-
Notifications
You must be signed in to change notification settings - Fork 0
/
_htaccess
260 lines (217 loc) · 11.4 KB
/
_htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
# $Id$ [This line is used to check that this configuration file is up to date. Do not edit this line and leave it as the first line.]
# These are suggested configuration directives for use with Tiki.
# They enhance security and permit clean URLs.
# In your Tiki instance, visit tiki-admin.php?page=sefurl to make Tiki use clean URLs in generated links.
#
# To use, ideally, create a symbolic link from .htaccess to _htaccess. This will keep the configuration up-to-date.
# If you can't, do one of the following:
# - Copy _htaccess to .htaccess. Note : Do not move (rename) _htaccess, it is required for other uses (like SEFURL).
# - Add the content of this file to your httpd.conf.
# This should be repeated when the reference _htaccess file changes (when upgrading Tiki).
#
# Please find more info here
# http://doc.tiki.org/Rewrite+Rules
# DEVELOPERS: This configuration must be kept synchronized with the configuration for other Web servers. See http://dev.tiki.org/Operating+System+independence#Keep_web.config_and_.htaccess_synchronized
#Redirect bogus directories, which otherwise cause a broken page to upload very slowly
#e.g., try yourdomain.com/bogus/ or yourdomain.com/tiki/bogus/ and see what happens
#The below may not work in all configurations depending on redirects already in place
#If certain directories containing other programs are legitimate (eg when tiki is installed in a subdirectory),
#then you will first need a condition like the following
#RewriteCond %{REQUEST_URI} !(^/otherokaydirectory/)
#Then use something like this if your tiki program is in a subdirectory
#RewriteRule ^(.+[^/])/$ /tiki/HomePage [R=301,L]
#Use this if tiki is installed in the root (above condition probably not necessary in this case)
#RewriteRule ^(.+[^/])/$ /HomePage [R=301,L]
# This prevents reading of files with certain extensions.
<FilesMatch "\.(bak|inc|lib|sh|tpl|sql)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
<FilesMatch "(changelog.txt|_htaccess)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
</IfModule>
</FilesMatch>
# This prevents reading of tags file for developers who run ctags on their server
#<Files tags>
# <IfModule mod_authz_core.c>
# Require all denied
# </IfModule>
# <IfModule !mod_authz_core.c>
# order deny,allow
# deny from all
# </IfModule>
#</Files>
<IfModule mod_dir.c>
DirectoryIndex index.php
# if using wiki as homepage feature you may avoid the home page name being appended to the url by replacing the previous line with the following line
#DirectoryIndex tiki-index.php index.php
</IfModule>
# Note in some distributions of Apache (e.g. Wampserver 2.5) you may also need to enable mod_filter as well as mod_deflate for this to work
<IfModule mod_deflate.c>
<IfModule mod_headers.c>
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>
AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json
<IfModule mod_mime.c>
# DEFLATE by extension
AddOutputFilter DEFLATE js css htm html xml
</IfModule>
</IfModule>
# Persistent connections: Allow multiple requests to be sent over
# the same TCP connection. Enable if you serve a lot of static content
# but, be aware of the possible disadvantages!
# http://httpd.apache.org/docs/current/en/mod/core.html#keepalive
<IfModule mod_headers.c>
#Header set Connection Keep-Alive
# When to update client cache
# Google suggests to use Expires in favour of Cache-Control
#Header unset Expires
Header unset Cache-Control
# How to figure out if client cache needs an update
# Google wants either Last-Modified or ETag
#Header unset ETag
</IfModule>
# Using ETags will improve the YSlow scores
FileETag none
# Expires headers: If the site is in active development, you may want to comment out this section.
<IfModule mod_expires.c>
<FilesMatch "(?i)\.(png|gif|jpg|ico)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
</FilesMatch>
<FilesMatch "(?i)\.(js|css)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
</FilesMatch>
</IfModule>
# if you want to use the Web Server Auth
#AuthType Basic
#AuthName "Restricted Access"
#AuthUserFile /etc/httpd/passwords
#Require valid-user
#
# ...or if you want to only restrict access to GET requests then use "Limit" like this
# (allows jcapture and other services that POST back to Tiki to work but will be less secure)
#
#<Limit GET>
# Require valid-user
#</Limit>
# Handling in Tiki errors caught by Apache
# Tiki can catch some errors and deal with them by redirecting to a similar page, sending you to the search, etc. However, some errors do not reach Tiki and are only caught by Apache (ex.: filenameThatDoesntExist.php).
# To make Tiki handle errors caught by Apache, uncomment some of the following lines and adapt the page names. You must create the pages before trying to use them.
#ErrorDocument 404 /tiki-index.php?page=File+not+found
#ErrorDocument 500 /tiki-index.php?page=Server+error
# Permanent redirect: Add directive as the example below. This is useful if you were using another Web application or static HTML and you want to avoid broken links.
# Redirect 301 /oldpage.html /tiki-index.php?page=newpage
# Tiki requires PHP 5. If your host doesn't offer PHP 5 by default, it's possible that it can be activated by using (uncommenting) the lines below. Check with your host.
# AddType application/x-httpd-php5 .php
# AddHandler application/x-httpd-php5 .php
# to activate the error display, uncomment the following line
#php_flag display_errors on
# to set the error_reporting level, uncomment the following line. Values are explained here: http://www.php.net/manual/en/errorfunc.constants.php
# php_value error_reporting E_ALL
# increase memory (default is 128M). Use this if you are getting blank pages and strange errors
# php_value memory_limit 256M
# increase execution time (default value in apache use to be 30, and in some cases of long wiki pages with many plugins it may take longer)
#php_value max_execution_time 90
# increase the maximum file size for uploads allowed by php for Tiki (default value in apache use to be 2M which is usually too low for pdf or documents with some images, screenshots, etc)
#php_value upload_max_filesize 10M
#php_value post_max_size 11M
# This sets the maximum time in seconds a script is allowed to parse input data, like POST and GET.
#php_value max_input_time 90
# In some cases you may see open_basedir warnings about Smarty accessing php files that it shouldn't
# The following line (uncommented) will reset the include path to use only Tiki's files which will solve this in most cases
#php_value include_path "."
# some features like assigning perms to a group with a name containing a quote will not work without this
#php_flag magic_quotes_gpc off
# Set a timezone (needed for dates and times to work properly in PHP)
# php_value date.timezone "America/New_York"
# if the php one doesn't work then this should set the apache environment variable
# SetEnv TZ America/New_York
# Set a character set
#php_value default_charset utf-8
# Turning on user and object information to be passed to server logs
#SetEnv TIKI_HEADER_REPORT_ID tikiwiki
#SetEnv TIKI_HEADER_REPORT_USER on
#SetEnv TIKI_HEADER_REPORT_OBJECT on
#SetEnv TIKI_HEADER_REPORT_EVENTS on
<IfModule mod_rewrite.c>
RewriteEngine On
# You may need to uncomment and fix the RewriteBase value below to suit your installation. e.g. if your Tiki is not installed directly in the web root.
# And if you get errors like "The requested URL /absolutepath/tiki-index.php was not found on this server",
# RewriteBase /tiki
# Rewrite rules to maintain any hard-coded URLs following http://dev.tiki.org/ImgDirectoryRevamp
RewriteRule ^img/icons2/(.*)$ img/icons/$1
RewriteRule ^pics/large/(.*)$ img/icons/large/$1
RewriteRule ^img/mytiki/(.*)$ img/icons/large/$1
RewriteRule ^pics/(.*)$ img/$1
RewriteRule ^images/(.*)$ img/icons/$1
# Apache does not pass Authorization header to CGI scripts
# Rewrite rules for passing authorisation in CGI or FGI mode
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
#If your website is a checkout
RewriteRule .*/\.svn/.* - [F,L]
# If the URL points to a file then do nothing
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule (.*) - [L]
# Rewrite rule to make this Tiki a profiles repository (uncomment to enable)
# Set the parentId (here set as 1) to the Id of the category containing your profile pages
# See http://doc.tiki.org/Profiles for more
# Note: you need to allow tiki_p_view_category and tiki_p_export_wiki for anonymous to be a repository
# and enable feature_wiki_export (as well as feature_wiki and feature_categories)
#RewriteRule ^profiles$ tiki-browse_categories.php?find=&deep=on&type=wiki+page&parentId=1&sort_mode=name_asc&plain&maxRecords=1000000 [L]
# Rule to make a short link to a list of object to export as a plain text sitemap
# Set the parentId (here set as 2) to the id of a category containing the objects you wish to be crawled by search engines
#
#RewriteRule ^sitemap.txt$ tiki-browse_categories.php?find=&deep=on&type=wiki+page&parentId=2&sort_mode=name_asc&links&maxRecords=1000000 [L]
RewriteRule .* route.php [L]
# access a link to any user by providing its username (exact match) after u:
# (uncomment to enable)
#RewriteRule ^u:([A-Za-z0-9]+) tiki-view_tracker_item.php?user=$1&view=+user [QSA,L]
# alternative procedure to show a list of users with that string
# (adapt with your user tracker id and user selector field id)
#RewriteRule ^u:([A-Za-z0-9]+) tiki-view_tracker.php?trackerId=1&filterfield=3&filtervalue\[3\]=$1 [QSA,L]
</IfModule>
# ----------------------------------------------------------------------
# CORS-enabled images (@crossorigin)
# ----------------------------------------------------------------------
# Send CORS headers if browsers request them; enabled by default for images.
# developer.mozilla.org/en/CORS_Enabled_Image
# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
# wiki.mozilla.org/Security/Reviews/crossoriginAttribute
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
# mod_headers, y u no match by Content-Type?!
<FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>
</IfModule>
# ----------------------------------------------------------------------
# Webfont access
# ----------------------------------------------------------------------
# Allow access from all domains for webfonts.
# Alternatively you could only whitelist your
# subdomains like "subdomain.example.com".
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>