Diff: STRATO-apps/wordpress_03/app/.htaccess

Keine Baseline-Datei – Diff nur gegen leer.
Baseline Vorherige Version
Zur Liste
1 -
1 + # BEGIN WP Rocket
2 + # Use UTF-8 encoding for anything served text/plain or text/html
3 + AddDefaultCharset UTF-8
4 + # Force UTF-8 for a number of file formats
5 + <IfModule mod_mime.c>
6 + AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml
7 + </IfModule>
8 +
9 + # FileETag None is not enough for every server.
10 + <IfModule mod_headers.c>
11 + Header unset ETag
12 + </IfModule>
13 +
14 + # Since we’re sending far-future expires, we don’t need ETags for static content.
15 + # developer.yahoo.com/performance/rules.html#etags
16 + FileETag None
17 +
18 + <IfModule mod_alias.c>
19 + <FilesMatch "\.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$">
20 + <IfModule mod_headers.c>
21 + Header set X-Powered-By "WP Rocket/3.20.1.1"
22 + Header unset Pragma
23 + Header append Cache-Control "public"
24 + Header unset Last-Modified
25 + </IfModule>
26 + </FilesMatch>
27 +
28 + <FilesMatch "\.(css|htc|js|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$">
29 + <IfModule mod_headers.c>
30 + Header unset Pragma
31 + Header append Cache-Control "public"
32 + </IfModule>
33 + </FilesMatch>
34 + </IfModule>
35 +
36 + <IfModule mod_mime.c>
37 + AddType image/avif avif
38 + AddType image/avif-sequence avifs
39 + </IfModule>
40 + # Expires headers (for better cache control)
41 + <IfModule mod_expires.c>
42 + ExpiresActive on
43 + ExpiresDefault "access plus 1 month"
44 + # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
45 + ExpiresByType text/cache-manifest "access plus 0 seconds"
46 + # Your document html
47 + ExpiresByType text/html "access plus 0 seconds"
48 + # Data
49 + ExpiresByType text/xml "access plus 0 seconds"
50 + ExpiresByType application/xml "access plus 0 seconds"
51 + ExpiresByType application/json "access plus 0 seconds"
52 + # Feed
53 + ExpiresByType application/rss+xml "access plus 1 hour"
54 + ExpiresByType application/atom+xml "access plus 1 hour"
55 + # Favicon (cannot be renamed)
56 + ExpiresByType image/x-icon "access plus 1 week"
57 + # Media: images, video, audio
58 + ExpiresByType image/gif "access plus 4 months"
59 + ExpiresByType image/png "access plus 4 months"
60 + ExpiresByType image/jpeg "access plus 4 months"
61 + ExpiresByType image/webp "access plus 4 months"
62 + ExpiresByType video/ogg "access plus 4 months"
63 + ExpiresByType audio/ogg "access plus 4 months"
64 + ExpiresByType video/mp4 "access plus 4 months"
65 + ExpiresByType video/webm "access plus 4 months"
66 + ExpiresByType image/avif "access plus 4 months"
67 + ExpiresByType image/avif-sequence "access plus 4 months"
68 + # HTC files (css3pie)
69 + ExpiresByType text/x-component "access plus 1 month"
70 + # Webfonts
71 + ExpiresByType font/ttf "access plus 4 months"
72 + ExpiresByType font/otf "access plus 4 months"
73 + ExpiresByType font/woff "access plus 4 months"
74 + ExpiresByType font/woff2 "access plus 4 months"
75 + ExpiresByType image/svg+xml "access plus 4 months"
76 + ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
77 + # CSS and JavaScript
78 + ExpiresByType text/css "access plus 1 year"
79 + ExpiresByType application/javascript "access plus 1 year"
80 + </IfModule>
81 + # Gzip compression
82 + <IfModule mod_deflate.c>
83 + # Active compression
84 + SetOutputFilter DEFLATE
85 + # Force deflate for mangled headers
86 + <IfModule mod_setenvif.c>
87 + <IfModule mod_headers.c>
88 + SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
89 + RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
90 + # Don’t compress images and other uncompressible content
91 + SetEnvIfNoCase Request_URI \
92 + \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary
93 + </IfModule>
94 + </IfModule>
95 +
96 + # Compress all output labeled with one of the following MIME-types
97 + <IfModule mod_filter.c>
98 + AddOutputFilterByType DEFLATE application/atom+xml \
99 + application/javascript \
100 + application/json \
101 + application/rss+xml \
102 + application/vnd.ms-fontobject \
103 + application/x-font-ttf \
104 + application/xhtml+xml \
105 + application/xml \
106 + font/opentype \
107 + image/svg+xml \
108 + image/x-icon \
109 + text/css \
110 + text/html \
111 + text/plain \
112 + text/x-component \
113 + text/xml
114 + </IfModule>
115 + <IfModule mod_headers.c>
116 + Header append Vary: Accept-Encoding
117 + </IfModule>
118 + </IfModule>
119 +
120 +
121 + # END WP Rocket
122 + # BEGIN WordPress
123 + # Die Anweisungen (Zeilen) zwischen „BEGIN WordPress“ und „END WordPress“ sind
124 + # dynamisch generiert und sollten nur über WordPress-Filter geändert werden.
125 + # Alle Änderungen an den Anweisungen zwischen diesen Markierungen werden überschrieben.
126 + <IfModule mod_rewrite.c>
127 + RewriteEngine On
128 + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
129 + RewriteBase /
130 + RewriteRule ^index\.php$ - [L]
131 + RewriteCond %{REQUEST_FILENAME} !-f
132 + RewriteCond %{REQUEST_FILENAME} !-d
133 + RewriteRule . /index.php [L]
134 + </IfModule>
135 +
136 + # END WordPress
137 +
138 +
139 +
140 + # OPUS support for WordPress audio player
141 + <IfModule mod_mime.c>
142 + AddType audio/ogg .opus
143 + </IfModule>
144 +
145 +
146 + # BEGIN Security
147 + <IfModule mod_rewrite.c>
148 + RewriteEngine On
149 + Header always set X-Frame-Options "SAMEORIGIN"
150 + Header always set X-Content-Type-Options "nosniff"
151 + Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
152 + Header always set Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';"
153 + Header always set Referrer-Policy "strict-origin-when-cross-origin"
154 + Header always set X-XSS-Protection "1; mode=block"
155 + RewriteBase /
156 + RewriteRule ^wp-admin/includes/ - [F,L]
157 + RewriteRule !^wp-includes/ - [S=3]
158 + RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
159 + RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
160 + RewriteRule ^wp-includes/theme-compat/ - [F,L]
161 + </IfModule>
162 +
163 + <Files wp-config.php>
164 + <IfModule !mod_authz_core.c>
165 + order allow,deny
166 + deny from all
167 + </IfModule>
168 + <IfModule mod_authz_core.c>
169 + require all denied
170 + </IfModule>
171 + </Files>
172 + # END Security