From bf048c6e0d913b97c7f52fe3e3be382ef9e9ae50 Mon Sep 17 00:00:00 2001 From: Matthias Kretschmann Date: Thu, 18 Sep 2014 14:52:52 +0200 Subject: [PATCH] apache server config update --- _src/.htaccess | 109 +++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 96 insertions(+), 13 deletions(-) diff --git a/_src/.htaccess b/_src/.htaccess index 6efd5e87..f2d2fbe5 100644 --- a/_src/.htaccess +++ b/_src/.htaccess @@ -1,6 +1,6 @@ # BEGIN HTML5 Boilerplate -# Apache Server Configs v2.7.1 | MIT License +# Apache Server Configs v2.8.0 | MIT License # https://github.com/h5bp/server-configs-apache # (!) Using `.htaccess` files slows down Apache, therefore, if you have access @@ -12,7 +12,7 @@ # ############################################################################## # ------------------------------------------------------------------------------ -# | Cross-domain requests | +# | Cross-origin requests | # ------------------------------------------------------------------------------ # Allow cross-origin requests. @@ -35,6 +35,22 @@ +# ------------------------------------------------------------------------------ +# | Cross-origin resource timing | +# ------------------------------------------------------------------------------ + +# Allow cross-origin access to the timing information for all resources. + +# If a resource isn't served with a `Timing-Allow-Origin` header that would +# allow its timing information to be shared with the current document, some of +# the attributes of the `PerformanceResourceTiming` object will be set to zero. + +# http://www.w3.org/TR/resource-timing/ + +# +# Header set Timing-Allow-Origin: "*" +# + # ------------------------------------------------------------------------------ # | CORS-enabled images | # ------------------------------------------------------------------------------ @@ -231,6 +247,7 @@ AddDefaultCharset utf-8 .js \ .json \ .jsonld \ + .rdf \ .rss \ .topojson \ .vtt \ @@ -551,12 +568,13 @@ AddDefaultCharset utf-8 # The following header ensures that browser will ONLY connect to your server # via HTTPS, regardless of what the users type in the address bar. -# http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-14#section-6.1 -# http://www.html5rocks.com/en/tutorials/security/transport-layer-security/ - # IMPORTANT: Remove the `includeSubDomains` optional directive if the subdomains # are not using HTTPS. +# http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-14#section-6.1 +# http://www.html5rocks.com/en/tutorials/security/transport-layer-security/ +# http://blogs.msdn.com/b/ieinternals/archive/2014/08/18/hsts-strict-transport-security-attacks-mitigations-deployment-https.aspx + # # Header set Strict-Transport-Security "max-age=16070400; includeSubDomains" # @@ -596,11 +614,16 @@ AddDefaultCharset utf-8 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Mark certain resources as been compressed in order to: - # - # 1) prevent Apache from recompressing them - # 2) ensure that they are served with the correct - # `Content-Encoding` HTTP response header + # Map certain file types to the specified encoding type in order to + # make Apache serve them with the appropriate `Content-Encoding` HTTP + # response header (this will NOT make Apache compress them!). + + # If the following file types wouldn't be served without the appropriate + # `Content-Enable` HTTP response header, client applications (e.g.: + # browsers) wouldn't know that they first need to uncompress the response, + # and thus, wouldn't be able to understand the content. + + # http://httpd.apache.org/docs/current/mod/mod_mime.html#addencoding AddEncoding gzip svgz @@ -620,7 +643,9 @@ AddDefaultCharset utf-8 "application/json" \ "application/ld+json" \ "application/manifest+json" \ + "application/rdf+xml" \ "application/rss+xml" \ + "application/schema+json" \ "application/vnd.geo+json" \ "application/vnd.ms-fontobject" \ "application/x-font-ttf" \ @@ -633,6 +658,7 @@ AddDefaultCharset utf-8 "text/cache-manifest" \ "text/css" \ "text/html" \ + "text/javascript" \ "text/plain" \ "text/vtt" \ "text/x-component" \ @@ -686,6 +712,7 @@ FileETag None # Data interchange ExpiresByType application/json "access plus 0 seconds" ExpiresByType application/ld+json "access plus 0 seconds" + ExpiresByType application/schema+json "access plus 0 seconds" ExpiresByType application/vnd.geo+json "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType text/xml "access plus 0 seconds" @@ -701,6 +728,7 @@ FileETag None # JavaScript ExpiresByType application/javascript "access plus 1 year" + ExpiresByType text/javascript "access plus 1 year" # Manifest files ExpiresByType application/manifest+json "access plus 1 year" @@ -718,6 +746,7 @@ FileETag None # Web feeds ExpiresByType application/atom+xml "access plus 1 hour" + ExpiresByType application/rdf+xml "access plus 1 hour" ExpiresByType application/rss+xml "access plus 1 hour" # Web fonts @@ -766,7 +795,7 @@ FileETag None # # # Options +Includes -# AddOutputFilterByType INCLUDES application/javascript +# AddOutputFilterByType INCLUDES application/javascript text/javascript # SetOutputFilter INCLUDES # # @@ -778,17 +807,71 @@ FileETag None # # + +# ############################################################################## +# # MOBILE SPECIFIC # +# ############################################################################## + +# Proper MIME types + + + + # Blackberry + # http://docs.blackberry.com/en/developers/deliverables/18169/ + AddType application/x-bb-appworld bbaw + AddType text/vnd.rim.location.xloc xloc + + # Nokia + # http://www.developer.nokia.com/Community/Wiki/Apache_configuration_for_mobile_application_download + # http://wiki.forum.nokia.com/index.php/How_to_enable_OTA_(Over_The_Air)_SIS_install_from_your_website + AddType application/octet-stream sisx + AddType application/vnd.symbian.install sis + + + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +# Prevent mobile transcoding + +# +# +# Header append Cache-Control "no-transform" +# Header append Vary "User-Agent, Accept" +# +# + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +# Mobile Redirection Script is used to detect if user is viewing the site from +# mobile device. If the script detects the user is viewing from mobile phone, +# they will be redirected to the mobile version of the site. One thing to note +# is that if you want to allow the user on the mobile version of your site to +# have the option to switch to desktop version, you may consider using other +# methods like JavaScript or PHP at http://detectmobilebrowser.com/. +# +# To use the script, first, uncomment the lines below, and second, change +# 'http://www.example.com/mobile' to the URL of your mobile site. + +# +# RewriteEngine On +# RewriteBase / +# RewriteCond %{HTTP_USER_AGENT} android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge\ |maemo|midp|mmp|opera\ m(ob|in)i|palm(\ os)?|phone|p(ixi|re)\/|plucker|pocket|psp|symbian|treo|up\.(browser|link)|vodafone|wap|windows\ (ce|phone)|xda|xiino [NC,OR] +#RewriteCond %{HTTP_USER_AGENT} ^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a\ wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r\ |s\ )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1\ u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp(\ i|ip)|hs\-c|ht(c(\-|\ |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac(\ |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt(\ |\/)|klon|kpt\ |kwc\-|kyo(c|k)|le(no|xi)|lg(\ g|\/(k|l|u)|50|54|e\-|e\/|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(di|rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-|\ |o|v)|zz)|mt(50|p1|v\ )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v\ )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-|\ )|webc|whit|wi(g\ |nc|nw)|wmlb|wonu|x700|xda(\-|2|g)|yas\-|your|zeto|zte\-) [NC] +# RewriteRule ^$ http://www.example.com/mobile [R,L] +# + + # END HTML5 Boilerplate # Rewrite post urls RewriteBase / - + RewriteCond %{HTTPS} !=on RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ http://%1%{REQUEST_URI} [R] - + # redirect all index.html to parent folder RewriteCond %{REQUEST_URI} ^(.*/)index\.html$ [NC] RewriteRule . %1 [R=301,NE,L]