracht, die Cachezeit für Ressourcen wie CSS und JS auf ca. eine Woche zu verringern. [Quelle](https://github.com/h5bp/server-configs-apache)\n``` apacheconf\n\n ExpiresActive on\n ExpiresDefault \"access plus 1 month\"\n\n # CSS\n ExpiresByType text/css \"access plus 1 year\"\n\n # Datenaustausch\n ExpiresByType application/json \"access plus 0 seconds\"\n ExpiresByType application/xml \"access plus 0 seconds\"\n ExpiresByType text/xml \"access plus 0 seconds\"\n\n # Favicon (kann nicht umbenannt werden!)\n ExpiresByType image/x-icon \"access plus 1 week\"\n\n # HTML-Komponenten (HTCs)\n ExpiresByType text/x-component \"access plus 1 month\"\n\n # HTML\n ExpiresByType text/html \"access plus 0 seconds\"\n\n # JavaScript\n ExpiresByType application/javascript \"access plus 1 year\"\n\n # Manifestdateien\n ExpiresByType application/x-web-app-manifest+json \"access plus 0 seconds\"\n ExpiresByType text/cache-manifest \"access plus 0 seconds\"\n\n # Medien\n ExpiresByType audio/ogg \"access plus 1 month\"\n ExpiresByType image/gif \"access plus 1 month\"\n ExpiresByType image/jpeg \"access plus 1 month\"\n ExpiresByType image/png \"access plus 1 month\"\n ExpiresByType video/mp4 \"access plus 1 month\"\n ExpiresByType video/ogg \"access plus 1 month\"\n ExpiresByType video/webm \"access plus 1 month\"\n\n # Web-Feeds\n ExpiresByType application/atom+xml \"access plus 1 hour\"\n ExpiresByType application/rss+xml \"access plus 1 hour\"\n\n # Web-Schriftarten\n ExpiresByType application/font-woff2 \"access plus 1 month\"\n ExpiresByType application/font-woff \"access plus 1 month\"\n ExpiresByType application/vnd.ms-fontobject \"access plus 1 month\"\n ExpiresByType application/x-font-ttf \"access plus 1 month\"\n ExpiresByType font/opentype \"access plus 1 month\"\n ExpiresByType image/svg+xml \"access plus 1 month\"\n\n```\n\n### eTags abschalten\nDurch das Entfernen des `ETag`-Headers können Sie Caches und Browser davon abhalten, die Dateien zu validieren, sodass sie von Ihren `Cache-Control` und `Expires`-Headern abhängig sind. [Quelle](http://www.askapache.com/htaccess/apache-speed-etags.html)\n``` apacheconf\n\n Header unset ETag\n\nFileETag None\n```\n\n## Verschiedenes\n\n### PHP-Variablen setzen\n``` apacheconf\nphp_value \n\n# Zum Beispiel:\nphp_value upload_max_filesize 50M\nphp_value max_execution_time 240\n```\n\n### Eigene Fehlerseiten\n``` apacheconf\nErrorDocument 500 \"Houston, wir haben ein Problem.\"\nErrorDocument 401 http://error.example.com/mordor.html\nErrorDocument 404 /errors/halflife3.html\n```\n\n### Download erzwingen\nManchmal möchten Sie den Browser dazu zwingen, Inhalte herunterzuladen, anstatt sie nur anzuzeigen.\n``` apacheconf\n\n ForceType application/octet-stream\n Header set Content-Disposition attachment\n\n```\n\nEs gibt auch ein Yang zu diesem Yin:\n\n### Download verhindern\nManchmal möchten Sie den Browser dazu zwingen, Inhalte nur anzuzeigen, anstatt sie herunterzuladen.\n``` apacheconf\n\n Header set Content-Type text/plain\n\n```\n\n### Domainübergreifende Schriftarten erlauben\nWeb-Schriftarten von CDNs funktionieren möglicherweise nicht in Firefox oder IE (siehe [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing)). Dieser Ausschnitt löst dieses Problem.\n``` apacheconf\n\n \n Header set Access-Control-Allow-Origin \"*\"\n \n\n```\n[Quelle](https://github.com/h5bp/server-configs-apache/issues/32)\n\n### Automatische UTF-8-Kodierung\nHäufig ist es wünschenswert, dass Text immer als UTF-8 kodiert wird.\n``` apacheconf\n# UTF-8-Kodierung für alles verwenden, was als text/plain oder text/html angeboten wird\nAddDefaultCharset utf-8\n\n# UTF-8-Kodierung für bestimmte Dateitypen erzwingen\nAddCharset utf-8 .atom .css .js .json .rss .vtt .xml\n```\n[Quelle](https://github.com/h5bp/server-configs-apache)\n\n### Zu einer anderen PHP-Version wechseln\nAuf einem von mehreren Personen genutzten Server ist häufig mehr als eine PHP-Version installiert, Sie möchten aber möglicherweise eine bestimmte Version für Ihre Webseite nutzen. Beispielsweise benötigt [Laravel](https://github.com/laravel/laravel) PHP >= 5.4. Der folgende Ausschnitt sollte die PHP-Version für Sie wechseln.\n\n``` apacheconf\nAddHandler application/x-httpd-php55 .php\n\n# Alternativ können Sie AddType benutzen\nAddType application/x-httpd-php55 .php\n```\n\n### Kompatibilitätsansicht des Internet Explorer deaktivieren\nDie Kompatibilitätsansicht des IE kann sich darauf auswirken, wie manche Webseiten dargestellt werden. Der folgende Ausschnitt sollte IE dazu zwingen, die Edge Rendering Engine zu benutzen und die Kompatibilitätsansicht zu deaktivieren.\n\n``` apacheconf\n\n BrowserMatch MSIE is-msie\n Header set X-UA-Compatible IE=edge env=is-msie\n\n```\n\n### WebP-Bilder bereitstellen\nWenn [WebP-Bilder](https://developers.google.com/speed/webp/?csw=1) unterstützt werden und ein Bild mit der Dateinamenserweiterung `.webp` mit demselben Namen und am selben Ort wie ein jpg/png-Bild, gefunden wird, dann wird das WebP-Bild anstelle des jpg/png-Bildes angezeigt.\n\n``` apacheconf\nRewriteEngine On\nRewriteCond %{HTTP_ACCEPT} image/webp\nRewriteCond %{DOCUMENT_ROOT}/$1.webp -f\nRewriteRule (.+)\\.(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]\n```\n[Quelle](https://github.com/vincentorback/WebP-images-with-htaccess)\n" }, { "path": "Translations/Italian/README.md", "content": "# .htaccess Snippets [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\nUna collezione di esempi utili di .htaccess.\n\n**Disclaimer**: Anche se nella maggior parte dei casi basta copiare l'`.htaccess` d'esempio ci sono casi in cui sia necessario fare delle modifiche. L'utilizzo è a vostro totale rischio.\n\n**IMPORTANTE**: Apache 2.4 introduce alcuni cambiamenti, in particolare la configurazione del controllo degli accessi. Per maggiori informazioni potete consultare il [documento sull'aggiornamento](https://httpd.apache.org/docs/2.4/upgrading.html) oltre a [questa problematica](https://github.com/phanan/htaccess/issues/2).\n\n## Riconoscimenti\nCiò che stiamo facendo è mettere insieme esempi utili da tutto il web (ad esempio, una buona parte viene da [Apache Server Configs](https://github.com/h5bp/server-configs-apache)) in un solo posto. Anche se abbiamo cercato di dare riconoscimento, dove previsto, potrebbe mancare qualche riferimento. Se credete che sia presente del vostro lavoro e volete che venga riconosciuto fatecelo sapere e inviateci un PR.\n\n## Sommario\n- [Rewrite e Redirection](#rewrite-and-redirection)\n - [Forza www](#force-www)\n - [Forza www in maniera generica](#force-www-in-a-generic-way)\n - [Forza non-www](#force-non-www)\n - [Forza non-www in maniera generica](#force-non-www-in-a-generic-way)\n - [Forza HTTPS](#force-https)\n - [Forza HTTPS se dietro Proxy](#force-https-behind-a-proxy)\n - [Forza lo Slash finale](#force-trailing-slash)\n - [Rimuovi lo Slash finale](#remove-trailing-slash)\n - [Rimuovi lo Slash finale da percorsi arbitrari](#remove-trailing-slash-from-arbitrary-paths)\n - [Redireziona una singola pagina](#redirect-a-single-page)\n - [Alias a singole Cartelle](#alias-a-single-directory)\n - [Percorsi Alias a Script](#alias-paths-to-script)\n - [Redireziona un Intero Sito](#redirect-an-entire-site)\n - [Alias per URL \"Pulite\"](#alias-clean-urls)\n- [Sicurezza](#security)\n - [Nega tutti gli accessi](#deny-all-access)\n - [Nega l'accesso a tutti tranne per te stesso](#deny-all-access-except-yours)\n - [Permetti a tutti l'accesso tranne agli Spammer](#allow-all-access-except-spammers)\n - [Nega l'accesso a Cartelle e File Nascosti](#deny-access-to-hidden-files-and-directories)\n - [Nega l'accesso a Backup e File Sorgenti](#deny-access-to-backup-and-source-files)\n - [Disabilita l'Esplorazione delle Cartelle](#disable-directory-browsing)\n - [Disabilita Hotlinking delle Immagini](#disable-image-hotlinking)\n - [Disabilita Hotlinking delle Immagini per Domini Specifici](#disable-image-hotlinking-for-specific-domains)\n - [Proteggi una Cartella con Password](#password-protect-a-directory)\n - [Proteggi uno o più file con Password](#password-protect-a-file-or-several-files)\n - [Blocca i visitatori in base al Referrer](#block-visitors-by-referrer)\n - [Previeni l'inclusione del Sito tramite frame (framing)](#prevent-framing-the-site)\n- [Prestazioni](#performance)\n - [Comprimi i File di Testo](#compress-text-files)\n - [Imposta header expires](#set-expires-headers)\n - [Disabilita gli eTags](#turn-etags-off)\n- [Miscellanea](#miscellaneous)\n - [Imposta variabili PHP](#set-php-variables)\n - [Pagine di Errore Personalizzate](#custom-error-pages)\n - [Forza il Download](#force-downloading)\n - [Previeni il Download](#prevent-downloading)\n - [Permetti i Web Font da domini differenti](#allow-cross-domain-fonts)\n - [Codifica automaticamente in UTF-8](#auto-utf-8-encode)\n - [Passa a una versione diversa di PHP](#switch-to-another-php-version)\n - [Disabilita Visualizzazione Compatibilità di Internet Explorer](#disable-internet-explorer-compatibility-view)\n - [Rendere disponibili immagini in formato WebP](#serve-webp-images)\n\n## Rewrite e Redirection\nNota: Si presume che `mod_rewrite` sia installato e abilitato.\n\n### Forza www\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^esempio\\.com [NC]\nRewriteRule ^(.*)$ http://www.esempio.com/$1 [L,R=301,NC]\n```\n\n### Forza www in maniera generica\n``` apacheconf\nRewriteCond %{HTTP_HOST} !^$\nRewriteCond %{HTTP_HOST} !^www\\. [NC]\nRewriteCond %{HTTPS}s ^on(s)|\nRewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]\n```\nFunziona per _qualsiasi_ dominio. [Sorgente](https://stackoverflow.com/questions/4916222/htaccess-how-to-force-www-in-a-generic-way)\n\n### Forza non-www\nE' [ancora](http://www.sitepoint.com/domain-www-or-no-www/) [aperta](https://devcenter.heroku.com/articles/apex-domains) [la](http://yes-www.org/) [discussione](http://no-www.org/) sul se utilizzare o meno www. Se invece preferite domini senza www:\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.esempio\\.com [NC]\nRewriteRule ^(.*)$ http://esempio.com/$1 [L,R=301]\n```\n\n### Forza non-www in maniera generica\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.\nRewriteCond %{HTTPS}s ^on(s)|off\nRewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\\.)?(.+)$\nRewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]\n```\n\n### Forza HTTPS\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTPS} !on\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n\n# Nota: Si consiglia di abilitare anche HTTP Strict Transport Security (HSTS)\n# sul sito HTTPS per aiutare a prevenire attacchi man-in-the-middle.\n# Vedere https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security\n\n Header always set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"\n\n```\n\n### Forza HTTPS se dietro Proxy\nUtile se hai un proxy con TLS prima del tuo server.\n``` apacheconf\nRewriteCond %{HTTP:X-Forwarded-Proto} !https\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n```\n\n### Forza Slash Finale\n``` apacheconf\nRewriteCond %{REQUEST_URI} /+[^\\.]+$\nRewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]\n```\n\n### Rimuovi Slash Finale\n``` apacheconf\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)/$ /$1 [R=301,L]\n```\n\n### Rimuovi Slash Finale da percorsi arbitrari\nQuesto esempio redirezionerà i percorsi che finiscono con gli slash ai rispettivi percorsi senza slash (eccetto le attuali cartelle), es. `http://www.esempio.com/blog/` in `http://www.esempio.com/blog`. E' importante per il SEO in quanto [raccomandato](http://overit.com/blog/canonical-urls) per avere un URL canonico per ogni pagina.\n``` apacheconf\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteCond %{REQUEST_URI} (.+)/$\nRewriteRule ^ %1 [L,R=301]\n```\n[Sorgente](https://stackoverflow.com/questions/21417263/htaccess-add-remove-trailing-slash-from-url#27264788)\n\n### Redireziona una singola pagina\n``` apacheconf\nRedirect 301 /vecchiapagina.html http://www.esempio.com/nuovapagina.html\nRedirect 301 /vecchiapagina2.html http://www.esempio.com/cartella/\n```\n[Sorgente](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Alias di una singola Cartella\n``` apacheconf\nRewriteEngine On\nRewriteRule ^source-directory/(.*) /target-directory/$1 [R=301,L]\n```\n\n### Percorsi Alias a Script\n``` apacheconf\nFallbackResource /index.fcgi\n```\nQuesto esempio presenta un file `index.fcgi` in alcune cartelle e ogni richiesta fallita nel risolvere un file/cartella verrà inviata allo script `index.fcgi`. Va bene se volete che `baz.foo/some/cool/path` venga gestito da `baz.foo/index.fcgi` (che supporta anche richieste verso `baz.foo`) mantenendo `baz.foo/css/style.css` e simili. Accedi al percorso originale dalla variabile d'ambiente PATH_INFO come previsto dal vostro ambiente di scripting.\n\n``` apacheconf\nRewriteEngine On\nRewriteRule ^$ index.fcgi/ [QSA,L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]\n```\nQuesta è una versione meno efficiente della direttiva FallbackResource directive (l'uso di `mod_rewrite` è più complesso del gestire la direttiva `FallbackResource`) ma è anche più flessibile.\n\n### Redireziona un intero sito\n``` apacheconf\nRedirect 301 / http://nuovosito.com/\n```\nQuesto metodo ti permette di mantenere i collegamenti intatti. Il vecchio indirizzo `www.vecchiosito.com/some/crazy/link.html` diventerà `www.nuovosito.com/some/crazy/link.html`. E' estremamente utile quando ci si \"sposta\" verso un nuovo dominio. [Sorgente](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Alias per URL \"Pulite\"\nQuesto esempio ti permette di utilizzare URL \"pulite\" -- URL senza estensione PHP. es. `esempio.com/utenti` invece di `esempio.com/utenti.php`.\n``` apacheconf\nRewriteEngine On\nRewriteCond %{SCRIPT_FILENAME} !-d\nRewriteRule ^([^.]+)$ $1.php [NC,L]\n```\n[Sorgente](http://www.abeautifulsite.net/access-pages-without-the-php-extension-using-htaccess/)\n\n## Sicurezza\n### Nega tutti gli Accessi\n``` apacheconf\n## Apache 2.2\nDeny from all\n\n## Apache 2.4\n# Require all denied\n```\n\nIn questa maniera rimarrai escluso anche tu dai tui contenuti! Per questo introduciamo...\n\n### Nega l'accesso a tutti tranne per te stesso\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from all\nAllow from xxx.xxx.xxx.xxx\n\n## Apache 2.4\n# Require all denied\n# Require ip xxx.xxx.xxx.xxx\n```\n`xxx.xxx.xxx.xxx` indica il tuo indirizzo IP. Se modifichi le ultime tre cifre con, per esempio, `0/12` verrà specificato un intervallo di IP all'interno della stessa rete, utile per non dover inserire singolarmente tutti gli ip. [Sorgente](http://speckyboy.com/2013/01/08/useful-htaccess-snippets-and-hacks/)\n\nEcco la versione al contrario:\n\n### Permetti a tutti gli accessi tranne agli Spammer\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from xxx.xxx.xxx.xxx\nDeny from xxx.xxx.xxx.xxy\n\n## Apache 2.4\n# Require all granted\n# Require not ip xxx.xxx.xxx.xxx\n# Require not ip xxx.xxx.xxx.xxy\n```\n\n### Nega l'accesso a Cartelle e File Nascosti\nLa maggior parte, se non tutti, cartelle e File nascosti (quelli con i nomi che iniziano con il punto `.`) dovrebbero essere al sicuro. Per esempio: `.htaccess`, `.htpasswd`, `.git`, `.hg`...\n``` apacheconf\nRewriteCond %{SCRIPT_FILENAME} -d [OR]\nRewriteCond %{SCRIPT_FILENAME} -f\nRewriteRule \"(^|/)\\.\" - [F]\n```\n\nIn alternativa puoi inviare il messaggio \"Not Found\" error, giving the attacker dude no clue:\n``` apacheconf\nRedirectMatch 404 /\\..*$\n```\n\n### Nega l'accesso a Backup e File Sorgenti\nQuesti file potrebbero esser stati lasciati da editor di testo o html (come Vi/Vim) e sono un possibile pericolo di sicurezza se mostrati al pubblico.\n``` apacheconf\n\n ## Apache 2.2\n Order allow,deny\n Deny from all\n Satisfy All\n\n ## Apache 2.4\n # Require all denied\n\n```\n[Sorgente](https://github.com/h5bp/server-configs-apache)\n\n### Disabilita Esplorazione Cartella\n``` apacheconf\nOptions All -Indexes\n```\n\n### Disabilita Hotlinking delle Immagini\n``` apacheconf\nRewriteEngine on\n# Rimuovere la riga che segue se vuoi bloccare anche i referrer vuoti\nRewriteCond %{HTTP_REFERER} !^$\n\nRewriteCond %{HTTP_REFERER} !^https?://(.+\\.)?esempio.com [NC]\nRewriteRule \\.(jpe?g|png|gif|bmp)$ - [NC,F,L]\n\n# Se vuoi mostrare un banner di \"blocco\" al posto dell'immagine collegata (hotlinked),\n# sostituisci la regola precedente con:\n# RewriteRule \\.(jpe?g|png|gif|bmp) http://esempio.com/blocked.png [R,L]\n```\n\n### Disabilita Hotlinking delle Immagini per Domini Specifici\nA volte vuoi disabilitare il collegamento ad immagini del tuo sito (hotlinking) solo da alcuni cattivoni.\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_REFERER} ^https?://(.+\\.)?badsite\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} ^https?://(.+\\.)?badsite2\\.com [NC,OR]\nRewriteRule \\.(jpe?g|png|gif|bmp)$ - [NC,F,L]\n\n# Se vuoi mostrare un banner di \"blocco\" al posto dell'immagine collegata (hotlinked),\n# sostituisci la regola precedente con:\n# RewriteRule \\.(jpe?g|png|gif|bmp) http://esempio.com/blocked.png [R,L]\n```\n\n### Proteggi una Cartella con Password\nPrima è necessario creare un file `.htpasswd` da qualche parte nell sistema:\n``` bash\nhtpasswd -c /home/compagnia/.htpasswd boromir\n```\n\nE adesso potete utilizzarlo per l'autenticazione:\n``` apacheconf\nAuthType Basic\nAuthName \"Non si entra con facilità\"\nAuthUserFile /home/compagnia/.htpasswd\nRequire valid-user\n```\n\t\n### Proteggi uno o più file con Password\n``` apacheconf\nAuthName \"Ancora non si entra con facilità\"\nAuthType Basic\nAuthUserFile /home/compagnia/.htpasswd\n\n\nRequire valid-user\n\n\n\nRequire valid-user\n\n```\n\n### Blocca i visitatori in base al Referrer\nNega l'accesso a tutti gli utenti che arrivano da (con referrer da) un dominio specifico.\n[Sorgente](http://www.htaccess-guide.com/deny-visitors-by-referrer/)\n``` apacheconf\nRewriteEngine on\n# Options +FollowSymlinks\nRewriteCond %{HTTP_REFERER} undominio\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} unaltrodominio\\.com\nRewriteRule .* - [F]\n```\n\n### Previeni l'inclusione del Sito tramite frame (framing)\nPreviene la possibilità di inserimento del sito web tramite frame (es. inserito all'interno del tag `iframe`) permettendo solo un URI specifico.\n``` apacheconf\nSetEnvIf Request_URI \"/starry-night\" allow_framing=true\nHeader set X-Frame-Options SAMEORIGIN env=!allow_framing\n```\n\n## Prestazioni\n### Comprimi i File di Testo\n``` apacheconf\n\n\n # Forza la compressione per header manipolati (es. da proxy).\n # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html\n \n \n SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\\s*,?\\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding\n RequestHeader append Accept-Encoding \"gzip,deflate\" env=HAVE_Accept-Encoding\n \n \n\n # Comprimi tutto l'output segnato con uno dei seguentiMIME-type\n # (per le versioni di Apache inferiori a 2.3.7 non è necessario abilitare `mod_filter`\n # ed è possibile rimuovere `` e `` lines\n # in quanto `AddOutputFilterByType` è ancora nelle direttive principali).\n \n AddOutputFilterByType DEFLATE application/atom+xml \\\n application/javascript \\\n application/json \\\n application/rss+xml \\\n application/vnd.ms-fontobject \\\n application/x-font-ttf \\\n application/x-web-app-manifest+json \\\n application/xhtml+xml \\\n application/xml \\\n font/opentype \\\n image/svg+xml \\\n image/x-icon \\\n text/css \\\n text/html \\\n text/plain \\\n text/x-component \\\n text/xml\n \n\n\n```\n[Sorgente](https://github.com/h5bp/server-configs-apache)\n\n\n### Imposta gli Header \"Expires\"\n_Expires headers_ indicano al browser se devono richiedere il file al server o caricarli dalla cache. E' consigliabile impostare gli header expires per i contenuti statici con una data futura abbastanza ampia.\nSe non controlli la versione del file in base al nome imposta la cache per risorse come CSS e JS a qualcosa come 1 settimana . [Sorgente](https://github.com/h5bp/server-configs-apache)\n``` apacheconf\n\n ExpiresActive on\n ExpiresDefault \"access plus 1 month\"\n\n # CSS\n ExpiresByType text/css \"access plus 1 year\"\n\n # Interscambio Dati\n ExpiresByType application/json \"access plus 0 seconds\"\n ExpiresByType application/xml \"access plus 0 seconds\"\n ExpiresByType text/xml \"access plus 0 seconds\"\n\n # Favicon (non può essere rinominato!)\n ExpiresByType image/x-icon \"access plus 1 week\"\n\n # componenti HTML (HTC)\n ExpiresByType text/x-component \"access plus 1 month\"\n\n # HTML\n ExpiresByType text/html \"access plus 0 seconds\"\n\n # JavaScript\n ExpiresByType application/javascript \"access plus 1 year\"\n\n # File Manifesto\n ExpiresByType application/x-web-app-manifest+json \"access plus 0 seconds\"\n ExpiresByType text/cache-manifest \"access plus 0 seconds\"\n\n # Media\n ExpiresByType audio/ogg \"access plus 1 month\"\n ExpiresByType image/gif \"access plus 1 month\"\n ExpiresByType image/jpeg \"access plus 1 month\"\n ExpiresByType image/png \"access plus 1 month\"\n ExpiresByType video/mp4 \"access plus 1 month\"\n ExpiresByType video/ogg \"access plus 1 month\"\n ExpiresByType video/webm \"access plus 1 month\"\n\n # Feed Web\n ExpiresByType application/atom+xml \"access plus 1 hour\"\n ExpiresByType application/rss+xml \"access plus 1 hour\"\n\n # Web font\n ExpiresByType application/font-woff2 \"access plus 1 month\"\n ExpiresByType application/font-woff \"access plus 1 month\"\n ExpiresByType application/vnd.ms-fontobject \"access plus 1 month\"\n ExpiresByType application/x-font-ttf \"access plus 1 month\"\n ExpiresByType font/opentype \"access plus 1 month\"\n ExpiresByType image/svg+xml \"access plus 1 month\"\n\n```\n\n### Disabilita eTags\nRimuovendo l'intestazione `ETag` vegono disabilitate le cache del browser per poter validare i file e sono forzati a far fede alle intestazioni `Cache-Control` e `Expires`. [Sorgente](http://www.askapache.com/htaccess/apache-speed-etags.html)\n``` apacheconf\n\n Header unset ETag\n\nFileETag None\n```\n\n## Miscellanea\n\n### Set PHP Variables\n``` apacheconf\nphp_value \n\n# Peresempio:\nphp_value upload_max_filesize 50M\nphp_value max_execution_time 240\n```\n\n### Pagine Personalizzate di Errore\n``` apacheconf\nErrorDocument 500 \"Houston, abbiamo un problema.\"\nErrorDocument 401 http://errore.esempio.com/mordor.html\nErrorDocument 404 /errori/halflife3.html\n```\n\n### Forza Download\nA volte volete poter forzare il browser a scaricare una tipologia di contenuto al posto di mostrarlo.\n``` apacheconf\n\n ForceType application/octet-stream\n Header set Content-Disposition attachment\n\n```\n\nAdesso c'è lo yang a questo yin:\n\n### Previeni il Download\nA volte si vuole forzare il brower a mostrare una tipologia di contenuto al posto di farlo scaricare.\n``` apacheconf\n\n Header set Content-Type text/plain\n\n```\n\n### Permetti i Web Font da domini differenti\nI webfont messi a disposiziontra tramite CDN potrebbero non funzionare in Firefox o IE a causa dei [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing). Questo esempio risolve il problema.\n``` apacheconf\n\n \n Header set Access-Control-Allow-Origin \"*\"\n \n\n```\n[Sorgente](https://github.com/h5bp/server-configs-apache/issues/32)\n\n### Codifica automaticamente in UTF-8\nIl contenuto del tuo testo de evessere sempre codificato UTF-8 no?\n``` apacheconf\n# Utilizza la codifica UTF-8 per qualasiasi contenuto inviato come text/plain or text/html\nAddDefaultCharset utf-8\n\n# Forza UTF-8 per un numero di formati file\nAddCharset utf-8 .atom .css .js .json .rss .vtt .xml\n```\n[Sorgente](https://github.com/h5bp/server-configs-apache)\n\n### Passa a un'altra versione di PHP Version\nSe vi trovate in un hosting condiviso è possibile che sia presente più di una versione di PHP e a volte potreste aver bisogno di una versione specifica per il vostro sito web. Es. [Laravel](https://github.com/laravel/laravel) richiede PHP >= 5.4. il seguente esempio switch the PHP version for you.\n\n``` apacheconf\nAddHandler application/x-httpd-php55 .php\n\n# Alternatively, you can use AddType\nAddType application/x-httpd-php55 .php\n```\n\n### Disabilita Visualizzazione Compatibilità di Internet Explorer\nLa Visualizzazione Compatibilità in internet exporer potrebbe creare problemi nel come vengano visualizzati alcuni siti web. Il seguente esempio dovrebbe forzare IE ad utilizzare il motore di Rendering Edge e disabilitare la Visualizzazione Compatibilità.\n\n``` apacheconf\n\n BrowserMatch MSIE is-msie\n Header set X-UA-Compatible IE=edge env=is-msie\n\n```\n\n### Rendere disponibili immagini in formato WebP\nSe sono supportate le [immagini WebP](https://developers.google.com/speed/webp/?csw=1) inviate un'immagine webp in caso sia stata richiesta un'immagine jpg/png con lo stesso nome e nello stesso percorso.\n\n``` apacheconf\nRewriteEngine On\nRewriteCond %{HTTP_ACCEPT} image/webp\nRewriteCond %{DOCUMENT_ROOT}/$1.webp -f\nRewriteRule (.+)\\.(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]\n```\n[Sorgente](https://github.com/vincentorback/WebP-images-with-htaccess)\n" }, { "path": "Translations/Japanese/README.md", "content": "# .htaccess Snippets\n`.htaccess`の便利なスニペットのまとめ\n\n**免責事項**: スニペットを`.htaccess`で利用した場合、たいていは十分機能するはずですが、一定の修正が必要になることもあります。ご自身の責任で使用してください。\n\n**重要**: Apache2.4ではいくつかの破壊的変更点があり、それはアクセスコントロールの設定において顕著です。より詳しい情報を知りたい場合は次のリンクをチェックしてください。 [upgrading document](https://httpd.apache.org/docs/2.4/upgrading.html) こちらもどうぞ。 [this issue](https://github.com/phanan/htaccess/issues/2).\n\n## クレジット\nまとめている、便利なスニペットの大部分はインターネットを通じて収集されたものです。(例えば、かなりの部分は、[Apache Server Configs](https://github.com/h5bp/server-configs-apache)からのものです)。Source等などを正確にクレジットしようと努めていますが、不足してることも考えられます。もしも、ご自分の制作物などがクレジットされるべきだという方がいれば私たちに知らせてください。\n\n## 目次\n- [URL書き換え&リダイレクト](#rewrite-and-redirection)\n - [wwwありに統一](#force-www)\n - [wwwありに統一(包括的に)](#force-www-in-a-generic-way)\n - [wwwなしに統一](#force-non-www)\n - [wwwなしに統一(包括的に)](#force-non-www-in-a-generic-way)\n - [httpsに統一](#force-https)\n - [httpsに統一する(リバースプロキシー経由)](#force-https-behind-a-proxy)\n - [URL末尾をスラッシュ(/)で統一する](#force-trailing-slash)\n - [末尾のスラッシュ(/)を取り除く](#remove-trailing-slash)\n - [決められたページにリダイレクトさせる](#redirect-a-single-page)\n - [ディレクトリエイリアス設定](#alias-a-single-directory)\n - [スクリプトへのエイリアスパス](#alias-paths-to-script)\n - [とにかくリダイレクトする](#redirect-an-entire-site)\n - [クリーンURLエイリアス](#alias-clean-urls)\n- [セキュリティ](#security)\n - [全アクセス拒否](#deny-all-access)\n - [特定のIPを除いたアクセスの拒否](#deny-all-access-except-yours)\n - [特定のIPのみアクセスを拒否](#allow-all-access-except-spammers)\n - [隠しファイル、隠しディレクトリへのアクセス拒否](#deny-access-to-hidden-files-and-directories)\n - [バックアップファイルやソースファイルにアクセスするのを防ぐ](#deny-access-to-backup-and-source-files)\n - [ディレクトリ下のファイル一覧の表示禁止](#disable-directory-browsing)\n - [画像直リンクの禁止](#disable-image-hotlinking)\n - [特定のドメインからの画像直リンクの禁止](#disable-image-hotlinking-for-specific-domains)\n - [ディレクトリをパスワードで保護する](#password-protect-a-directory)\n - [一つか複数かのファイルをパスワードで保護する](#password-protect-a-file-or-several-files)\n - [特定の他所のサイトからアクセスをブロック](#block-visitors-by-referrer)\n - [フレーミングされるのを防ぐ](#prevent-framing-the-site)\n- [パフォーマンス](#performance)\n - [テキストファイルの圧縮](#compress-text-files)\n - [Expires(有効期限)ヘッダを設定する](#set-expires-headers)\n - [Etagをオフにする](#turn-etags-off)\n- [その他の項目](#miscellaneous)\n - [PHPの環境変数をセットする](#set-php-variables)\n - [カスタムのエラーページ](#custom-error-pages)\n - [強制ダウンロード](#force-downloading)\n - [ダウンロードを防ぐ](#prevent-downloading)\n - [WEBフォントに対する他のドメインからのアクセスを許可する](#allow-cross-domain-fonts)\n - [自動的にUTF8エンコードにする](#auto-utf-8-encode)\n - [別のPHPのバージョンに切り替える](#switch-to-another-php-version)\n - [インターネットエクスプローラーの互換表示をさせない](#disable-internet-explorer-compatibility-view)\n - [WebP画像の配信](#serve-webp-images)\n\n## URL書き換え&リダイレクト\n注: `mod_rewrite`がインストールされていて有効になってることを前提とします。\n\n### wwwありに統一\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^example\\.com [NC]\nRewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]\n```\n\n### wwwありに統一(包括的に)\n``` apacheconf\nRewriteCond %{HTTP_HOST} !^$\nRewriteCond %{HTTP_HOST} !^www\\. [NC]\nRewriteCond %{HTTPS}s ^on(s)|\nRewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]\n```\n上記の設定はどんなドメインでも動作します。 [Source](https://stackoverflow.com/questions/4916222/htaccess-how-to-force-www-in-a-generic-way)\n\n\n### wwwなしに統一\n参考 [still](http://www.sitepoint.com/domain-www-or-no-www/) [open](https://devcenter.heroku.com/articles/apex-domains) [for](http://yes-www.org/) [debate](http://no-www.org/) wwwのついたドメインかついてないドメインかは好きなほうにすればよいです。\n\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.example\\.com [NC]\nRewriteRule ^(.*)$ http://example.com/$1 [L,R=301]\n```\n\n### wwwなしに統一(包括的に)\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.\nRewriteCond %{HTTPS}s ^on(s)|off\nRewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\\.)?(.+)$\nRewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]\n```\n\n### httpsに統一\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTPS} !on\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n\n# Note: It's also recommended to enable HTTP Strict Transport Security (HSTS)\n# on your HTTPS website to help prevent man-in-the-middle attacks.\n# See https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security\n\n Header always set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"\n\n```\n\n### httpsに統一する(リバースプロキシー経由)\nリバースプロキシーを経由してhttpsじゃなくなってるいる場合に便利です。\n\n\n``` apacheconf\nRewriteCond %{HTTP:X-Forwarded-Proto} !https\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n```\n\n### URL末尾をスラッシュ(/)で統一する\n``` apacheconf\nRewriteCond %{REQUEST_URI} /+[^\\.]+$\nRewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]\n```\n\n### 末尾のスラッシュ(/)を取り除く\n``` apacheconf\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)/$ /$1 [R=301,L]\n```\n### 決められたページにリダイレクトさせる\n``` apacheconf\nRedirect 301 /oldpage.html http://www.example.com/newpage.html\nRedirect 301 /oldpage2.html http://www.example.com/folder/\n```\n[Source](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### ディレクトリエイリアス設定\n``` apacheconf\nRewriteEngine On\nRewriteRule ^source-directory/(.*) target-directory/$1\n```\n\n### スクリプトへのエイリアスパス\n``` apacheconf\nFallbackResource /index.fcgi\n```\n\n存在しないディレクトリまたはファイルへのリクエストがあれば、スクリプト `index.fcgi` へ転送させるような時に使います。`baz.foo/css/style.css`のような実際にファイルがある時はそちらにアクセスさせておいて、`baz.foo/some/cool/path`のようなクールなURL表現で、`baz.foo/index.fcgi` (`baz.foo`へのリクエストでも同じく扱える)へリクエストを転送させるさせるような時に便利です。あなたのスクリプト環境にさらされるように、PATH_INFO環境変数から元のパスへのアクセスを取得します。\n\n``` apacheconf\nRewriteEngine On\nRewriteRule ^$ index.fcgi/ [QSA,L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]\n```\n上記の設定はFallbackResourceより非効率ですが(mod_rewriteは`FallbackResource`を扱うより複雑なため)、より柔軟な設定が可能です。\n\n### とにかくリダイレクトする\n``` apacheconf\nRedirect 301 / http://newsite.com/\n```\nこの方法はそっくりそのまま別のサイトにリダイレクトさせます。`www.oldsite.com/some/crazy/link.html`にアクセスした場合、`www.newsite.com/some/crazy/link.html`にリダイレクトさせます。新しいドメインに引っ越したときなど、非常に役に立ちます。 [Source](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n\n### クリーンURLエイリアス\nこのスニペットは、クリーンURL用です。拡張子がPHPで、`example.com/users.php`というURLをではなく`example.com/users`というURLとしてあつかえます。\n``` apacheconf\nRewriteEngine On\nRewriteCond %{SCRIPT_FILENAME} !-d\nRewriteRule ^([^.]+)$ $1.php [NC,L]\n```\n[Source](http://www.abeautifulsite.net/access-pages-without-the-php-extension-using-htaccess/)\n\n## セキュリティ\n### 全アクセス拒否\n``` apacheconf\n## Apache 2.2\nDeny from all\n\n## Apache 2.4\n# Require all denied\n```\n\nあなたも同様にコンテンツをみれなくなるのでよく考えて利用してください。\n\n### 特定のIPを除いたアクセスの拒否\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from all\nAllow from xxx.xxx.xxx.xxx\n\n## Apache 2.4\n# Require all denied\n# Require ip xxx.xxx.xxx.xxx\n```\n`xxx.xxx.xxx.xxx`はあなたのIPです。あなたが例えば12桁のIPのうち最後の3桁を0/12で交換する場合、同じネットワーク内のIPの範囲を指定することになり、別途許可IPを全てリストアップしなければいけないような面倒を回避します。\n[Source](http://speckyboy.com/2013/01/08/useful-htaccess-snippets-and-hacks/)\n\nもちろん逆のバージョンもあります。\n\n### 特定のIPのみアクセスを拒否\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nAllow from all\nDeny from xxx.xxx.xxx.xxx\nDeny from xxx.xxx.xxx.xxy\n\n## Apache 2.4\n# Require all granted\n# Require not ip xxx.xxx.xxx.xxx\n# Require not ip xxx.xxx.xxx.xxy\n```\n\n### 隠しファイル、隠しディレクトリへのアクセス拒否\nドット`.`ではじまる隠しファイルや隠しディレクトリはいかなる時も安全である(閲覧されないようにする)必要があります。例えば、`.htaccess`, `.htpasswd`, `.git`, `.hg` 等です。\n``` apacheconf\nRewriteCond %{SCRIPT_FILENAME} -d [OR]\nRewriteCond %{SCRIPT_FILENAME} -f\nRewriteRule \"(^|/)\\.\" - [F]\n```\n\n攻撃者に手がかりを与える代わりに、404エラーページを表示させることができます。\n\n``` apacheconf\nRedirectMatch 404 /\\..*$\n```\n\n### バックアップファイルやソースファイルにアクセスするのを防ぐ\nこれらのファイルはviやvimによって置かれたり、公にさらされると、セキュリティ上の危険をもたらすファイルである可能性があります。\n``` apacheconf\n\n ## Apache 2.2\n Order allow,deny\n Deny from all\n Satisfy All\n\n ## Apache 2.4\n # Require all denied\n\n```\n[Source](https://github.com/h5bp/server-configs-apache)\n\n### ディレクトリ下のファイル一覧の表示禁止\n``` apacheconf\nOptions All -Indexes\n```\n\n### 画像直リンクの禁止\n``` apacheconf\nRewriteEngine on\n# Remove the following line if you want to block blank referrer too\nRewriteCond %{HTTP_REFERER} !^$\n\nRewriteCond %{HTTP_REFERER} !^https?://(.+\\.)?example.com [NC]\nRewriteRule \\.(jpe?g|png|gif|bmp)$ - [NC,F,L]\n\n# もしも、直リンクされた画像の代わりにブロックしたことを示す画像を表示させたいのであれば\n# `RewriteRule`を次のようにしてください:\n# RewriteRule \\.(jpe?g|png|gif|bmp) http://example.com/blocked.png [R,L]\n```\n\n### 特定のドメインからの画像直リンクの禁止\n特定のサイトからの画像直リンクを無効にしたい場合です。\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_REFERER} ^https?://(.+\\.)?badsite\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} ^https?://(.+\\.)?badsite2\\.com [NC,OR]\nRewriteRule \\.(jpe?g|png|gif|bmp)$ - [NC,F,L]\n\n# もしも、直リンクされた画像の代わりにブロック下ことを示す画像を表示させたいのであれば\n# `RewriteRule`を次のようにしてください:\n# RewriteRule \\.(jpe?g|png|gif|bmp) http://example.com/blocked.png [R,L]\n```\n\n### ディレクトリをパスワードで保護する\n最初に`.htpasswd`作成してシステムのどこかに配置しておく必要があります。\n``` bash\nhtpasswd -c /home/fellowship/.htpasswd boromir\n```\n\nそして、作成した`.htpasswd`を認証のために使うことができます。\n``` apacheconf\nAuthType Basic\nAuthName \"One does not simply\"\nAuthUserFile /home/fellowship/.htpasswd\nRequire valid-user\n```\n\n### 一つか複数かのファイルをパスワードで保護する\n``` apacheconf\nAuthName \"One still does not simply\"\nAuthType Basic\nAuthUserFile /home/fellowship/.htpasswd\n\n\nRequire valid-user\n\n\n\nRequire valid-user\n\n```\n\n### 特定の他所のサイトからアクセスをブロック\nこの設定は特定のドメインからのアクセスをブロックします\n[Source](http://www.htaccess-guide.com/deny-visitors-by-referrer/)\n``` apacheconf\nRewriteEngine on\n# Options +FollowSymlinks\nRewriteCond %{HTTP_REFERER} somedomain\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} anotherdomain\\.com\nRewriteRule .* - [F]\n```\n\n### フレーミングされるのを防ぐ\n下記の設定はウェブサイトがフレーム内に表示(IEでは`iframe`を使う)されるのを防止しています。同時に特定のURIの時には許可しています。\n``` apacheconf\nSetEnvIf Request_URI \"/starry-night\" allow_framing=true\nHeader set X-Frame-Options SAMEORIGIN env=!allow_framing\n```\n\n## パフォーマンス\n### テキストファイルの圧縮\n``` apacheconf\n\n\n # Force compression for mangled headers.\n # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html\n \n \n SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\\s*,?\\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding\n RequestHeader append Accept-Encoding \"gzip,deflate\" env=HAVE_Accept-Encoding\n \n \n\n # Compress all output labeled with one of the following MIME-types\n # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`\n # and can remove the `` and `` lines\n # as `AddOutputFilterByType` is still in the core directives).\n \n AddOutputFilterByType DEFLATE application/atom+xml \\\n application/javascript \\\n application/json \\\n application/rss+xml \\\n application/vnd.ms-fontobject \\\n application/x-font-ttf \\\n application/x-web-app-manifest+json \\\n application/xhtml+xml \\\n application/xml \\\n font/opentype \\\n image/svg+xml \\\n image/x-icon \\\n text/css \\\n text/html \\\n text/plain \\\n text/x-component \\\n text/xml\n \n\n\n```\n[Source](https://github.com/h5bp/server-configs-apache)\n\n\n### Expires(有効期限)ヘッダを設定する\nブラウザはexpires (有効期限)ヘッダをみてコンテンツをサーバーから取得すべきか、キャッシュから取得するかを判断します。静的コンテンツの有効期限はいくらか遠い未来に設定したほうがよいといえます。\n``` apacheconf\n\n ExpiresActive on\n ExpiresDefault \"access plus 1 month\"\n\n # CSS\n ExpiresByType text/css \"access plus 1 year\"\n\n # Data interchange\n ExpiresByType application/json \"access plus 0 seconds\"\n ExpiresByType application/xml \"access plus 0 seconds\"\n ExpiresByType text/xml \"access plus 0 seconds\"\n\n # Favicon (cannot be renamed!)\n ExpiresByType image/x-icon \"access plus 1 week\"\n\n # HTML components (HTCs)\n ExpiresByType text/x-component \"access plus 1 month\"\n\n # HTML\n ExpiresByType text/html \"access plus 0 seconds\"\n\n # JavaScript\n ExpiresByType application/javascript \"access plus 1 year\"\n\n # Manifest files\n ExpiresByType application/x-web-app-manifest+json \"access plus 0 seconds\"\n ExpiresByType text/cache-manifest \"access plus 0 seconds\"\n\n # Media\n ExpiresByType audio/ogg \"access plus 1 month\"\n ExpiresByType image/gif \"access plus 1 month\"\n ExpiresByType image/jpeg \"access plus 1 month\"\n ExpiresByType image/png \"access plus 1 month\"\n ExpiresByType video/mp4 \"access plus 1 month\"\n ExpiresByType video/ogg \"access plus 1 month\"\n ExpiresByType video/webm \"access plus 1 month\"\n\n # Web feeds\n ExpiresByType application/atom+xml \"access plus 1 hour\"\n ExpiresByType application/rss+xml \"access plus 1 hour\"\n\n # Web fonts\n ExpiresByType application/font-woff2 \"access plus 1 month\"\n ExpiresByType application/font-woff \"access plus 1 month\"\n ExpiresByType application/vnd.ms-fontobject \"access plus 1 month\"\n ExpiresByType application/x-font-ttf \"access plus 1 month\"\n ExpiresByType font/opentype \"access plus 1 month\"\n ExpiresByType image/svg+xml \"access plus 1 month\"\n\n```\n\n### Etagをオフにする\n`ETag`ヘッダを取り除くことによって、ブラウザ側が持っているキャッシュファイルと、サーバー側にある実ファイルの内容、更新日などが同じかどうか等の検証作業を無効にして、`Cache-Control` と `Expires` ヘッダを利用するようにします。\n``` apacheconf\n\n Header unset ETag\n\nFileETag None\n```\n\n## その他の項目\n\n### PHPの環境変数をセットする\n``` apacheconf\nphp_value \n\n# 例:\nphp_value upload_max_filesize 50M\nphp_value max_execution_time 240\n```\n\n### カスタムのエラーページ\n``` apacheconf\nErrorDocument 500 \"Houston, we have a problem.\"\nErrorDocument 401 http://error.example.com/mordor.html\nErrorDocument 404 /errors/halflife3.html\n```\n\n### 強制ダウンロード\nコンテンツをブラウザに表示させるのではなく、強制的にダウンロードさせたい場合は次のようにします。\n``` apacheconf\n\n ForceType application/octet-stream\n Header set Content-Disposition attachment\n\n```\n\nNow there is a yang to this yin:\n\n### ダウンロードを防ぐ\nコンテンツをダウンロードさせるのではなく内容をそのままブラウザに表示させたい時は次のようにします。\n``` apacheconf\n\n Header set Content-Type text/plain\n\n```\n\n### WEBフォントに対する他のドメインからのアクセスを許可する\nIE, Firefoxのだとクロスドメイン制約のため、WEBフォントが正常に機能しない可能性があります。[CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) このスニペットはその問題を解決します。\n``` apacheconf\n\n \n Header set Access-Control-Allow-Origin \"*\"\n \n\n```\n[Source](https://github.com/h5bp/server-configs-apache/issues/32)\n\n### 自動的にUTF8エンコードにする\nあなたのテキストコンテンツを常にUTF-8エンコードする時は次の設定をご利用ください。\n``` apacheconf\n# text/plain か text/htmlを配信する時はUTF-8を使用します。\nAddDefaultCharset utf-8\n\n# 特定のファイルフォーマットで強制的にUTF-8を使う\nAddCharset utf-8 .atom .css .js .json .rss .vtt .xml\n```\n[Source](https://github.com/h5bp/server-configs-apache)\n\n### 別のPHPのバージョンに切り替える\nもしも、あなたが共有のホストを利用している場合、おそらく複数のバージョンのPHPがインストールされている可能性があり、時には自分のウェブサイトで特定のバージョンのPHPを使いたくなるかもしれません。例えば、ララベルではPHP5.4以上である必要があります。次のスニペットを使えば自分のウェブサイト用のPHPバージョンに切り替える事ができます。\n\n``` apacheconf\nAddHandler application/x-httpd-php55 .php\n\n# 代わりにAddTypeを使うこともできます。\nAddType application/x-httpd-php55 .php\n```\n\n### インターネットエクスプローラーの互換表示をさせない\nIEの互換表示モードはIEにおけるウェブサイトの表示に影響があたえることがあります。次のスニペットを使用することで、IEに最新のエンジンでページをレンダリングさせて、互換表示をさせなくすることができます。\n\n``` apacheconf\n\n BrowserMatch MSIE is-msie\n Header set X-UA-Compatible IE=edge env=is-msie\n\n```\n\n### WebP画像の配信\nもしも、[WebP images](https://developers.google.com/speed/webp/?csw=1) がサポートされていて、同じでディレクトリ下に、同じ名前のファイル名で、.webp と jpg/pngの拡張子のファイルがあった場合、WebP画像(.webp)が優先して配信されます。\n\n``` apacheconf\nRewriteEngine On\nRewriteCond %{HTTP_ACCEPT} image/webp\nRewriteCond %{DOCUMENT_ROOT}/$1.webp -f\nRewriteRule (.+)\\.(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]\n```\n[Source](https://github.com/vincentorback/WebP-images-with-htaccess)\n" }, { "path": "Translations/Portuguese-BR/README.md", "content": "# .htaccess Snippets\nUma coleção de snippets .htaccess úteis, tudo em um só lugar.\n\n**Disclaimer**: ao deixar cair o trecho em um arquivo `.htaccess` é a maior parte do tempo suficiente, há casos em que algumas modificações podem ser necessárias. Use por sua conta e risco.\n\n**IMPORTANTE**: Apache 2.4 introduz algumas alterações significativas, principalmente na configuração de controle de acesso. Para mais informações, consulte o [upgrading document](https://httpd.apache.org/docs/2.4/upgrading.html) bem como [this issue](https://github.com/phanan/htaccess/issues/2).\n\n## Créditos\nO que estamos fazendo aqui é principalmente a coleta trechos úteis de todo o interwebs (por exemplo, uma boa parte é de\n[Apache Server Configs](https://github.com/h5bp/server-configs-apache)) em um só lugar. Enquanto estamos tentando dar crédito onde, devido, as coisas podem estar em falta. Se você acreditar em qualquer coisa que está aqui deve ser dado o seu trabalho e créditos, avise-nos, ou apenas enviar uma PR.\n\n## Tabela de Conteúdo\n- [Rewrite and Redirection](#rewrite-and-redirection)\n - [Force www](#force-www)\n - [Force www in a Generic Way](#force-www-in-a-generic-way)\n - [Force non-www](#force-non-www)\n - [Force non-www in a Generic Way](#force-non-www-in-a-generic-way)\n - [Force HTTPS](#force-https)\n - [Force HTTPS Behind a Proxy](#force-https-behind-a-proxy)\n - [Force Trailing Slash](#force-trailing-slash)\n - [Remove Trailing Slash](#remove-trailing-slash)\n - [Redirect a Single Page](#redirect-a-single-page)\n - [Alias a Single Directory](#alias-a-single-directory)\n - [Alias Paths to Script](#alias-paths-to-script)\n - [Redirect an Entire Site](#redirect-an-entire-site)\n - [Alias \"Clean\" URLs](#alias-clean-urls)\n- [Security](#security)\n - [Deny All Access](#deny-all-access)\n - [Deny All Access Except Yours](#deny-all-access-except-yours)\n - [Allow All Access Except Spammers'](#allow-all-access-except-spammers)\n - [Deny Access to Hidden Files and Directories](#deny-access-to-hidden-files-and-directories)\n - [Deny Access to Backup and Source Files](#deny-access-to-backup-and-source-files)\n - [Disable Directory Browsing](#disable-directory-browsing)\n - [Disable Image Hotlinking](#disable-image-hotlinking)\n - [Disable Image Hotlinking for Specific Domains](#disable-image-hotlinking-for-specific-domains)\n - [Password Protect a Directory](#password-protect-a-directory)\n - [Password Protect a File or Several Files](#password-protect-a-file-or-several-files)\n - [Block Visitors by Referrer](#block-visitors-by-referrer)\n - [Prevent Framing the Site](#prevent-framing-the-site)\n- [Performance](#performance)\n - [Compress Text Files](#compress-text-files)\n - [Set Expires Headers](#set-expires-headers)\n - [Turn eTags Off](#turn-etags-off)\n- [Miscellaneous](#miscellaneous)\n - [Set PHP Variables](#set-php-variables)\n - [Custom Error Pages](#custom-error-pages)\n - [Force Downloading](#force-downloading)\n - [Prevent Downloading](#prevent-downloading)\n - [Allow Cross-Domain Fonts](#allow-cross-domain-fonts)\n - [Auto UTF-8 Encode](#auto-utf-8-encode)\n - [Switch to Another PHP Version](#switch-to-another-php-version)\n - [Disable Internet Explorer Compatibility View](#disable-internet-explorer-compatibility-view)\n - [Serve WebP Images](#serve-webp-images)\n\n## Rewrite and Redirection\nNota: Presume-se que você tem `mod_rewrite` instalado e habilitado.\n\n### Force www\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^example\\.com [NC]\nRewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]\n```\n\n### Force www in a Generic Way\n``` apacheconf\nRewriteCond %{HTTP_HOST} !^$\nRewriteCond %{HTTP_HOST} !^www\\. [NC]\nRewriteCond %{HTTPS}s ^on(s)|\nRewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]\n```\nIsso funciona para _any_ domain. [Source](https://stackoverflow.com/questions/4916222/htaccess-how-to-force-www-in-a-generic-way)\n\n### Force non-www \nIt's [still](http://www.sitepoint.com/domain-www-or-no-www/) [open](https://devcenter.heroku.com/articles/apex-domains) [for](http://yes-www.org/) [debate](http://no-www.org/) se www ou non-www é o caminho a percorrer, por isso, se acontecer de você ser um fã de domínios descalços, aqui você vai:\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.example\\.com [NC]\nRewriteRule ^(.*)$ http://example.com/$1 [L,R=301]\n```\n\n### Force non-www in a Generic Way\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.\nRewriteCond %{HTTPS}s ^on(s)|off\nRewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\\.)?(.+)$\nRewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]\n```\n\n### Force HTTPS\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTPS} !on\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n\n# Nota: Também é recomendável habilitar HTTP Strict Transport Segurança (HSTS)\n# Em seu site HTTPS para ajudar a prevenir ataques man-in-the-middle.\n# Veja https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security\n\n Header sempre definido Strict-Transport-Security \"max-age=31536000; includeSubDomains\"\n\n```\n\n### Force HTTPS Behind a Proxy\nÚtil se você tiver um proxy na frente do seu servidor a realização de terminação TLS.\n``` apacheconf\nRewriteCond %{HTTP:X-Forwarded-Proto} !https\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n```\n\n### Force Trailing Slash\n``` apacheconf\nRewriteCond %{REQUEST_URI} /+[^\\.]+$\nRewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]\n```\n\n### Remove Trailing Slash\n``` apacheconf\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)/$ /$1 [R=301,L]\n```\n### Redirect a Single Page\n``` apacheconf\nRedirect 301 /oldpage.html http://www.example.com/newpage.html\nRedirect 301 /oldpage2.html http://www.example.com/folder/\n```\n[Source](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Alias a Single Directory \n``` apacheconf\nRewriteEngine On\nRewriteRule ^source-directory/(.*) target-directory/$1\n```\n\n### Alias Paths to Script\n``` apacheconf\nFallbackResource /index.fcgi\n```\nEste exemplo tem um arquivo `index.fcgi` em algum diretório, e todos os pedidos dentro desse diretório que não conseguem resolver um diretório / nome do arquivo será enviado para o` script index.fcgi`. É bom se você quer `baz.foo / some / cool / path` a ser feitos pelo` baz.foo / index.fcgi` (que também suporta pedidos de `baz.foo`), mantendo` baz.foo/css/ style.css` e semelhantes. Tenha acesso ao caminho original da variável de ambiente PATH_INFO, como exposto no seu ambiente de script.\n\n``` apacheconf\nRewriteEngine On\nRewriteRule ^$ index.fcgi/ [QSA,L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]\n```\nEsta é uma versão menos eficiente da directiva FallbackResource (porque o uso do `mod_rewrite` é mais complexa do que apenas lidar com o` directiva FallbackResource`), mas também é mais flexível.\n\n### Redirect an Entire Site\n``` apacheconf\nRedirect 301 / http://newsite.com/\n```\nDesta forma, faz com links intactos. Ou seja `www.oldsite.com/some/crazy/link.html` se tornará `www.newsite.com/some/crazy/link.html`. Isto é extremamente útil quando você é apenas \"moving\" um site para um novo domínio. [Source](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Alias \"Clean\" URLs\nEste trecho permite que você use \"clean\" URLs -- aqueles sem uma extensão do PHP, por exemplo `example.com/users` em vez de `example.com/users.php`.\n``` apacheconf\nRewriteEngine On\nRewriteCond %{SCRIPT_FILENAME} !-d\nRewriteRule ^([^.]+)$ $1.php [NC,L]\n```\n[Source](http://www.abeautifulsite.net/access-pages-without-the-php-extension-using-htaccess/)\n\n## Security\n### Deny All Access\n``` apacheconf\n## Apache 2.2\nDeny from all\n\n## Apache 2.4\n# Require all denied\n```\n\nMas espere, isso irá bloqueá-lo a partir do seu conteúdo, bem! Assim, a introdução de ...\n\n### Deny All Access Except Yours\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from all\nAllow from xxx.xxx.xxx.xxx\n\n## Apache 2.4\n# Require all denied\n# Require ip xxx.xxx.xxx.xxx\n```\n`xxx.xxx.xxx.xxx` é seu IP. Se você substituir os três últimos dígitos com 0/12 por exemplo, isso vai especificar um intervalo de IPs dentro da mesma rede, poupando-lhe o trabalho de listar todos os IPs autorizados separadamente. [Source](http://speckyboy.com/2013/01/08/useful-htaccess-snippets-and-hacks/)\n\nAgora é claro que há uma versão invertida:\n\n### Allow All Access Except Spammers'\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from xxx.xxx.xxx.xxx\nDeny from xxx.xxx.xxx.xxy\n\n## Apache 2.4\n# Require all granted\n# Require not ip xxx.xxx.xxx.xxx\n# Require not ip xxx.xxx.xxx.xxy\n```\n\n### Deny Access to Hidden Files and Directories\nArquivos e diretórios ocultos (aqueles cujos nomes começam com um ponto `.`) deve maioria, se não todos, o tempo ser assegurado. por exemplo: `.htaccess`, `.htpasswd`, `.git`, `.hg`...\n``` apacheconf\nRewriteCond %{SCRIPT_FILENAME} -d [OR]\nRewriteCond %{SCRIPT_FILENAME} -f\nRewriteRule \"(^|/)\\.\" - [F]\n```\n\nAlternativamente, você pode simplesmente levantar uma `Not Found` erro, dando a cara atacante nenhuma pista:\n``` apacheconf\nRedirectMatch 404 /\\..*$\n```\n\n### Deny Access to Backup and Source Files\nEsses arquivos podem ser deixados por alguns editores de texto / html (como Vi / Vim) e representam um grande perigo de segurança, se exposto a público.\n``` apacheconf\n\n ## Apache 2.2\n Order allow,deny\n Deny from all\n Satisfy All\n\n ## Apache 2.4\n # Require all denied\n\n```\n[Source](https://github.com/h5bp/server-configs-apache)\n\n### Disable Directory Browsing\n``` apacheconf\nOptions All -Indexes\n```\n\n### Disable Image Hotlinking\n``` apacheconf\nRewriteEngine on\n# Remova a seguinte linha se você deseja bloquear referrer em branco também\nRewriteCond %{HTTP_REFERER} !^$\n\nRewriteCond %{HTTP_REFERER} !^https?://(.+\\.)?example.com [NC]\nRewriteRule \\.(jpe?g|png|gif|bmp)$ - [NC,F,L]\n\n# Se você deseja exibir um banner \"bloqueada\" em lugar da imagem hotlink,\n# Substituir a regra acima, com:\n# RewriteRule \\.(jpe?g|png|gif|bmp) http://example.com/blocked.png [R,L]\n```\n\n### Disable Image Hotlinking for Specific Domains\nÀs vezes você quer desabilitar imagem hotlinking de alguns bandidos só.\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_REFERER} ^https?://(.+\\.)?badsite\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} ^https?://(.+\\.)?badsite2\\.com [NC,OR]\nRewriteRule \\.(jpe?g|png|gif|bmp)$ - [NC,F,L]\n\n# Se você deseja exibir um banner \"bloqueada\" em lugar da imagem hotlink,\n# Substituir a regra acima, com:\n# RewriteRule \\.(jpe?g|png|gif|bmp) http://example.com/blocked.png [R,L]\n```\n\n### Password Protect a Directory\nPrimeiro você precisa criar um arquivo `.htpasswd` em algum lugar do sistema:\n``` bash\nhtpasswd -c /home/fellowship/.htpasswd boromir\n```\n\nEm seguida, você pode usá-lo para autenticação:\n``` apacheconf\nAuthType Basic\nAuthName \"One does not simply\"\nAuthUserFile /home/fellowship/.htpasswd\nRequire valid-user\n```\n\n### Password Protect a File or Several Files\n``` apacheconf\nAuthName \"One still does not simply\"\nAuthType Basic\nAuthUserFile /home/fellowship/.htpasswd\n\n\nRequire valid-user\n\n\n\nRequire valid-user\n\n```\n\n### Block Visitors by Referrer\nEste nega o acesso para todos os usuários que estão vindo de (indicado por) um domínio específico.\n[Source](http://www.htaccess-guide.com/deny-visitors-by-referrer/)\n``` apacheconf\nRewriteEngine on\n# Options +FollowSymlinks\nRewriteCond %{HTTP_REFERER} somedomain\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} anotherdomain\\.com\nRewriteRule .* - [F]\n```\n\n### Prevent Framing the Site\nIsso impede que o site para ser enquadrado (ou seja, colocar em uma `iframe` tag), quando ainda permite o enquadramento para uma URI específica.\n``` apacheconf\nSetEnvIf Request_URI \"/starry-night\" allow_framing=true\nHeader set X-Frame-Options SAMEORIGIN env=!allow_framing\n```\n\n## Performance\n### Compress Text Files\n``` apacheconf\n\n\n # Force compression for mangled headers.\n # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html\n \n \n SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\\s*,?\\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding\n RequestHeader append Accept-Encoding \"gzip,deflate\" env=HAVE_Accept-Encoding\n \n \n\n # Comprimir toda a saída marcada com um dos seguintes procedimentos MIME-types\n # (para versões do Apache 2.3.7 abaixo, você não precisa habilitar `mod_filter`\n # pode remover as linhas `` e `` \n # como `AddOutputFilterByType` ainda está em diretivas principais).\n \n AddOutputFilterByType DEFLATE application/atom+xml \\\n application/javascript \\\n application/json \\\n application/rss+xml \\\n application/vnd.ms-fontobject \\\n application/x-font-ttf \\\n application/x-web-app-manifest+json \\\n application/xhtml+xml \\\n application/xml \\\n font/opentype \\\n image/svg+xml \\\n image/x-icon \\\n text/css \\\n text/html \\\n text/plain \\\n text/x-component \\\n text/xml\n \n\n\n```\n[Source](https://github.com/h5bp/server-configs-apache)\n\n\n### Set Expires Headers\n_Expira headers_ dizer ao navegador se eles devem solicitar um arquivo específico do servidor ou apenas agarrá-lo a partir do cache. É aconselhável definir um conteúdo estática que expira no futuro.\nSe você não controlar o versionamento com cache baseado em filename, tem que considerar uma redução do tempo de cache para recursos como CSS e JS para algo como uma semana. [Source](https://github.com/h5bp/server-configs-apache)\n``` apacheconf\n\n ExpiresActive on\n ExpiresDefault \"access plus 1 month\"\n\n # CSS\n ExpiresByType text/css \"access plus 1 year\"\n\n # Data interchange\n ExpiresByType application/json \"access plus 0 seconds\"\n ExpiresByType application/xml \"access plus 0 seconds\"\n ExpiresByType text/xml \"access plus 0 seconds\"\n\n # Favicon (cannot be renamed!)\n ExpiresByType image/x-icon \"access plus 1 week\"\n\n # HTML components (HTCs)\n ExpiresByType text/x-component \"access plus 1 month\"\n\n # HTML\n ExpiresByType text/html \"access plus 0 seconds\"\n\n # JavaScript\n ExpiresByType application/javascript \"access plus 1 year\"\n\n # Manifest files\n ExpiresByType application/x-web-app-manifest+json \"access plus 0 seconds\"\n ExpiresByType text/cache-manifest \"access plus 0 seconds\"\n\n # Media\n ExpiresByType audio/ogg \"access plus 1 month\"\n ExpiresByType image/gif \"access plus 1 month\"\n ExpiresByType image/jpeg \"access plus 1 month\"\n ExpiresByType image/png \"access plus 1 month\"\n ExpiresByType video/mp4 \"access plus 1 month\"\n ExpiresByType video/ogg \"access plus 1 month\"\n ExpiresByType video/webm \"access plus 1 month\"\n\n # Web feeds\n ExpiresByType application/atom+xml \"access plus 1 hour\"\n ExpiresByType application/rss+xml \"access plus 1 hour\"\n\n # Web fonts\n ExpiresByType application/font-woff2 \"access plus 1 month\"\n ExpiresByType application/font-woff \"access plus 1 month\"\n ExpiresByType application/vnd.ms-fontobject \"access plus 1 month\"\n ExpiresByType application/x-font-ttf \"access plus 1 month\"\n ExpiresByType font/opentype \"access plus 1 month\"\n ExpiresByType image/svg+xml \"access plus 1 month\"\n\n```\n\n### Turn eTags Off\nAo remover o cabeçalho `ETag`, você desativar caches e navegadores de ser capaz de validar os arquivos, então eles são forçados a confiar em seu` Cache-Control` e `cabeçalho Expires`. [Source](http://www.askapache.com/htaccess/apache-speed-etags.html)\n``` apacheconf\n\n Header unset ETag\n\nFileETag None\n```\n\n## Miscellaneous\n\n### Set PHP Variables\n``` apacheconf\nphp_value \n\n# Por exemplo:\nphp_value upload_max_filesize 50M\nphp_value max_execution_time 240\n```\n\n### Custom Error Pages\n``` apacheconf\nErrorDocument 500 \"Houston, você tem um problema.\"\nErrorDocument 401 http://error.example.com/mordor.html\nErrorDocument 404 /errors/halflife3.html\n```\n\n### Force Downloading\nÀs vezes você quer forçar o navegador para baixar algum conteúdo em vez de exibi-lo.\n``` apacheconf\n\n ForceType application/octet-stream\n Header set Content-Disposition attachment\n\n```\n\nAgora a um yang a este yin:\n\n### Prevent Downloading\nÀs vezes você quer forçar o navegador para exibir algum conteúdo em vez de baixá-lo.\n``` apacheconf\n\n Header set Content-Type text/plain\n\n```\n\n### Allow Cross-Domain Fonts\nCDN-served webfonts pode não funcionar no Firefox ou IE devido à [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing). Este trecho resolve o problema.\n``` apacheconf\n\n \n Header set Access-Control-Allow-Origin \"*\"\n \n\n```\n[Source](https://github.com/h5bp/server-configs-apache/issues/32)\n\n### Auto UTF-8 Encode\nSeu texto deve ser sempre codificação UTF-8, não?\n``` apacheconf\n# Use codificação UTF-8 para qualquer coisa como text/plain ou text/html\nAddDefaultCharset utf-8\n\n# Força UTF-8 para um número de formatos de arquivo\nAddCharset utf-8 .atom .css .js .json .rss .vtt .xml\n```\n[Source](https://github.com/h5bp/server-configs-apache)\n\n### Switch to Another PHP Version\nSe você estiver em um servidor compartilhado, as chances são de que há mais de uma versão do PHP instalado, e às vezes você quer uma versão específica para o seu site. por exemplo, [Laravel](https://github.com/laravel/laravel) requer PHP >= 5.4. O seguinte trecho deve mudar a versão do PHP para você.\n\n``` apacheconf\nAddHandler application/x-httpd-php55 .php\n\n# Alternativamente, você pode usar AddType\nAddType application/x-httpd-php55 .php\n```\n\n### Disable Internet Explorer Compatibility View\nExibição de Compatibilidade no IE pode afetar a forma como alguns sites são exibidos. O seguinte trecho deve forçar o IE para usar o Edge Rendering Engine e desativar o Compatibility View.\n\n``` apacheconf\n\n BrowserMatch MSIE is-msie\n Header set X-UA-Compatible IE=edge env=is-msie\n\n```\n\n### Serve WebP Images\nSe [WebP images](https://developers.google.com/speed/webp/?csw=1) são suportados em uma imagem com uma extensão .webp e ela encontra-se no mesmo lugar como o jpg/png imagem que vai ser servida, em seguida, a imagem WebP é servido em vez do jpg/png.\n\n``` apacheconf\nRewriteEngine On\nRewriteCond %{HTTP_ACCEPT} image/webp\nRewriteCond %{DOCUMENT_ROOT}/$1.webp -f\nRewriteRule (.+)\\.(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]\n```\n[Source](https://github.com/vincentorback/WebP-images-with-htaccess)\n" }, { "path": "Translations/Russian/README.md", "content": "# .htaccess сниппеты [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\nКоллекция .htaccess сниппетов, собранных в одном месте.\n\n**Дисклеймер**: Перед тем, как использовать сниппет в файле `.htaccess`, в большинстве случаев необходимо сделать небольшие коррекции (поменять название папки или файла, изменить URL и т.д.). Используйте сниппеты на свой страх и риск.\n\n**ВАЖНО**: В Apache 2.4 появилось несколько важных изменений, особенно в конфигурации управления доступами. Чтобы узнать больше об этих и других изменениях перейдите по этой [ссылке](https://httpd.apache.org/docs/2.4/upgrading.html), а также просмотрите это [ишью](https://github.com/phanan/htaccess/issues/2).\n\n## Поддержка\nЧто мы делаем? Здесь собраны самые полезные сниппеты для файла `.htaccess` из всего интернета (например, много разных приемов из [Apache Server Configs](https://github.com/h5bp/server-configs-apache) мы собрали в одном месте). Не исключено, что мы могли что-то упустить. Если вы заметили где-то ошибки или несоответствия, пожалуйста, сообщите нам об этом или сделайте Pull Request.\nПодробнее о том, как помочь проекту и делать Pull Request'ы, вы можете прочитать в [этой статье](https://habrahabr.ru/post/275219/) на Хабрахабр.\n\n## Содержание\n- [Rewrite и Redirect](#rewrite-и-redirect)\n - [Перенаправление с без www на с www](#Перенаправление-с-без-www-на-с-www)\n - [Перенаправление с без www на с www для HTTP или HTTPS](#Перенаправление-с-без-www-на-с-www-для-http-или-https)\n - [Перенаправление с www на без www](#Перенаправление-с-www-на-без-www)\n - [Перенаправление с www на без www для HTTP или HTTPS](#Перенаправление-с-www-на-без-www-для-http-или-https)\n - [Принудительное использование HTTPS](#Принудительное-использование-https)\n - [Принудительное использование HTTPS за прокси](#Принудительное-использование-https-за-прокси)\n - [Вставить завершающий слэш](#Вставить-завершающий-слэш)\n - [Удалить завершающий слэш](#Удалить-завершающий-слэш)\n - [Редирект со страницы на страницу](#Редирект-со-страницы-на-страницу)\n - [Редирект с использованием RedirectMatch](#Редирект-с-использованием-redirectmatch)\n - [Алиас для определенной директории](#Алиас-для-определенной-директории)\n - [Алиас пути до скрипта](#Алиас-пути-до-скрипта)\n - [Редирект всего сайта](#Редирект-всего-сайта)\n - [Использовать чистые URL](#Использовать-чистые-url)\n- [Безопасность](#Безопасность)\n - [Запретить доступ всем](#Запретить-доступ-всем)\n - [Запретить доступ всем, кроме...](#Запретить-доступ-всем-кроме)\n - [Разрешить доступ всем, кроме...](#Разрешить-доступ-всем-кроме)\n - [Запретить доступ к скрытым файлам и директориям](#Запретить-доступ-к-скрытым-файлам-и-директориям)\n - [Запретить доступ к файлам](#Запретить-доступ-к-файлам)\n - [Запретить листинг директорий](#Запретить-листинг-директорий)\n - [Запретить хотлинкинг изображений](#Запретить-хотлинкинг-изображений)\n - [Запретить хотлинкинг изображений для определенных доменов](#Запретить-хотлинкинг-изображений-для-определенных-доменов)\n - [Защитить паролем директорию](#Защитить-паролем-директорию)\n - [Защитить паролем один или несколько файлов](#Защитить-паролем-один-или-несколько-файлов)\n - [Заблокировать посетителя по Referrer](#Заблокировать-посетителя-по-referrer)\n - [Запретить рендеринг сайта во фрейме](#Запретить-рендеринг-сайта-во-фрейме)\n- [Производительность](#Производительность)\n - [Сжатие текстовых файлов](#Сжатие-текстовых-файлов)\n - [Установить Expires Headers](#Установить-expires-headers)\n - [Выключить eTags](#Выключить-etags)\n- [Разное](#Разное)\n - [Настройка PHP](#Настройка-php)\n - [Пользовательские страницы ошибок](#Пользовательские-страницы-ошибок)\n - [Принудительная загрузка (скачивать файл вместо отображения в браузере)](#Принудительная-загрузка-скачивать-файл-вместо-отображения-в-браузере)\n - [Запретить загрузку (отображать plain в браузере)](#Запретить-загрузку-отображать-plain-в-браузере)\n - [Разрешить кроссдоменные шрифты](#Разрешить-кроссдоменные-шрифты)\n - [Установить по умолчанию кодировку UTF-8](#Установить-по-умолчанию-кодировку-utf-8)\n - [Переключиться на другую версию PHP](#Переключиться-на-другую-версию-php)\n - [Выключить режим совместимости в Internet Explorer](#Выключить-режим-совместимости-в-internet-explorer)\n - [Обработка WebP изображений](#Обработка-webp-изображений)\n\n## Rewrite и Redirect\nПримечание: Предполагается, что модуль `mod_rewrite` установлен и включен.\n\n### Перенаправление с без www на с www\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^example\\.com [NC]\nRewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]\n```\n\n### Перенаправление с без www на с www для HTTP или HTTPS\n``` apacheconf\nRewriteCond %{HTTP_HOST} !^$\nRewriteCond %{HTTP_HOST} !^www\\. [NC]\nRewriteCond %{HTTPS}s ^on(s)|\nRewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]\n```\nЭто работает для _любого_ домена. [Источник](https://stackoverflow.com/questions/4916222/htaccess-how-to-force-www-in-a-generic-way)\n\n### Перенаправление с www на без www\nЭто [вечная](http://www.sitepoint.com/domain-www-or-no-www/) [тема](https://devcenter.heroku.com/articles/apex-domains) [для](http://yes-www.org/) [дискуссий](http://no-www.org/) - использовать или не использовать www, но если вы поклонник \"чистых\" доменов, то:\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.example\\.com [NC]\nRewriteRule ^(.*)$ http://example.com/$1 [L,R=301]\n```\n\n### Перенаправление с www на без www для HTTP или HTTPS\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.\nRewriteCond %{HTTPS}s ^on(s)|off\nRewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\\.)?(.+)$\nRewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]\n```\n\n### Принудительное использование HTTPS\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTPS} !on\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n\n# Примечание: Рекомендуется включить HTTP Strict Transport Security (HSTS)\n# на вашем HTTPS сайте для предотвращения атак посредника (man-in-the-middle).\n# https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security\n\n Header always set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"\n\n```\n\n### Принудительное использование HTTPS за прокси\nПолезно, если вы имеете прокси перед вашим сервером для TLS.\n``` apacheconf\nRewriteCond %{HTTP:X-Forwarded-Proto} !https\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n```\n\n### Вставить завершающий слэш\n``` apacheconf\nRewriteCond %{REQUEST_URI} /+[^\\.]+$\nRewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]\n```\n\n### Удалить завершающий слэш\nЭтот сниппет перенаправляет из пути, который заканчивается на слэш, на путь без завершающего слэша (кроме реальных директорий), например, из `http://www.example.com/blog/` перенаправит на `http://www.example.com/blog`.\nЭто важно для SEO, так как [рекомендуется](http://overit.com/blog/canonical-urls), чтобы каждая страница имела канонический URL.\n``` apacheconf\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteCond %{REQUEST_URI} (.+)/$\nRewriteRule ^ %1 [R=301,L]\n```\n[Источник](https://stackoverflow.com/questions/21417263/htaccess-add-remove-trailing-slash-from-url#27264788)\n\n### Редирект со страницы на страницу\n``` apacheconf\nRedirect 301 /oldpage.html http://www.example.com/newpage.html\nRedirect 301 /oldpage2.html http://www.example.com/folder/\n```\n[Источник](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Редирект с использованием RedirectMatch\n``` apacheconf\nRedirectMatch 301 /subdirectory(.*) http://www.newsite.com/newfolder/$1\nRedirectMatch 301 ^/(.*).htm$ /$1.html\nRedirectMatch 301 ^/200([0-9])/([^01])(.*)$ /$2$3\nRedirectMatch 301 ^/category/(.*)$ /$1\nRedirectMatch 301 ^/(.*)/htaccesselite-ultimate-htaccess-article.html(.*) /htaccess/htaccess.html\nRedirectMatch 301 ^/(.*).html/1/(.*) /$1.html$2\nRedirectMatch 301 ^/manual/(.*)$ http://www.php.net/manual/$1\nRedirectMatch 301 ^/dreamweaver/(.*)$ /tools/$1\nRedirectMatch 301 ^/z/(.*)$ http://static.askapache.com/$1\n```\n[Источник](http://www.askapache.com/htaccess/301-redirect-with-mod_rewrite-or-redirectmatch.html#301_Redirects_RedirectMatch)\n\n### Алиас для определенной директории\n``` apacheconf\nRewriteEngine On\nRewriteRule ^source-directory/(.*) /target-directory/$1 [R=301,L]\n```\n\n### Алиас пути до скрипта\n``` apacheconf\nFallbackResource /index.fcgi\n```\nВ этом примере приведён файл `index.fcgi`, который лежит в каталоге и все запросы к этому каталогу, которые потерпели неудачу из-за отсутствия файла/директории будут перенаправлены на скрипт `index.fcgi`. Это хорошо, если вы хотите, чтобы `baz.foo/some/cool/path` обрабатывался скриптом `baz.foo/index.fcgi` (который также поддерживает запросы на `baz.foo`) в тоже время поддерживается `baz.foo/css/style.css` и другое подобное. Узнать истинный путь можно из переменной окружения PATH_INFO, которая доступна в скриптах.\n\n``` apacheconf\nRewriteEngine On\nRewriteRule ^$ index.fcgi/ [QSA,L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]\n```\nЭто менее эффективная версия директивы `FallbackResource` (поскольку использование `mod_rewrite` сложнее, чем просто обработка директивой `FallbackResource`), но также и более гибкое.\n\n### Редирект всего сайта\n``` apacheconf\nRedirect 301 / http://newsite.com/\n```\nЭтот сайт не \"ломает\" ссылки. Этот путь `www.oldsite.com/some/crazy/link.html` перенаправит вас на `www.newsite.com/some/crazy/link.html`. Это очень полезно, когда вы просто переносите сайт на новый домен. [Источник](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Использовать чистые URL\nЭтот сниппет позволяет использовать \"чистые\" URL -- без расширения .php, например, `example.com/users` вместо `example.com/users.php`.\n``` apacheconf\nRewriteEngine On\nRewriteCond %{SCRIPT_FILENAME} !-d\nRewriteRule ^([^.]+)$ $1.php [NC,L]\n```\n[Источник](http://www.abeautifulsite.net/access-pages-without-the-php-extension-using-htaccess/)\n\n## Безопасность\n### Запретить доступ всем\n``` apacheconf\n## Apache 2.2\nDeny from all\n\n## Apache 2.4\n# Require all denied\n```\n\nПодождите-ка, этот сниппет заблокирует доступ к сайту даже для вас! Сейчас исправим это...\n\n### Запретить доступ всем, кроме...\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from all\nAllow from xxx.xxx.xxx.xxx\n\n## Apache 2.4\n# Require all denied\n# Require ip xxx.xxx.xxx.xxx\n```\n`xxx.xxx.xxx.xxx` - это ваш IP. Если вы замените последние три цифры, например, на `0/12`, этим вы определите диапазон IP внутри этой сети и это оградит вас от проблемы перечислять по отдельности все разрешённые IP. [Источник](http://speckyboy.com/2013/01/08/useful-htaccess-snippets-and-hacks/)\n\nИ, естественно, противоположная функция к этой:\n\n### Разрешить доступ всем, кроме...\n``` apacheconf\n## Apache 2.2\nOrder deny,allow\nDeny from xxx.xxx.xxx.xxx\nDeny from xxx.xxx.xxx.xxy\n\n## Apache 2.4\n# Require all granted\n# Require not ip xxx.xxx.xxx.xxx\n# Require not ip xxx.xxx.xxx.xxy\n```\n\n### Запретить доступ к скрытым файлам и директориям\nСкрытые файлы и директории (те, чьи имена начинаются с точки `.`) должны в большинстве, если не все, быть недоступны для других. Например: `.htaccess`, `.htpasswd`, `.git`, `.hg`...\n``` apacheconf\nRewriteCond %{SCRIPT_FILENAME} -d [OR]\nRewriteCond %{SCRIPT_FILENAME} -f\nRewriteRule \"(^|/)\\.\" - [F]\n```\n\nКак вариант, вы можете показывать ошибку Not Found (не найдено), чтобы не давать атакующему подсказку:\n``` apacheconf\nRedirectMatch 404 /\\..*$\n```\n\n### Запретить доступ к файлам\nЭти файлы могут быть оставлены некоторыми редакторами text/html (вроде Vi/Vim) и представляют огромную дыру в безопасности, если станут общедоступными.\n``` apacheconf\n\n ## Apache 2.2\n Order allow,deny\n Deny from all\n Satisfy All\n\n ## Apache 2.4\n # Require all denied\n\n```\n[Источник](https://github.com/h5bp/server-configs-apache)\n\n### Запретить листинг директорий\n``` apacheconf\nOptions All -Indexes\n```\n\n### Запретить хотлинкинг изображений\n``` apacheconf\nRewriteEngine on\n# Удалите эту строчку, если вы хотите заблокировать пользователя с пустым Referrer\nRewriteCond %{HTTP_REFERER} !^$\n\nRewriteCond %{HTTP_REFERER} !^https?://(.+\\.)?example.com [NC]\nRewriteRule \\.(jpe?g|png|gif|bmp)$ - [NC,F,L]\n\n# Если вы захотите отображать вместо заблокированного изображения свой баннер,\n# то замените правило выше на это:\n# RewriteRule \\.(jpe?g|png|gif|bmp) http://example.com/blocked.png [R,L]\n```\n\n### Запретить хотлинкинг изображений для определенных доменов\nИногда вам потребуется запретить хотлинкинг только для некоторых доменов.\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_REFERER} ^https?://(.+\\.)?badsite\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} ^https?://(.+\\.)?badsite2\\.com [NC,OR]\nRewriteRule \\.(jpe?g|png|gif|bmp)$ - [NC,F,L]\n\n# Если вы захотите отображать вместо заблокированного изображения свой баннер,\n# то замените правило выше на это:\n# RewriteRule \\.(jpe?g|png|gif|bmp) http://example.com/blocked.png [R,L]\n```\n\n### Защитить паролем директорию\nСначала нужно создать файл `.htpasswd` в определенной директории:\n``` bash\nhtpasswd -c /home/fellowship/.htpasswd ваш_суперсекретный_пароль\n```\n\nИ потом использовать этот файл для аутентификации:\n``` apacheconf\nAuthType Basic\nAuthName \"One does not simply\"\nAuthUserFile /home/fellowship/.htpasswd\nRequire valid-user\n```\n\n### Защитить паролем один или несколько файлов\n``` apacheconf\nAuthName \"One still does not simply\"\nAuthType Basic\nAuthUserFile /home/fellowship/.htpasswd\n\n\nRequire valid-user\n\n\n\nRequire valid-user\n\n```\n\n### Заблокировать посетителя по Referrer\nБлокирует доступ для всех пользователей, которые пришли (были перенаправлены) из определенного домена(-ов).\n[Источник](http://www.htaccess-guide.com/deny-visitors-by-referrer/)\n``` apacheconf\nRewriteEngine on\n# Options +FollowSymlinks\nRewriteCond %{HTTP_REFERER} somedomain\\.com [NC,OR]\nRewriteCond %{HTTP_REFERER} anotherdomain\\.com\nRewriteRule .* - [F]\n```\n\n### Запретить рендеринг сайта во фрейме\nЭтот сниппет запрещает отображение сайта во фрейме (например, в теге `iframe`), но разрешает отображение сайта во фрейме для определенных URI.\n``` apacheconf\nSetEnvIf Request_URI \"/starry-night\" allow_framing=true\nHeader set X-Frame-Options SAMEORIGIN env=!allow_framing\n```\n\n## Производительность\n### Сжатие текстовых файлов\n``` apacheconf\n\n\n # Принудительное сжатие для исковерканных заголовков.\n # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html\n \n \n SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\\s*,?\\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding\n RequestHeader append Accept-Encoding \"gzip,deflate\" env=HAVE_Accept-Encoding\n \n \n\n # Сжимать исходящие данные с одним из следующих MIME типов\n # (для Apache ниже версии 2.3.7 не нужно включать `mod_filter`\n # и вы можете удалить строки `` и ``\n # так как `AddOutputFilterByType` все еще есть в ядре Apache).\n \n AddOutputFilterByType DEFLATE application/atom+xml \\\n application/javascript \\\n application/json \\\n application/rss+xml \\\n application/vnd.ms-fontobject \\\n application/x-font-ttf \\\n application/x-web-app-manifest+json \\\n application/xhtml+xml \\\n application/xml \\\n font/opentype \\\n image/svg+xml \\\n image/x-icon \\\n text/css \\\n text/html \\\n text/plain \\\n text/x-component \\\n text/xml\n \n\n\n```\n[Источник](https://github.com/h5bp/server-configs-apache)\n\n\n### Установить Expires Headers\n_Expires headers_ говорят браузеру, должен ли он загружать файл из сервера или же из кэша. Для статичного контента рекомендуется установить `Expires` заголовки на что-нибудь далекое в будущем.\n\nЕсли вы не контролируете изменение версий с помощью перебора, основанного на файлах, подумайте о том, чтобы уменьшить время кэша для CSS и JS, например, до 1 недели. [Источник](https://github.com/h5bp/server-configs-apache)\n``` apacheconf\n\n ExpiresActive on\n ExpiresDefault \"access plus 1 month\"\n\n # CSS\n ExpiresByType text/css \"access plus 1 year\"\n\n # Данные\n ExpiresByType application/json \"access plus 0 seconds\"\n ExpiresByType application/xml \"access plus 0 seconds\"\n ExpiresByType text/xml \"access plus 0 seconds\"\n\n # Favicon\n ExpiresByType image/x-icon \"access plus 1 week\"\n\n # HTML компоненты (HTCs)\n ExpiresByType text/x-component \"access plus 1 month\"\n\n # HTML\n ExpiresByType text/html \"access plus 0 seconds\"\n\n # JavaScript\n ExpiresByType application/javascript \"access plus 1 year\"\n\n # Файлы манифеста (Manifest)\n ExpiresByType application/x-web-app-manifest+json \"access plus 0 seconds\"\n ExpiresByType text/cache-manifest \"access plus 0 seconds\"\n\n # Медиа\n ExpiresByType audio/ogg \"access plus 1 month\"\n ExpiresByType image/gif \"access plus 1 month\"\n ExpiresByType image/jpeg \"access plus 1 month\"\n ExpiresByType image/png \"access plus 1 month\"\n ExpiresByType video/mp4 \"access plus 1 month\"\n ExpiresByType video/ogg \"access plus 1 month\"\n ExpiresByType video/webm \"access plus 1 month\"\n\n # Фиды\n ExpiresByType application/atom+xml \"access plus 1 hour\"\n ExpiresByType application/rss+xml \"access plus 1 hour\"\n\n # Web шрифты\n ExpiresByType application/font-woff2 \"access plus 1 month\"\n ExpiresByType application/font-woff \"access plus 1 month\"\n ExpiresByType application/vnd.ms-fontobject \"access plus 1 month\"\n ExpiresByType application/x-font-ttf \"access plus 1 month\"\n ExpiresByType font/opentype \"access plus 1 month\"\n ExpiresByType image/svg+xml \"access plus 1 month\"\n\n```\n\n### Выключить eTags\nУдаляя заголовок `ETag`, вы выключаете кэш и избавляете возможности проверять браузером файлы, следовательно они будут полагаться на заголовки `Cache-Control` и `Expires`. [Источник](http://www.askapache.com/htaccess/apache-speed-etags.html)\n``` apacheconf\n\n Header unset ETag\n\nFileETag None\n```\n\n## Разное\n\n### Настройка PHP\n``` apacheconf\nphp_value \n\n# Например:\nphp_value upload_max_filesize 50M\nphp_value max_execution_time 240\n```\n\n### Пользовательские страницы ошибок\n``` apacheconf\nErrorDocument 500 \"Хьюстон, у нас проблемы.\"\nErrorDocument 401 http://error.example.com/mordor.html\nErrorDocument 404 /errors/halflife3.html\n```\n\n### Принудительная загрузка (скачивать файл вместо отображения в браузере)\nИногда нужно загрузить запрашиваемый файл, а не отображать его в браузере.\n``` apacheconf\n\n ForceType application/octet-stream\n Header set Content-Disposition attachment\n\n```\n\nА ниже сниппет, который делает это с точностью до наоборот:\n\n### Запретить загрузку (отображать plain в браузере)\nИногда нужно отобразить запрашиваемый файл в браузере, а не загружать его.\n``` apacheconf\n\n Header set Content-Type text/plain\n\n```\n\n### Разрешить кроссдоменные шрифты\nШрифты, которые хранятся на CDN серверах, могут не работать в Firefox и IE из-за [CORS](https://ru.wikipedia.org/wiki/Cross-origin_resource_sharing). Данный сниппет решает эту проблему.\n``` apacheconf\n\n \n Header set Access-Control-Allow-Origin \"*\"\n \n\n```\n[Источник](https://github.com/h5bp/server-configs-apache/issues/32)\n\n### Установить по умолчанию кодировку UTF-8\nВаш текстовый контент должен быть всегда закодирован в UTF-8, не так ли?\n``` apacheconf\n# Используйте кодировку UTF-8 для обработки text/plain или text/html\nAddDefaultCharset utf-8\n\n# Принудительное использование UTF-8 для различных файлов\nAddCharset utf-8 .atom .css .js .json .rss .vtt .xml\n```\n[Источник](https://github.com/h5bp/server-configs-apache)\n\n### Переключиться на другую версию PHP\nЕсли вы используете шаред хостинг, вполне вероятно, что там установлено несколько версий PHP. Но вам нужна конкретная версия PHP для вашего веб-сайта. Этот сниппет должен переключить PHP версию.\n\n``` apacheconf\nAddHandler application/x-httpd-php56 .php\n\n# В качестве альтернативы вы можете использовать AddType\nAddType application/x-httpd-php56 .php\n```\n\n### Выключить просмотр в режиме совместимости в Internet Explorer\nПросмотр в режиме совместимости в IE может оказать влияние на то, как отображаются некоторые сайты. Этот сниппет заставляет IE использовать движок Edge Rendering и выключает просмотр в режиме совместимости.\n\n``` apacheconf\n\n BrowserMatch MSIE is-msie\n Header set X-UA-Compatible IE=edge env=is-msie\n\n```\n\n### Обработка WebP изображений\nЕсли [WebP изображения](https://developers.google.com/speed/webp/?csw=1) поддерживаюся и изображения с расширениями .webp и теми же именами найдены в том же месте, где и изображения jpg/png, которые нужно отправить, то тогда вместо них отправляются изображения WebP.\n\n``` apacheconf\nRewriteEngine On\nRewriteCond %{HTTP_ACCEPT} image/webp\nRewriteCond %{DOCUMENT_ROOT}/$1.webp -f\nRewriteRule (.+)\\.(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]\n```\n[Источник](https://github.com/vincentorback/WebP-images-with-htaccess)\n" }, { "path": "Translations/Slovak/README.md", "content": "# .htaccess Ukážky kódov\nKolekcia užitočných .htaccess súborov, všetky na jednom mieste. Rozhodol som sa vytvoriť tento repozitár po tom, čo som bol znudený z Googlenia, keď som potreboval presmerovať moje nové stránky na `www`.\n\n**DISCLAIMER**: Vložiť kus kódu je väčšinou postačujúce, avšak existujú prípady, kedy treba kód pozmeniť. Použitie na vlastné riziko.\n\n**POZNÁMKA**: Apache 2.4 prináša niekoľko zmien, najme pre kontrolu prístupu. Pre viac informácii sa pozrite na [upgrading document](https://httpd.apache.org/docs/2.4/upgrading.html) a tiež na [this issue](https://github.com/phanan/htaccess/issues/2).\n\n## Tabuľka obsahu\n- [Prepisovanie a presmerovanie](#prepisovanie-a-presmerovanie)\n - [Presmerovanie na WWW](#presmerovanie-na-www)\n - [Všeobecné presmerovanie na WWW](#v-eobecn-presmerovanie-na-www)\n - [Presmerovanie bez WWW](#presmerovanie-bez-www)\n - [Presmerovanie na HTTPS](#presmerovanie-na-https)\n - [Pridanie koncového lomítka](#pridanie-koncov-ho-lom-tka)\n - [Presmerovanie jednej stránky](#presmerovanie-jednej-str-nky)\n - [Presmerovanie celého webu](#presmerovanie-cel-ho-webu)\n- [Bezpečnosť](#bezpe-nos)\n - [Zakázanie prístupu pre všetkých](#zak-zanie-pr-stupu-pre-v-etk-ch)\n - [Zakázanie prístupu všetkým okrem vás](#zak-zanie-pr-stupu-v-etk-m-okrem-v-s)\n - [Povoliť prístup všetkým, ale nie spamerom](#povoli-pr-stup-v-etk-m-ale-nie-spamerom)\n - [Zakázať prístup k skrytým súborom a priečinkom](#zak-za-pr-stup-k-skryt-m-s-borom-a-prie-inkom)\n - [Zakázanie prístupu k zálohám a zdrojovým súborom](#zak-zanie-pr-stupu-k-z-loh-m-a-zdrojov-m-s-borom)\n - [Zakázanie prehliadania priečinka](#zak-zanie-prehliadania-prie-inka)\n - [Zakázanie hotlinkovania obrázkov](#zak-zanie-hotlinkovania-obr-zkov)\n - [Priečinok chránený heslom](#prie-inok-chr-nen-heslom)\n - [Súbor alebo niekoľko súborov chránených heslom](#s-bor-alebo-nieko-ko-s-borov-chr-nen-ch-heslom)\n- [Výkon](#v-kon)\n - [Kompresia textových súborov](#kompresia-textov-ch-s-borov)\n - [Nastavenia expirácie headerov](#nastavenia-expir-cie-headerov)\n - [Vypnutie eTags](#vypnutie-etags)\n- [Ostatné](#ostatn)\n - [Nastavenie PHP premenných](#nastavenie-php-premenn-ch)\n - [Vlastné chybové stránky](#vlastn-chybov-str-nky)\n - [Povinné stiahnutie](#povinn-stiahnutie)\n - [Povoliť cross-domain písma](#povoli-cross-domain-p-sma)\n - [Automatické UTF-8 kódovanie](#automatick-utf-8-k-dovanie)\n\n## Prepisovanie a presmerovanie\nPoznámka: Predpokladá sa, že máte nainštalovaný a povolený `mod_rewrite`. \n\n### Presmerovanie na WWW\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^example\\.com [NC]\nRewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]\n```\n\n### Všeobecné presmerovanie na WWW\n``` apacheconf\nRewriteCond %{HTTP_HOST} !^$\nRewriteCond %{HTTP_HOST} !^www\\. [NC]\nRewriteCond %{HTTPS}s ^on(s)|\nRewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]\n```\nFunguje pre _akúkoľvek_ doménu. [Source](https://stackoverflow.com/questions/4916222/htaccess-how-to-force-www-in-a-generic-way)\n\n### Presmerovanie bez WWW\nJe [odporúčané](http://no-www.org/) vymazať `www` z vašej domény. Prekvapenie prekvapenie!\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^www\\.example\\.com [NC]\nRewriteRule ^(.*)$ http://example.com/$1 [L,R=301]\n```\n\n### Presmerovanie na HTTPS\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTPS} !on\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}\n```\n\n### Pridanie koncového lomítka\n``` apacheconf\nRewriteCond %{REQUEST_URI} /+[^\\.]+$\nRewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]\n```\n\n### Presmerovanie jednej stránky\n``` apacheconf\nRedirect 301 /oldpage.html http://www.yoursite.com/newpage.html\nRedirect 301 /oldpage2.html http://www.yoursite.com/folder/\n```\n[Zdroj](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n### Presmerovanie celého webu\n``` apacheconf\nRedirect 301 / http://newsite.com/\n```\nTento spôsob nezničí linky. Stránka `www.oldsite.com/some/crazy/link.html` bude presmerovaná na `www.newsite.com/some/crazy/link.html`. Toto je extrémne nápomocné, ak migrujete web na inú doménu. [Zdroj](http://css-tricks.com/snippets/htaccess/301-redirects/)\n\n## Bezpečnosť\n### Zakázanie prístupu pre všetkých\n``` apacheconf\nDeny from All\n```\n\nAle pozor, toto zakáže prístup aj vám!\n\n### Zakázanie prístupu všetkým okrem vás\n``` apacheconf\nOrder deny, allow\nDeny from All\nAllow from xxx.xxx.xxx.xxx\n```\n`xxx.xxx.xxx.xxx` je tvoja IP. Ak nahradíš posledné tri čísla napríklad týmto 0/12, bude povolený prístup špecifickému rozashu ip adries vo vašej sieti, toto môže ušetriť čas pri pridávaní IP adries samostatne. [Zdroj](http://speckyboy.com/2013/01/08/useful-htaccess-snippets-and-hacks/)\n\nSamozrejme je tu aj opačná verzia:\n\n### Povoliť prístup všetkým, ale nie spamerom\n``` apacheconf\nOrder deny, allow\nDeny from xxx.xxx.xxx.xxx\nDeny from xxx.xxx.xxx.xxy\n```\n\n### Zakázať prístup k skrytým súborom a priečinkom\nSkryté súbory a priečinky (tie ktorých názov začína bodkou `.`) by mali byť väčšinu, ak nie stále chránené. Príklad: `.htaccess`, `.htpasswd`, `.git`, `.hg`...\n``` apacheconf\nRewriteCond %{SCRIPT_FILENAME} -d [OR]\nRewriteCond %{SCRIPT_FILENAME} -f\nRewriteRule \"(^|/)\\.\" - [F]\n```\n\nAko alternatívu môžte použíť `Not Found` chybu, pri ktorej nemá útočník ani potuchy:\n``` apacheconf\nRedirectMatch 404 /\\..*$\n```\n\n### Zakázanie prístupu k zálohám a zdrojovým súborom\nTieto súbory môžu byť pozostatky z text/html editorov (ako Vi/Vim) a predstavujú veľké bezpečnostné riziko, keď k nim má niekto prístup.\n``` apacheconf\n\n Order allow,deny\n Deny from all\n Satisfy All\n\n```\n[Zdroj](http://h5bp.com)\n\n### Zakázanie prehliadania priečinka\n``` apacheconf\nOptions All -Indexes\n```\n\n### Zakázanie hotlinkovania obrázkov\n``` apacheconf\nRewriteEngine on\nRewriteCond %{HTTP_REFERER} !^$\nRewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?yourdomain.com [NC]\nRewriteRule \\.(jpg|jpeg|png|gif)$ - [NC,F,L]\n```\n\n### Priečinok chránený heslom\nAko prvé potrebujete vytvoriť `.htpasswd` súbor niekde v systéme:\n``` bash\nhtpasswd -c /home/fellowship/.htpasswd boromir\n```\n\nPotom to môžte použiť na autentifikáciu:\n``` apacheconf\nAuthType Basic\nAuthName \"One does not simply\"\nAuthUserFile /home/fellowship/.htpasswd\nRequire valid-user\n```\n\n### Súbor alebo niekoľko súborov chránených heslom\n``` apacheconf\nAuthName \"One still does not simply\"\nAuthType Basic\nAuthUserFile /home/fellowship/.htpasswd\n\n\nRequire valid-user\n\n\n\nRequire valid-user\n\n```\n\n## Výkon\n### Kompresia textových súborov\n``` apacheconf\n\n\n # \"Tvrdá\" kompresia pre pozmenené hlavičky\n # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html\n \n \n SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\\s*,?\\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding\n RequestHeader append Accept-Encoding \"gzip,deflate\" env=HAVE_Accept-Encoding\n \n \n\n # Komprimovať všetky výstup s týmito konkrétnymi MIME-typmi\n # (pre Apache verzie pod 2.3.7, nepotrebujete povoľovať `mod_filter`\n # a môžte vymazať `` a `` riadky\n # ale `AddOutputFilterByType` je stále jedna zo základných smerníc).\n \n AddOutputFilterByType DEFLATE application/atom+xml \\\n application/javascript \\\n application/json \\\n application/rss+xml \\\n application/vnd.ms-fontobject \\\n application/x-font-ttf \\\n application/x-web-app-manifest+json \\\n application/xhtml+xml \\\n application/xml \\\n font/opentype \\\n image/svg+xml \\\n image/x-icon \\\n text/css \\\n text/html \\\n text/plain \\\n text/x-component \\\n text/xml\n \n\n\n```\n[Zdroj](https://h5bp.com)\n\n\n### Nastavenia expirácie headerov\n_Expires Headers_ povedia prehliadaču, či by si mal vyžiadať konkrétny súbor zo servera, alebo ho len prevziať z vyrovnávacej pamäte. Je vhodné nastaviť dobu expirácie statického obsahu na dlhú dobu.\nAk nemáte kontrolu verzií na báze mena súboru mali by ste zvážiť dobu uloženia v medzipameti pre súbory ako je CSS a JS na napríklad 1 týždeň. [Zdroj](http://h5bp.com)\n``` apacheconf\n\n ExpiresActive on\n ExpiresDefault \"access plus 1 month\"\n\n # CSS\n ExpiresByType text/css \"access plus 1 year\"\n\n # Data interchange\n ExpiresByType application/json \"access plus 0 seconds\"\n ExpiresByType application/xml \"access plus 0 seconds\"\n ExpiresByType text/xml \"access plus 0 seconds\"\n\n # Favicon (cannot be renamed!)\n ExpiresByType image/x-icon \"access plus 1 week\"\n\n # HTML components (HTCs)\n ExpiresByType text/x-component \"access plus 1 month\"\n\n # HTML\n ExpiresByType text/html \"access plus 0 seconds\"\n\n # JavaScript\n ExpiresByType application/javascript \"access plus 1 year\"\n\n # Manifest files\n ExpiresByType application/x-web-app-manifest+json \"access plus 0 seconds\"\n ExpiresByType text/cache-manifest \"access plus 0 seconds\"\n\n # Media\n ExpiresByType audio/ogg \"access plus 1 month\"\n ExpiresByType image/gif \"access plus 1 month\"\n ExpiresByType image/jpeg \"access plus 1 month\"\n ExpiresByType image/png \"access plus 1 month\"\n ExpiresByType video/mp4 \"access plus 1 month\"\n ExpiresByType video/ogg \"access plus 1 month\"\n ExpiresByType video/webm \"access plus 1 month\"\n\n # Web feeds\n ExpiresByType application/atom+xml \"access plus 1 hour\"\n ExpiresByType application/rss+xml \"access plus 1 hour\"\n\n # Web fonts\n ExpiresByType application/font-woff \"access plus 1 month\"\n ExpiresByType application/vnd.ms-fontobject \"access plus 1 month\"\n ExpiresByType application/x-font-ttf \"access plus 1 month\"\n ExpiresByType font/opentype \"access plus 1 month\"\n ExpiresByType image/svg+xml \"access plus 1 month\"\n\n```\n\n### Vypnutie eTags\nOdstránenín ETag headeru zabránite cache a prehliadaču overovať súbory, a tým ich prinútite aby sa spoliehali na svoju Cache-Control a Expires header. [Zdroj](http://www.askapache.com/htaccess/apache-speed-etags.html)\n``` apacheconf\n\n Header unset ETag\n\nFileETag None\n```\n\n\n## Ostatné\n\n### Nastavenie PHP premenných\n``` apacheconf\nphp_value \n\n# Príklad:\nphp_value upload_max_filesize 50M\nphp_value max_execution_time 240\n```\n\n### Vlastné chybové stránky\n``` apacheconf\nErrorDocument 400 /errors/breakingbad.html\nErrorDocument 401 /errors/notrespassing.html\nErrorDocument 403 /errors/mordor.html\nErrorDocument 404 /errors/halflife3.html\nErrorDocument 500 /errors/notabugitsafeature.html\n```\n\n### Povinné stiahnutie\nNiekedy chcete aby preliadač stiahol obsah namiesto jeho zobrazenia. Toto slúži presne na to.\n``` apacheconf\n\n ForceType application/octet-stream\n Header set Content-Disposition attachment\n\n```\n\n### Povoliť cross-domain písma\nFonty pochádzajúce z CDN nemusia pracovať správne vo Firefoxe a IE kvôli [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing). Nasledujúci kód z [HTML5Boilerplate](http://h5bp.com) by to mal vyriešiť.\n``` apacheconf\n\n \n Header set Access-Control-Allow-Origin \"*\"\n \n\n```\n\n### Automatické UTF-8 kódovanie\nTvoj text by sa mal vždy kódovať v UTF-8, nie?\n``` apacheconf\n# Použiť UTF-8 kódovanie pre všetky súbory typu text/plain a text/html\nAddDefaultCharset utf-8\n\n# Nastavenie UTF-8 pre niekoľko formátov súborov\nAddCharset utf-8 .atom .css .js .json .rss .vtt .xml\n```\n[Zdroj](http://h5bp.com)\n" } ]