我的.htaccess文件如下,阅读了很多文章,博客,网站。我已经设计了它,但我知道它毕竟变得像杂乱一样,它仍然有消毒和完美的范围。 请建议我如何以最佳方式进行优化。
此代码主要讨论
1)重定向规则
2)内容安全政策
3)优化内容投放
4) MIME类型声明
> `ServerSignature Off
php_value max_input_vars 40000
php_value suhosin.get.max_vars 40000
php_value suhosin.post.max_vars 40000
php_value suhosin.request.max_vars 40000
# -------------------------------------------------------------------------------------------------------------- #
# BEGIN (mt) controlled settings
<IfModule !mod_fcgid.c>
AddHandler php-stable .php
</IfModule>
<IfModule mod_fcgid.c>
AddHandler fcgid-script .php
FcgidWrapper /etc/apache2/gs-bin/php-stable-wrapper .php
<Files *.php>
Options +ExecCGI
</Files>
</IfModule>
# END (mt) controlled settings
# -------------------------------------------------------------------------------------------------------------- #
# DECLARING MIME TYPES
<IfModule mod_mime.c>
AddType application/x-httpd-php .php
AddType application/x-httpd-php .phtml
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .php4
AddType application/x-httpd-php .html
AddType application/x-httpd-php-source .phps
AddType text/html .html
AddType text/css .css
AddType image/x-icon .ico
AddType font/woff .woff
AddType font/woff2 .woff2
AddType application/vnd.ms-fontobject .eot
AddType application/x-font-ttf .ttf .ttc
AddType font/opentype .otf
</IfModule>
# -------------------------------------------------------------------------------------------------------------- #
# EXTRA SECURITY HEADERS IN COOKIES
<IfModule mod_headers.c>
Header always set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
# Header set X-Frame-Options: DENY
Header set Access-Control-Allow-Origin "https://www.websitename.com/"
Header set Access-Control-Allow-Headers "X-accept-charset, X-accept, X-test-header, Origin, X-Requested-With, Content-Type, Accept"
Header set Access-Control-Allow-Methods "OPTIONS, GET, POST, PUT, DELETE"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Expose-Headers "Content-Type"
Header set x-xhr-request "true"
Header set Referrer-Policy: strict-origin-when-cross-origin
Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure; SameSite=Strict"
Header set Content-Security-Policy: "default-src 'self' https://*.youtube.com ; frame-ancestors 'none'; connect-src 'self' ; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.cartonrent.com/images/logo.png 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://cartonrent.com; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com "
Header set X-Content-Security-Policy: "default-src 'self' https://*.youtube.com ; frame-ancestors 'none'; connect-src 'self' ; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.cartonrent.com/images/logo.png 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://cartonrent.com; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com "
Header set X-WebKit-CSP: "default-src 'self' https://*.youtube.com ; frame-ancestors 'none'; connect-src 'self' ; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.cartonrent.com/images/logo.png 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://cartonrent.com; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com "
Header always set X-Permitted-Cross-Domain-Policies "master-only"
Header always set Cache-Control "public, max-age=31536000, immutable"
#Header always set Pragma "no-cache"
Header always set Expires "-1"
Header append Cache-Control "public"
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css)$">
Header unset Last-Modified
</FilesMatch>
<FilesMatch "\.(css|png|js)$">
Header set X-Content-Type-Options nosniff
</FilesMatch>
</IfModule>
# -------------------------------------------------------------------------------------------------------------- #
# REWRITE RULES
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L]
RewriteCond %{HTTP_USER_AGENT} libwww-perl.*
RewriteRule .* ? [F,L]
# Recursive rule to replace space by - from URI OR query string (anywhere)
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+(.*?)(?:\+|%20|\s)+(.+?)\sHTTP [NC]
RewriteRule ^ /%1-%2 [L,NE,R]
# Recursive rule to replace space by - from URI OR query string (anywhere)
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+(.*?)(?:\+|%20|\s)+(.+?)\sHTTP [NC]
RewriteRule ^ /%1-%2 [L,NE,R]
# URL Canonicalization (adding www. prefix to URL)
RewriteCond %{HTTP_HOST} !^www.websitename.com$ [NC]
RewriteRule ^(.*)$ https://www.websitename.com/$1 [R=301,L]
# Deny pages from all except XMLHttpRequest
RewriteCond %{HTTP:X-Requested-With} !=XMLHttpRequest
RewriteCond %{HTTP:X-REQUESTED-WITH} !^(XMLHttpRequest)$
RewriteRule table-view+.php$ - [L,F]
</IfModule>
# RewriteCond %{REQUEST_METHOD} ^TRACE
# RewriteRule .* - [F]
# -------------------------------------------------------------------------------------------------------------- #
# Keep Connection Alive
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>
# -------------------------------------------------------------------------------------------------------------- #
# SET THE DEFAULT LANGUAGE
DefaultLanguage en-US
# -------------------------------------------------------------------------------------------------------------- #
# SET THE DEFAULT CHARACTER SET
AddDefaultCharset UTF-8
AddCharset utf-8 .html .css .js
# -------------------------------------------------------------------------------------------------------------- #
# IMAGEMAGIK IMAGE COMPRESSION LIMIT
SetEnv MAGICK_THREAD_LIMIT 2
# -------------------------------------------------------------------------------------------------------------- #
# NO Etags
FileETag none
# -------------------------------------------------------------------------------------------------------------- #
# PREVENT FOLDER LISTING
IndexIgnore *
# DISABLE DIRECTORY BROWSING
Options All -Indexes
# -------------------------------------------------------------------------------------------------------------- #
# COMPRESS TEXT, HTML, JAVASCRIPT, CSS, XML, fonts:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/vtt
AddOutputFilterByType DEFLATE text/x-component
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/js
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/ld+json
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
# OR, COMPRESS CERTAIN FILE TYPES BY EXTENSION:
<files *.html>
SetOutputFilter DEFLATE
</files>
# Java script compression
<FilesMatch "\.js$">
RewriteEngine On
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{REQUEST_FILENAME}.gz -f
RewriteRule (.*)\.js$ $1\.js.gz [L]
ForceType text/javascript
</FilesMatch>
# Java script - vary accept encoding
<FilesMatch "\.js\.gz$">
ForceType text/javascript
Header set Content-Encoding gzip
Header set Vary Accept-Encoding
</FilesMatch>
#Enable gzip with mod_gzip
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
# -------------------------------------------------------------------------------------------------------------- #
# DENY ACCESS TO EVIL ROBOTS SITE RIPPERS OFFLINE BROWSERS AND OTHER NASTY SCUM
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]
RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]
RewriteCond %{HTTP_USER_AGENT} ^attach [OR]
RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]
# -------------------------------------------------------------------------------------------------------------- #
# SERVE CUSTOM ERROR PAGES
ErrorDocument 400 /errors/400.html
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
# -------------------------------------------------------------------------------------------------------------- #
# SETTINGS FOR PHP ERROR LOGING
# SUPPRESS PHP ERRORS FROM DISPLAYING IN THE BROWSER
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
# LOG PHP ERRORS TO A FILE
php_flag log_errors on
php_value error_reporting 32767
php_value error_log "errorlog/error.log"
# DISABLE LOGGING REPEATED ERRORS
php_flag ignore_repeated_errors on
# PREVENT ACCESS TO PHP ERROR LOG
<Files error.log>
Order allow,deny
Deny from all
Satisfy All
</Files>
# -------------------------------------------------------------------------------------------------------------- #
# Zlib Configuration
<ifModule mod_php4.c>
php_value zlib.output_compression 16386
</ifModule>
# handler for phpsuexec..
<FilesMatch "\.(css|style)$">
SetHandler application/x-httpd-php
</FilesMatch>
# Force “File Save As” Prompt for following files
AddType application/octet-stream .pdf
AddType application/octet-stream .zip
AddType application/octet-stream .mov
# -------------------------------------------------------------------------------------------------------------- #`