php-e107/e107.htaccess

# Custom error pages for php scripts only
<FilesMatch \.php$>
	ErrorDocument 400 /error.php?400
	ErrorDocument 401 /error.php?401
	ErrorDocument 403 /error.php?403
	ErrorDocument 404 /error.php?404
	ErrorDocument 500 /error.php?500
</FilesMatch>

### Performance
### AddDefaultCharset utf-8

### Security
	ServerSignature Off

#Header unset Pragma

# secure htaccess file
<Files .htaccess>
	order allow,deny
	deny from all
</Files>

# protect e107_config.php
<Files e107_config.php>
	order allow,deny
	deny from all
</Files>


### Block Bad Bots
	SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) HTTP_SAFE_BADBOT
	SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spiderman) HTTP_SAFE_BADBOT
	Deny from env=HTTP_SAFE_BADBOT

### Disable directory listing
	Options -Indexes -MultiViews

### limit file uploads to 10mb
### LimitRequestBody 10240000

<IfModule mod_rewrite.c>

    <IfModule mod_env.c>
        SetEnv HTTP_MOD_REWRITE On
        SetEnv HTTP_MOD_REWRITE_MEDIA On
        SetEnv HTTP_MOD_REWRITE_STATIC On
    </IfModule>

### enable rewrites
###	Options +FollowSymLinks 
	RewriteEngine On


### Set this to your e107 site root, path relative to web root
### Uncomment it in case your server isn't able to rewrite proper 
	#RewriteBase /
	
### Allow only GET and POST methods
	RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD)


	RewriteRule .* - [F]

### Rewrite for Image URLs
    ReWriteRule ^media\/img\/(a)?([\d]*)x(a)?([\d]*)\/(.*)?$ thumb.php?src=e_MEDIA_IMAGE/$5&$1w=$2&$3h=$4 [NC,L]
    ReWriteRule ^media\/avatar\/(a)?([\d]*)x(a)?([\d]*)\/(.*)?$ thumb.php?src=e_AVATAR/$5&$1w=$2&$3h=$4 [NC,L]
    RewriteRule ^media\/img\/([-A-Za-z0-9+/]*={0,3})\.(jpg|gif|png)?$ thumb.php?id=$1 [NC,L]
    ReWriteRule ^theme\/img\/(a)?([\d]*)x(a)?([\d]*)\/(.*)?$ thumb.php?src=e_THEME/$5&$1w=$2&$3h=$4 [NC,L]

### Rewrite for Static Scripts
    ReWriteRule ^static\/[0-9]*\/(.*)$ $1 [NC,L]

### send 404 on missing files in these folders 
	RewriteCond %{REQUEST_URI} !^/(e107_images|e107_files)/ 

### don't rewrite for existing files, directories and links
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_FILENAME} !-l 
	
### Single entry point ###
	RewriteRule .* index.php [L]

</IfModule>

### Mod_Expires Settings (when available)
### May be modified if required
    <IfModule mod_expires.c>
        ExpiresActive On
        ExpiresDefault "access plus 2 hours"
        ExpiresByType image/x-icon "access plus 1 year"
        ExpiresByType image/gif "access plus 1 week"
        ExpiresByType image/png "access plus 1 week"
        ExpiresByType image/jpg "access plus 1 week"
        ExpiresByType image/jpeg "access plus 1 week"
        ExpiresByType text/css "access plus 1 month"
        ExpiresByType application/javascript "access plus 1 month"
        ExpiresByType text/javascript "access plus 1 month"
        ExpiresByType text/x-javascript "access plus 1 month"
    </IfModule>

### Gzip Compression Module
<ifmodule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript application/xml text/xml application/rss+xml
</ifmodule>

<FilesMatch "\.(js|css|ico|pdf|flv|jpg|jpeg|png|gif|swf|mp3|mp4|eot|otf|ttc|ttf|woff|woff2)$">
    <IfModule mod_headers.c>
        Header set Cache-Control "public"
        Header unset Cookie
        Header unset Set-Cookie
      # Header set Access-Control-Allow-Origin "http://mydomain.com"
      # Header set Access-Control-Allow-Origin "*" # if you're really stuck.
  </IfModule>
</FilesMatch>


### Enable when developing locally. 
### SetEnv E_DEV true
.htaccess sync to 0.7 2010-12-20 15:41:01 +00:00			`# Custom error pages for php scripts only`
Error page improvement: template support. 2016-12-14 15:01:51 +01:00			`<FilesMatch \.php$>`
.htaccess sync to 0.7 2010-12-20 15:41:01 +00:00			`ErrorDocument 400 /error.php?400`
			`ErrorDocument 401 /error.php?401`
			`ErrorDocument 403 /error.php?403`
Revert htaccess changes. 2016-12-14 15:03:33 +01:00			`ErrorDocument 404 /error.php?404`
.htaccess sync to 0.7 2010-12-20 15:41:01 +00:00			`ErrorDocument 500 /error.php?500`
			`</FilesMatch>`

A few more security-related entries added. 2013-02-05 11:07:57 -08:00			`### Performance`
Fix for installation process - special hosting 2016-05-23 07:41:09 +02:00			`### AddDefaultCharset utf-8`
A few more security-related entries added. 2013-02-05 11:07:57 -08:00
			`### Security`
			`ServerSignature Off`

Issue #2600 defining e_HTTP_STATIC now applies to images (using thumbUrl/toImage) as well as js/css. eg. define('e_HTTP_STATIC', 'http://static.mydomain.com/'); 2017-04-28 15:07:36 -07:00			`#Header unset Pragma`

More .htaccess options added. Requires testing 2013-01-31 14:31:57 -08:00			`# secure htaccess file`
			`<Files .htaccess>`
A few more security-related entries added. 2013-02-05 11:07:57 -08:00			`order allow,deny`
			`deny from all`
More .htaccess options added. Requires testing 2013-01-31 14:31:57 -08:00			`</Files>`

			`# protect e107_config.php`
			`<Files e107_config.php>`
A few more security-related entries added. 2013-02-05 11:07:57 -08:00			`order allow,deny`
			`deny from all`
More .htaccess options added. Requires testing 2013-01-31 14:31:57 -08:00			`</Files>`


A few more security-related entries added. 2013-02-05 11:07:57 -08:00			`### Block Bad Bots`
			`SetEnvIfNoCase ^User-Agent$ .*(craftbot\|download\|extract\|stripper\|sucker\|ninja\|clshttp\|webspider\|leacher\|collector\|grabber\|webpictures) HTTP_SAFE_BADBOT`
			`SetEnvIfNoCase ^User-Agent$ .*(libwww-perl\|aesop_com_spiderman) HTTP_SAFE_BADBOT`
			`Deny from env=HTTP_SAFE_BADBOT`
More .htaccess options added. Requires testing 2013-01-31 14:31:57 -08:00
A few more security-related entries added. 2013-02-05 11:07:57 -08:00			`### Disable directory listing`
Fixes #2797 during install. htaccess fix for when Apache "MultiViews" is enabled and messes up News SEF URLs. 2017-09-23 16:22:06 -07:00			`Options -Indexes -MultiViews`
More .htaccess options added. Requires testing 2013-01-31 14:31:57 -08:00
A few more security-related entries added. 2013-02-05 11:07:57 -08:00			`### limit file uploads to 10mb`
			`### LimitRequestBody 10240000`
More .htaccess options added. Requires testing 2013-01-31 14:31:57 -08:00
htaccess fixes - thanks streaky 2008-12-03 20:57:22 +00:00			`<IfModule mod_rewrite.c>`
Fixes #937 - detect of mod-rewrite is possible. New constant: e_MOD_REWRITE 2015-03-31 07:25:39 -07:00
Issue #937 Allow for e_MOD_REWRITE in e107_config.php on servers which don't have the mod_env module. (needed for .htaccess detection to function.) 2015-04-01 02:09:25 -07:00			`<IfModule mod_env.c>`
			`SetEnv HTTP_MOD_REWRITE On`
Added compression to generated PNG thumbnails. Additional module configurations added to e107.htaccess 2016-02-07 10:53:15 -08:00			`SetEnv HTTP_MOD_REWRITE_MEDIA On`
Closes #2596 - Enhancement to remove query strings from static resources. 2017-04-26 13:58:01 -07:00			`SetEnv HTTP_MOD_REWRITE_STATIC On`
Issue #937 Allow for e_MOD_REWRITE in e107_config.php on servers which don't have the mod_env module. (needed for .htaccess detection to function.) 2015-04-01 02:09:25 -07:00			`</IfModule>`
Fixes #937 - detect of mod-rewrite is possible. New constant: e_MOD_REWRITE 2015-03-31 07:25:39 -07:00
More News work, front-end started (rewrites are BROKEN), work in progres 2009-09-13 16:37:18 +00:00			`### enable rewrites`
Fix for installation process - special hosting 2016-05-23 07:41:09 +02:00			`### Options +FollowSymLinks`
More News work, front-end started (rewrites are BROKEN), work in progres 2009-09-13 16:37:18 +00:00			`RewriteEngine On`
eURL news mod rewrite profile - work in progress 2008-12-02 23:44:19 +00:00
A few more security-related entries added. 2013-02-05 11:07:57 -08:00
News front-end done - SEO, real SEF URLs (category list, item view), default item view changed to 'extend', default category list changed to 'list', comments are rendered now by news code, new and improved news shortcodes 2009-09-14 18:22:16 +00:00			`### Set this to your e107 site root, path relative to web root`
RewriteBase made optional in htaccess template (rewrite should work fine without it in almost every case) 2011-12-10 00:08:51 +00:00			`### Uncomment it in case your server isn't able to rewrite proper`
			`#RewriteBase /`
A few more security-related entries added. 2013-02-05 11:07:57 -08:00
			`### Allow only GET and POST methods`
			`RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS\|HEAD)`
Fixes #1257 SEFURLs for thumb images. Needs testing. See e107.htaccess for required additions/modifications - Set HTTP_MOD_REWRITE_MEDIA to "On" 2016-02-03 18:17:14 -08:00

A few more security-related entries added. 2013-02-05 11:07:57 -08:00			`RewriteRule .* - [F]`
eURL news mod rewrite profile - work in progress 2008-12-02 23:44:19 +00:00
Fixes #1257 SEFURLs for thumb images. Needs testing. See e107.htaccess for required additions/modifications - Set HTTP_MOD_REWRITE_MEDIA to "On" 2016-02-03 18:17:14 -08:00			`### Rewrite for Image URLs`
			`ReWriteRule ^media\/img\/(a)?([\d])x(a)?([\d])\/(.*)?$ thumb.php?src=e_MEDIA_IMAGE/$5&$1w=$2&$3h=$4 [NC,L]`
Issue #1257 Added SEF Thumb Urls for Avatar images. 2016-02-04 12:42:48 -08:00			`ReWriteRule ^media\/avatar\/(a)?([\d])x(a)?([\d])\/(.*)?$ thumb.php?src=e_AVATAR/$5&$1w=$2&$3h=$4 [NC,L]`
Fixes #1257 SEFURLs for thumb images. Needs testing. See e107.htaccess for required additions/modifications - Set HTTP_MOD_REWRITE_MEDIA to "On" 2016-02-03 18:17:14 -08:00			`RewriteRule ^media\/img\/([-A-Za-z0-9+/]*={0,3})\.(jpg\|gif\|png)?$ thumb.php?id=$1 [NC,L]`
SEF URL supported for theme images (within media-manager) added. LOGO resizing is now on by default when pref is used. 2016-02-06 19:33:23 -08:00			`ReWriteRule ^theme\/img\/(a)?([\d])x(a)?([\d])\/(.*)?$ thumb.php?src=e_THEME/$5&$1w=$2&$3h=$4 [NC,L]`
Fixes #1257 SEFURLs for thumb images. Needs testing. See e107.htaccess for required additions/modifications - Set HTTP_MOD_REWRITE_MEDIA to "On" 2016-02-03 18:17:14 -08:00
Closes #2596 - Enhancement to remove query strings from static resources. 2017-04-26 13:58:01 -07:00			`### Rewrite for Static Scripts`
			`ReWriteRule ^static\/[0-9]\/(.)$ $1 [NC,L]`

More News work, front-end started (rewrites are BROKEN), work in progres 2009-09-13 16:37:18 +00:00			`### send 404 on missing files in these folders`
			`RewriteCond %{REQUEST_URI} !^/(e107_images\|e107_files)/`

			`### don't rewrite for existing files, directories and links`
			`RewriteCond %{REQUEST_FILENAME} !-f`
			`RewriteCond %{REQUEST_FILENAME} !-d`
			`RewriteCond %{REQUEST_FILENAME} !-l`

htaccess changes to fit system single entry point 2011-11-25 17:58:03 +00:00			`### Single entry point ###`
index.php is now system entry point, front page detection moved to index controller; various stabillity fixes and url admin interface improvements; htaccess template modfied to meet entry point changes; front page preference values (Front Page admin page) prefixed with 'url:' and 'route:' now accepted and recognized; full backward compatibility so far. 2011-12-01 22:08:23 +00:00			`RewriteRule .* index.php [L]`
More News work, front-end started (rewrites are BROKEN), work in progres 2009-09-13 16:37:18 +00:00
htaccess fixes - thanks streaky 2008-12-03 20:57:22 +00:00			`</IfModule>`
Renamed install_php to install.php Use .htaccess "SetEnv E_DEV true" to disable the 'delete install.php file' message when developing locally. 2013-05-25 19:17:21 -07:00
Added compression to generated PNG thumbnails. Additional module configurations added to e107.htaccess 2016-02-07 10:53:15 -08:00			`### Mod_Expires Settings (when available)`
			`### May be modified if required`
			`<IfModule mod_expires.c>`
			`ExpiresActive On`
			`ExpiresDefault "access plus 2 hours"`
Incorrect closing quote on line 86 of e107.htaccess Incorrect closing quote on line 86 of e107.htaccess 2016-11-27 15:04:04 +00:00			`ExpiresByType image/x-icon "access plus 1 year"`
Added compression to generated PNG thumbnails. Additional module configurations added to e107.htaccess 2016-02-07 10:53:15 -08:00			`ExpiresByType image/gif "access plus 1 week"`
			`ExpiresByType image/png "access plus 1 week"`
			`ExpiresByType image/jpg "access plus 1 week"`
			`ExpiresByType image/jpeg "access plus 1 week"`
			`ExpiresByType text/css "access plus 1 month"`
			`ExpiresByType application/javascript "access plus 1 month"`
			`ExpiresByType text/javascript "access plus 1 month"`
			`ExpiresByType text/x-javascript "access plus 1 month"`
			`</IfModule>`

Compress the secureImg. TinyMce also decoding theme SEF image URLs now. 2016-02-07 11:16:00 -08:00			`### Gzip Compression Module`
Added compression to generated PNG thumbnails. Additional module configurations added to e107.htaccess 2016-02-07 10:53:15 -08:00			`<ifmodule mod_deflate.c>`
			`AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript application/xml text/xml application/rss+xml`
			`</ifmodule>`

Issue #2600 defining e_HTTP_STATIC now applies to images (using thumbUrl/toImage) as well as js/css. eg. define('e_HTTP_STATIC', 'http://static.mydomain.com/'); 2017-04-28 15:07:36 -07:00			`<FilesMatch "\.(js\|css\|ico\|pdf\|flv\|jpg\|jpeg\|png\|gif\|swf\|mp3\|mp4\|eot\|otf\|ttc\|ttf\|woff\|woff2)$">`
Add IfModule mod_headers.c conditional directive. 2017-05-20 05:16:04 +04:00			`<IfModule mod_headers.c>`
			`Header set Cache-Control "public"`
			`Header unset Cookie`
			`Header unset Set-Cookie`
			`# Header set Access-Control-Allow-Origin "http://mydomain.com"`
Insert email address automatically during Social login if found and missing from database. 2017-10-23 13:01:19 -07:00			`# Header set Access-Control-Allow-Origin "*" # if you're really stuck.`
Add IfModule mod_headers.c conditional directive. 2017-05-20 05:16:04 +04:00			`</IfModule>`
Closes #2596 - Enhancement to remove query strings from static resources. 2017-04-26 13:58:01 -07:00			`</FilesMatch>`

Added compression to generated PNG thumbnails. Additional module configurations added to e107.htaccess 2016-02-07 10:53:15 -08:00
Renamed install_php to install.php Use .htaccess "SetEnv E_DEV true" to disable the 'delete install.php file' message when developing locally. 2013-05-25 19:17:21 -07:00			`### Enable when developing locally.`
			`### SetEnv E_DEV true`