The-Perfect-Apache-Configuration

# ----------------------------------------------------------------------

# Apache configuration file

# This file is best used in /apache2/httpd.conf, but works (slower) in .htaccess

#

# I've spent quite a bit of time compiling what I find to be optimial to me

# and my server. This file is based on:

# - HTML5BoilerPlate: https://github.com/h5bp/html5-boilerplate/

# - W3 Edge: http://www.w3-edge.com/

# - Yahoo! Best Practices: http://developer.yahoo.com/performance/rules.html

# - Caching Tutorial: http://www.mnot.net/cache_docs/

# - Personal experience

#

# v1.2 / 2013.07.01 / Greg Rickaby

# ----------------------------------------------------------------------



# Specify a Default Charset

AddDefaultCharset utf-8



# ----------------------------------------------------------------------

# Cache Control via HTTP Headers + Expires

# Generation of Expires and Cache-Control HTTP headers according to user-specified criteria

# http://httpd.apache.org/docs/2.0/mod/mod_headers.html

# ----------------------------------------------------------------------



# Expires Defaults

<IfModule mod_expires.c>

        ExpiresActive On

        # Set default expires to 2 days

        ExpiresDefault A172800

        ExpiresByType text/css A31536000

        ExpiresByType application/x-javascript A31536000

        ExpiresByType text/x-component A31536000

        ExpiresByType text/html A3600

        ExpiresByType text/richtext A3600

        ExpiresByType image/svg+xml A3600

        ExpiresByType text/plain A3600

        ExpiresByType text/xsd A3600

        ExpiresByType text/xsl A3600

        ExpiresByType text/xml A3600

        ExpiresByType video/asf A31536000

        ExpiresByType video/avi A31536000

        ExpiresByType image/bmp A31536000

        ExpiresByType application/java A31536000

        ExpiresByType video/divx A31536000

        ExpiresByType application/msword A31536000

        ExpiresByType application/vnd.ms-fontobject A31536000

        ExpiresByType application/x-msdownload A31536000

        ExpiresByType image/gif A31536000

        ExpiresByType application/x-gzip A31536000

        ExpiresByType image/x-icon A31536000

        ExpiresByType image/jpeg A31536000

        ExpiresByType application/vnd.ms-access A31536000

        ExpiresByType audio/midi A31536000

        ExpiresByType video/quicktime A31536000

        ExpiresByType audio/mpeg A31536000

        ExpiresByType video/mp4 A31536000

        ExpiresByType video/mpeg A31536000

        ExpiresByType application/vnd.ms-project A31536000

        ExpiresByType application/x-font-otf A31536000

        ExpiresByType application/vnd.oasis.opendocument.database A31536000

        ExpiresByType application/vnd.oasis.opendocument.chart A31536000

        ExpiresByType application/vnd.oasis.opendocument.formula A31536000

        ExpiresByType application/vnd.oasis.opendocument.graphics A31536000

        ExpiresByType application/vnd.oasis.opendocument.presentation A31536000

        ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000

        ExpiresByType application/vnd.oasis.opendocument.text A31536000

        ExpiresByType audio/ogg A31536000

        ExpiresByType application/pdf A31536000

        ExpiresByType image/png A31536000

        ExpiresByType application/vnd.ms-powerpoint A31536000

        ExpiresByType audio/x-realaudio A31536000

        ExpiresByType image/svg+xml A31536000

        ExpiresByType application/x-shockwave-flash A31536000

        ExpiresByType application/x-tar A31536000

        ExpiresByType image/tiff A31536000

        ExpiresByType application/x-font-ttf A31536000

        ExpiresByType audio/wav A31536000

        ExpiresByType audio/wma A31536000

        ExpiresByType application/vnd.ms-write A31536000

        ExpiresByType application/vnd.ms-excel A31536000

        ExpiresByType application/zip A31536000

</IfModule>



# No caching for dynamic files

<filesMatch "\.(php|cgi|pl|htm)$">

        ExpiresDefault A0

        Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"

        Header set Pragma "no-cache"

</filesMatch>



# 1 MIN

<filesMatch "\.(html)$">

        ExpiresDefault A60

        Header set Cache-Control "max-age=60, must-revalidate"

</filesMatch>



# 2 DAYS

<filesMatch "\.(xml|txt)$">

        ExpiresDefault A172800

        Header set Cache-Control "max-age=172800, must-revalidate"

</filesMatch>



# 1 WEEK

<filesMatch "\.(jpg|jpeg|png|gif|swf|js|css)$">

        ExpiresDefault A604800

        Header set Cache-Control "max-age=604800, must-revalidate"

</filesMatch>



# 1 MONTH

<filesMatch "\.(ico|pdf|flv)$">

        ExpiresDefault A2419200

        Header set Cache-Control "max-age=2419200, must-revalidate"

</filesMatch>



# ----------------------------------------------------------------------

# Mime Types

# Mime Associates the requested filename's extensions with the file's behavior and content

# http://httpd.apache.org/docs/2.0/mod/mod_mime.html

# ----------------------------------------------------------------------



<IfModule mod_mime.c>

        AddType text/css .css

        AddType application/x-javascript .js

        AddType text/x-component .htc

        AddType text/html .html .htm

        AddType text/richtext .rtf .rtx

        AddType image/svg+xml .svg .svgz

        AddType text/plain .txt

        AddType text/xsd .xsd

        AddType text/xsl .xsl

        AddType text/xml .xml

        AddType video/asf .asf .asx .wax .wmv .wmx

        AddType video/avi .avi

        AddType image/bmp .bmp

        AddType application/java .class

        AddType video/divx .divx

        AddType application/msword .doc .docx

        AddType application/vnd.ms-fontobject .eot

        AddType application/x-msdownload .exe

        AddType image/gif .gif

        AddType application/x-gzip .gz .gzip

        AddType image/x-icon .ico

        AddType image/jpeg .jpg .jpeg .jpe

        AddType application/vnd.ms-access .mdb

        AddType audio/midi .mid .midi

        AddType video/quicktime .mov .qt

        AddType audio/mpeg .mp3 .m4a

        AddType video/mp4 .mp4 .m4v

        AddType video/mpeg .mpeg .mpg .mpe

        AddType application/vnd.ms-project .mpp

        AddType application/x-font-otf .otf

        AddType application/vnd.oasis.opendocument.database .odb

        AddType application/vnd.oasis.opendocument.chart .odc

        AddType application/vnd.oasis.opendocument.formula .odf

        AddType application/vnd.oasis.opendocument.graphics .odg

        AddType application/vnd.oasis.opendocument.presentation .odp

        AddType application/vnd.oasis.opendocument.spreadsheet .ods

        AddType application/vnd.oasis.opendocument.text .odt

        AddType audio/ogg .ogg

        AddType application/pdf .pdf

        AddType image/png .png

        AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx

        AddType audio/x-realaudio .ra .ram

        AddType application/x-shockwave-flash .swf

        AddType application/x-tar .tar

        AddType image/tiff .tif .tiff

        AddType application/x-font-ttf .ttf .ttc

        AddType audio/wav .wav

        AddType audio/wma .wma

        AddType application/vnd.ms-write .wri

        AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw

        AddType application/zip .zip

</IfModule>



# ----------------------------------------------------------------------

# Gzip compression

# Compress content before it is delivered to the client

# http://httpd.apache.org/docs/2.0/mod/mod_deflate.html

# ----------------------------------------------------------------------



<IfModule mod_deflate.c>

        # Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/

        <IfModule mod_setenvif.c>

                <IfModule mod_headers.c>

                        SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding

                        RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding

                </IfModule>

        </IfModule>



        <IfModule filter_module>

                # HTML, TXT, CSS, JavaScript, JSON, XML, HTC:

                FilterDeclare   COMPRESS

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/css

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/plain

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/xml

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/x-component

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/javascript

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/json

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xml

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xhtml+xml

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/rss+xml

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/atom+xml

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/vnd.ms-fontobject

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/svg+xml

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/x-icon

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/x-font-ttf

                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $font/opentype

                FilterChain     COMPRESS

                FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no

        </IfModule>



        <IfModule !mod_filter.c>

                # Legacy versions of Apache

                AddOutputFilterByType DEFLATE text/html text/plain text/css application/json

                AddOutputFilterByType DEFLATE application/javascript

                AddOutputFilterByType DEFLATE text/xml application/xml text/x-component

                AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml

                AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype

        </IfModule>



</IfModule>



# ----------------------------------------------------------------------

# Start rewrite engine

# Provides a rule-based rewriting engine to rewrite requested URLs on the fly

# http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html

# ----------------------------------------------------------------------



# FollowSymLinks must be enabled for this to work

<IfModule mod_rewrite.c>

        Options +FollowSymlinks

        RewriteEngine On

</IfModule>



# Block access to "hidden" directories whose names begin with a period

<IfModule mod_rewrite.c>

        RewriteCond %{SCRIPT_FILENAME} -d

        RewriteCond %{SCRIPT_FILENAME} -f

        RewriteRule "(^|/)\." - [F]

</IfModule>



# ----------------------------------------------------------------------

# Disable server signature (Security)

# Configures the Server HTTP response header

# http://httpd.apache.org/docs/2.2/mod/core.html#serversignature

# ----------------------------------------------------------------------



ServerSignature Off

ServerTokens Prod



# ----------------------------------------------------------------------

# Disable directory browsing (Security)

# Generates directory indexes, automatically, similar to the Unix ls command or the Win32 dir shell command

# http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html

# ----------------------------------------------------------------------



<IfModule mod_autoindex.c>

        Options -Indexes

</IfModule>



# ----------------------------------------------------------------------

# Block access to backup and source files (Security)

# This files may be left by some text/html editors and pose a great security danger

# ----------------------------------------------------------------------



<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">

        Order allow,deny

        Deny from all

        Satisfy All

</FilesMatch>



# ----------------------------------------------------------------------

# Increase cookie security (Security)

# This files may be left by some text/html editors and pose a great security danger

# ----------------------------------------------------------------------

<IfModule php5_module>

        php_value session.cookie_httponly true

</IfModule>



# ----------------------------------------------------------------------

# Webfont access

# Allow access from all domains for webfonts.

# ----------------------------------------------------------------------



<IfModule mod_headers.c>

        <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">

                Header set Access-Control-Allow-Origin "*"

        </FilesMatch>

</IfModule>



# ----------------------------------------------------------------------

# Force latest IE rendering engine

# ----------------------------------------------------------------------



<IfModule mod_headers.c>

        Header set X-UA-Compatible "IE=Edge,chrome=1"

                # mod_headers can't match by content-type, but we don't want to this header on everything

                <FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >

                        Header unset X-UA-Compatible

                </FilesMatch>

</IfModule>



# ----------------------------------------------------------------------

# Instructs the proxies to cache two versions of the resource: one compressed, and one uncompressed. 

# https://developers.google.com/speed/docs/best-practices/caching#LeverageProxyCaching

# ----------------------------------------------------------------------

<IfModule mod_headers.c>

  <FilesMatch "\.(js|css|xml|gz)$">

    Header append Vary: Accept-Encoding

  </FilesMatch>

</IfModule>



# ----------------------------------------------------------------------

# CORS-enabled images (@crossorigin)

# Send CORS headers if browsers request them; enabled by default for images.

# http://developer.mozilla.org/en/CORS_Enabled_Image

# http://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html

# http://hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/

# http://wiki.mozilla.org/Security/Reviews/crossoriginAttribute

# ----------------------------------------------------------------------



<IfModule mod_setenvif.c>

        <IfModule mod_headers.c>

                <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">

                        SetEnvIf Origin ":" IS_CORS

                        Header set Access-Control-Allow-Origin "*" env=IS_CORS

                </FilesMatch>

        </IfModule>

</IfModule>



https://github.com/gregrickaby/The-Perfect-Apache-Configuration/blob/master/http.conf