Wednesday, November 20, 2013

The-Perfect-Apache-Configuration 


# ----------------------------------------------------------------------



# Apache configuration file



# This file is best used in /apache2/httpd.conf, but works (slower) in .htaccess



#



# I've spent quite a bit of time compiling what I find to be optimial to me



# and my server. This file is based on:



# - HTML5BoilerPlate: https://github.com/h5bp/html5-boilerplate/



# - W3 Edge: http://www.w3-edge.com/



# - Yahoo! Best Practices: http://developer.yahoo.com/performance/rules.html



# - Caching Tutorial: http://www.mnot.net/cache_docs/



# - Personal experience



#



# v1.2 / 2013.07.01 / Greg Rickaby



# ----------------------------------------------------------------------







# Specify a Default Charset



AddDefaultCharset utf-8







# ----------------------------------------------------------------------



# Cache Control via HTTP Headers + Expires



# Generation of Expires and Cache-Control HTTP headers according to user-specified criteria



# http://httpd.apache.org/docs/2.0/mod/mod_headers.html



# ----------------------------------------------------------------------







# Expires Defaults



<IfModule mod_expires.c>



        ExpiresActive On



        # Set default expires to 2 days



        ExpiresDefault A172800



        ExpiresByType text/css A31536000



        ExpiresByType application/x-javascript A31536000



        ExpiresByType text/x-component A31536000



        ExpiresByType text/html A3600



        ExpiresByType text/richtext A3600



        ExpiresByType image/svg+xml A3600



        ExpiresByType text/plain A3600



        ExpiresByType text/xsd A3600



        ExpiresByType text/xsl A3600



        ExpiresByType text/xml A3600



        ExpiresByType video/asf A31536000



        ExpiresByType video/avi A31536000



        ExpiresByType image/bmp A31536000



        ExpiresByType application/java A31536000



        ExpiresByType video/divx A31536000



        ExpiresByType application/msword A31536000



        ExpiresByType application/vnd.ms-fontobject A31536000



        ExpiresByType application/x-msdownload A31536000



        ExpiresByType image/gif A31536000



        ExpiresByType application/x-gzip A31536000



        ExpiresByType image/x-icon A31536000



        ExpiresByType image/jpeg A31536000



        ExpiresByType application/vnd.ms-access A31536000



        ExpiresByType audio/midi A31536000



        ExpiresByType video/quicktime A31536000



        ExpiresByType audio/mpeg A31536000



        ExpiresByType video/mp4 A31536000



        ExpiresByType video/mpeg A31536000



        ExpiresByType application/vnd.ms-project A31536000



        ExpiresByType application/x-font-otf A31536000



        ExpiresByType application/vnd.oasis.opendocument.database A31536000



        ExpiresByType application/vnd.oasis.opendocument.chart A31536000



        ExpiresByType application/vnd.oasis.opendocument.formula A31536000



        ExpiresByType application/vnd.oasis.opendocument.graphics A31536000



        ExpiresByType application/vnd.oasis.opendocument.presentation A31536000



        ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000



        ExpiresByType application/vnd.oasis.opendocument.text A31536000



        ExpiresByType audio/ogg A31536000



        ExpiresByType application/pdf A31536000



        ExpiresByType image/png A31536000



        ExpiresByType application/vnd.ms-powerpoint A31536000



        ExpiresByType audio/x-realaudio A31536000



        ExpiresByType image/svg+xml A31536000



        ExpiresByType application/x-shockwave-flash A31536000



        ExpiresByType application/x-tar A31536000



        ExpiresByType image/tiff A31536000



        ExpiresByType application/x-font-ttf A31536000



        ExpiresByType audio/wav A31536000



        ExpiresByType audio/wma A31536000



        ExpiresByType application/vnd.ms-write A31536000



        ExpiresByType application/vnd.ms-excel A31536000



        ExpiresByType application/zip A31536000



</IfModule>







# No caching for dynamic files



<filesMatch "\.(php|cgi|pl|htm)$">



        ExpiresDefault A0



        Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"



        Header set Pragma "no-cache"



</filesMatch>







# 1 MIN



<filesMatch "\.(html)$">



        ExpiresDefault A60



        Header set Cache-Control "max-age=60, must-revalidate"



</filesMatch>







# 2 DAYS



<filesMatch "\.(xml|txt)$">



        ExpiresDefault A172800



        Header set Cache-Control "max-age=172800, must-revalidate"



</filesMatch>







# 1 WEEK



<filesMatch "\.(jpg|jpeg|png|gif|swf|js|css)$">



        ExpiresDefault A604800



        Header set Cache-Control "max-age=604800, must-revalidate"



</filesMatch>







# 1 MONTH



<filesMatch "\.(ico|pdf|flv)$">



        ExpiresDefault A2419200



        Header set Cache-Control "max-age=2419200, must-revalidate"



</filesMatch>







# ----------------------------------------------------------------------



# Mime Types



# Mime Associates the requested filename's extensions with the file's behavior and content



# http://httpd.apache.org/docs/2.0/mod/mod_mime.html



# ----------------------------------------------------------------------







<IfModule mod_mime.c>



        AddType text/css .css



        AddType application/x-javascript .js



        AddType text/x-component .htc



        AddType text/html .html .htm



        AddType text/richtext .rtf .rtx



        AddType image/svg+xml .svg .svgz



        AddType text/plain .txt



        AddType text/xsd .xsd



        AddType text/xsl .xsl



        AddType text/xml .xml



        AddType video/asf .asf .asx .wax .wmv .wmx



        AddType video/avi .avi



        AddType image/bmp .bmp



        AddType application/java .class



        AddType video/divx .divx



        AddType application/msword .doc .docx



        AddType application/vnd.ms-fontobject .eot



        AddType application/x-msdownload .exe



        AddType image/gif .gif



        AddType application/x-gzip .gz .gzip



        AddType image/x-icon .ico



        AddType image/jpeg .jpg .jpeg .jpe



        AddType application/vnd.ms-access .mdb



        AddType audio/midi .mid .midi



        AddType video/quicktime .mov .qt



        AddType audio/mpeg .mp3 .m4a



        AddType video/mp4 .mp4 .m4v



        AddType video/mpeg .mpeg .mpg .mpe



        AddType application/vnd.ms-project .mpp



        AddType application/x-font-otf .otf



        AddType application/vnd.oasis.opendocument.database .odb



        AddType application/vnd.oasis.opendocument.chart .odc



        AddType application/vnd.oasis.opendocument.formula .odf



        AddType application/vnd.oasis.opendocument.graphics .odg



        AddType application/vnd.oasis.opendocument.presentation .odp



        AddType application/vnd.oasis.opendocument.spreadsheet .ods



        AddType application/vnd.oasis.opendocument.text .odt



        AddType audio/ogg .ogg



        AddType application/pdf .pdf



        AddType image/png .png



        AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx



        AddType audio/x-realaudio .ra .ram



        AddType application/x-shockwave-flash .swf



        AddType application/x-tar .tar



        AddType image/tiff .tif .tiff



        AddType application/x-font-ttf .ttf .ttc



        AddType audio/wav .wav



        AddType audio/wma .wma



        AddType application/vnd.ms-write .wri



        AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw



        AddType application/zip .zip



</IfModule>







# ----------------------------------------------------------------------



# Gzip compression



# Compress content before it is delivered to the client



# http://httpd.apache.org/docs/2.0/mod/mod_deflate.html



# ----------------------------------------------------------------------







<IfModule mod_deflate.c>



        # Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/



        <IfModule mod_setenvif.c>



                <IfModule mod_headers.c>



                        SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding



                        RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding



                </IfModule>



        </IfModule>







        <IfModule filter_module>



                # HTML, TXT, CSS, JavaScript, JSON, XML, HTC:



                FilterDeclare   COMPRESS



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/css



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/plain



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/xml



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/x-component



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/javascript



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/json



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xml



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xhtml+xml



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/rss+xml



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/atom+xml



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/vnd.ms-fontobject



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/svg+xml



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/x-icon



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/x-font-ttf



                FilterProvider  COMPRESS  DEFLATE resp=Content-Type $font/opentype



                FilterChain     COMPRESS



                FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no



        </IfModule>







        <IfModule !mod_filter.c>



                # Legacy versions of Apache



                AddOutputFilterByType DEFLATE text/html text/plain text/css application/json



                AddOutputFilterByType DEFLATE application/javascript



                AddOutputFilterByType DEFLATE text/xml application/xml text/x-component



                AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml



                AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype



        </IfModule>







</IfModule>







# ----------------------------------------------------------------------



# Start rewrite engine



# Provides a rule-based rewriting engine to rewrite requested URLs on the fly



# http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html



# ----------------------------------------------------------------------







# FollowSymLinks must be enabled for this to work



<IfModule mod_rewrite.c>



        Options +FollowSymlinks



        RewriteEngine On



</IfModule>







# Block access to "hidden" directories whose names begin with a period



<IfModule mod_rewrite.c>



        RewriteCond %{SCRIPT_FILENAME} -d



        RewriteCond %{SCRIPT_FILENAME} -f



        RewriteRule "(^|/)\." - [F]



</IfModule>







# ----------------------------------------------------------------------



# Disable server signature (Security)



# Configures the Server HTTP response header



# http://httpd.apache.org/docs/2.2/mod/core.html#serversignature



# ----------------------------------------------------------------------







ServerSignature Off



ServerTokens Prod







# ----------------------------------------------------------------------



# Disable directory browsing (Security)



# Generates directory indexes, automatically, similar to the Unix ls command or the Win32 dir shell command



# http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html



# ----------------------------------------------------------------------







<IfModule mod_autoindex.c>



        Options -Indexes



</IfModule>







# ----------------------------------------------------------------------



# Block access to backup and source files (Security)



# This files may be left by some text/html editors and pose a great security danger



# ----------------------------------------------------------------------







<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">



        Order allow,deny



        Deny from all



        Satisfy All



</FilesMatch>







# ----------------------------------------------------------------------



# Increase cookie security (Security)



# This files may be left by some text/html editors and pose a great security danger



# ----------------------------------------------------------------------



<IfModule php5_module>



        php_value session.cookie_httponly true



</IfModule>







# ----------------------------------------------------------------------



# Webfont access



# Allow access from all domains for webfonts.



# ----------------------------------------------------------------------







<IfModule mod_headers.c>



        <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">



                Header set Access-Control-Allow-Origin "*"



        </FilesMatch>



</IfModule>







# ----------------------------------------------------------------------



# Force latest IE rendering engine



# ----------------------------------------------------------------------







<IfModule mod_headers.c>



        Header set X-UA-Compatible "IE=Edge,chrome=1"



                # mod_headers can't match by content-type, but we don't want to this header on everything



                <FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >



                        Header unset X-UA-Compatible



                </FilesMatch>



</IfModule>







# ----------------------------------------------------------------------



# Instructs the proxies to cache two versions of the resource: one compressed, and one uncompressed. 



# https://developers.google.com/speed/docs/best-practices/caching#LeverageProxyCaching



# ----------------------------------------------------------------------



<IfModule mod_headers.c>



  <FilesMatch "\.(js|css|xml|gz)$">



    Header append Vary: Accept-Encoding



  </FilesMatch>



</IfModule>







# ----------------------------------------------------------------------



# CORS-enabled images (@crossorigin)



# Send CORS headers if browsers request them; enabled by default for images.



# http://developer.mozilla.org/en/CORS_Enabled_Image



# http://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html



# http://hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/



# http://wiki.mozilla.org/Security/Reviews/crossoriginAttribute



# ----------------------------------------------------------------------







<IfModule mod_setenvif.c>



        <IfModule mod_headers.c>



                <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">



                        SetEnvIf Origin ":" IS_CORS



                        Header set Access-Control-Allow-Origin "*" env=IS_CORS



                </FilesMatch>



        </IfModule>



</IfModule>