BEST HTACCESS CHEAT SHEET FOR SEO PERFORMANCE!!

###Do not copy&paste whole file, find only interesting parts!###

##Paste rewrite rules after the "RewriteEngine on" directive##

Table of Contents

Rewrite and Redirection
Force www
Force www in a Generic Way
Force non-www
Force non-www in a Generic Way
Force HTTPS
Force HTTPS Behind a Proxy
Force Trailing Slash
Remove Trailing Slash
Redirect a Single Page
Redirect Using RedirectMatch
Alias a Single Directory
Alias Paths to Script
Redirect an Entire Site
Alias "Clean" URLs
Exclude a URL from Redirection
Security
Deny All Access
Deny All Access Except Yours
Allow All Access Except Spammers'
Deny Access to Hidden Files and Directories
Deny Access to Backup and Source Files
Disable Directory Browsing
Disable Image Hotlinking
Disable Image Hotlinking for Specific Domains
Password Protect a Directory
Password Protect a File or Several Files
Block Visitors by Referrer
Prevent Framing the Site
Performance
Compress Text Files
Set Expires Headers
Turn eTags Off
Miscellaneous
Set PHP Variables
Custom Error Pages
Force Downloading
Prevent Downloading
Allow Cross-Domain Fonts
Auto UTF-8 Encode
Switch to Another PHP Version
Disable Internet Explorer Compatibility View
Serve WebP Images

#Rewrite and Redirection

#Note: It is assumed that you have mod_rewrite installed and enabled.
#Force www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]

#Force www in a Generic Way

RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

#This works for any domain. Source
Force non-www

#It’s still open for debate whether www or non-www is the way to go, so if you happen to be a fan of bare domains, here you go:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

#Force non-www in a Generic Way

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTPS}s ^on(s)|off
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]

#Force HTTPS

RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

# Note: It’s also recommended to enable HTTP Strict Transport Security (HSTS)
# on your HTTPS website to help prevent man-in-the-middle attacks.
# See https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security

# Remove "includeSubDomains" if you don't want to enforce HSTS on all subdomains
Header always set Strict-Transport-Security "max-age=31536000;includeSubDomains"

#Force HTTPS Behind a Proxy

#Useful if you have a proxy in front of your server performing TLS termination.

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

#Force Trailing Slash

RewriteCond %{REQUEST_URI} /+[^\.]+$
RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]

#Remove Trailing Slash

#This snippet will redirect paths ending in slashes to their non-slash-terminated counterparts (except for actual directories), e.g. http://www.example.com/blog/ to http://www.example.com/blog. This #is important for SEO, since it’s recommended to have a canonical URL for every page.

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [R=301,L]

#Redirect a Single Page

Redirect 301 /oldpage.html http://www.example.com/newpage.html
Redirect 301 /oldpage2.html http://www.example.com/folder/

#Redirect Using RedirectMatch

RedirectMatch 301 /subdirectory(.*) http://www.newsite.com/newfolder/$1
RedirectMatch 301 ^/(.*).htm$ /$1.html
RedirectMatch 301 ^/200([0-9])/([^01])(.*)$ /$2$3
RedirectMatch 301 ^/category/(.*)$ /$1
RedirectMatch 301 ^/(.*)/htaccesselite-ultimate-htaccess-article.html(.*) /htaccess/htaccess.html
RedirectMatch 301 ^/(.*).html/1/(.*) /$1.html$2
RedirectMatch 301 ^/manual/(.*)$ http://www.php.net/manual/$1
RedirectMatch 301 ^/dreamweaver/(.*)$ /tools/$1
RedirectMatch 301 ^/z/(.*)$ http://static.askapache.com/$1

#Alias a Single Directory

RewriteEngine On
RewriteRule ^source-directory/(.*) /target-directory/$1 [R=301,L]

#Alias Paths to Script

#FallbackResource /index.fcgi

#This example has an index.fcgi file in some directory, and any requests within that directory that fail to resolve a filename/directory will be sent to the index.fcgi script. It’s good if you want #baz.foo/some/cool/path to be handled by baz.foo/index.fcgi (which also supports requests to baz.foo) while maintaining baz.foo/css/style.css and the like. Get access to the original path from the #PATH_INFO environment variable, as exposed to your scripting environment.

RewriteEngine On
RewriteRule ^$ index.fcgi/ [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]

#This is a less efficient version of the FallbackResource directive (because using mod_rewrite is more complex than just handling the FallbackResource directive), but it’s also more flexible.
#Redirect an Entire Site

Redirect 301 / http://newsite.com/

#This way does it with links intact. That is www.oldsite.com/some/crazy/link.html will become www.newsite.com/some/crazy/link.html. This is extremely helpful when you are just “moving” a site to a #new domain.

#Alias “Clean” URLs
#This snippet lets you use “clean” URLs -- those without a PHP extension, e.g. example.com/users instead of example.com/users.php.

RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^([^.]+)$ $1.php [NC,L]

#Exclude URL from Redirection

#This snippet allows you to exclude a URL from redirection. For example, if you have redirection rules setup but want to exclude robots.txt so search engines can access that URL as expected.

RewriteEngine On
RewriteRule ^robots.txt - [L]

#Security
#Deny All Access

## Apache 2.2
Deny from all

## Apache 2.4
# Require all denied

#But wait, this will lock you out from your content as well! Thus introducing...
#Deny All Access Except Yours

## Apache 2.2
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx

## Apache 2.4
# Require all denied
# Require ip xxx.xxx.xxx.xxx

#xxx.xxx.xxx.xxx is your IP. If you replace the last three digits with 0/12 for example, this will specify a range of IPs within the same network, thus saving you the trouble to list all allowed #IPs separately.

#Now of course there's a reversed version:
Allow All Access Except Spammers'

## Apache 2.2
Order deny,allow
Deny from xxx.xxx.xxx.xxx
Deny from xxx.xxx.xxx.xxy

## Apache 2.4
# Require all granted
# Require not ip xxx.xxx.xxx.xxx
# Require not ip xxx.xxx.xxx.xxy

#Deny Access to Hidden Files and Directories

#Hidden files and directories (those whose names start with a dot .) should most, if not all, of the time be secured. For example: .htaccess, .htpasswd, .git, .hg...

RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]

#Alternatively, you can just raise a “Not Found” error, giving the attacker no clue:

RedirectMatch 404 /\..*$

#Deny Access to Backup and Source Files

#These files may be left by some text/HTML editors (like Vi/Vim) and pose a great security danger if exposed to public.


## Apache 2.2
Order allow,deny
Deny from all
Satisfy All

## Apache 2.4
# Require all denied

#Source
#Disable Directory Browsing

Options All -Indexes

#Disable Image Hotlinking

RewriteEngine on
# Remove the following line if you want to block blank referrer too
RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^https?://(.+\.)?example.com [NC]
RewriteRule \.(jpe?g|png|gif|bmp)$ - [NC,F,L]

# If you want to display a “blocked” banner in place of the hotlinked image,
# replace the above rule with:
# RewriteRule \.(jpe?g|png|gif|bmp) http://example.com/blocked.png [R,L]

#Disable Image Hotlinking for Specific Domains

#Sometimes you want to disable image hotlinking from some bad guys only.

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https?://(.+\.)?badsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://(.+\.)?badsite2\.com [NC,OR]
RewriteRule \.(jpe?g|png|gif|bmp)$ - [NC,F,L]

# If you want to display a “blocked” banner in place of the hotlinked image,
# replace the above rule with:
# RewriteRule \.(jpe?g|png|gif|bmp) http://example.com/blocked.png [R,L]

#Password Protect a Directory

#First you need to create a .htpasswd file somewhere in the system:

htpasswd -c /home/fellowship/.htpasswd boromir

#Then you can use it for authentication:

AuthType Basic
AuthName "One does not simply"
AuthUserFile /home/fellowship/.htpasswd
Require valid-user

Password Protect a File or Several Files

AuthName "One still does not simply"
AuthType Basic
AuthUserFile /home/fellowship/.htpasswd


Require valid-user


Require valid-user

#Block Visitors by Referrer

#This denies access for all users who are coming from (referred by) a specific domain. Source

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} somedomain\.com [NC,OR]
RewriteCond %{HTTP_REFERER} anotherdomain\.com
RewriteRule .* - [F]

#Prevent Framing the Site

#This prevents the website to be framed (i.e. put into an iframe tag), when still allows framing for a specific URI.

SetEnvIf Request_URI "/starry-night" allow_framing=true
Header set X-Frame-Options SAMEORIGIN env=!allow_framing

#Performance
#Compress Text Files

# Force compression for mangled headers.
# https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html


SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding

# Compress all output labeled with one of the following MIME-types
# (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
#and can remove the `` and `` lines
#as `AddOutputFilterByType` is still in the core directives).

AddOutputFilterByType DEFLATE application/atom+xml \
application/javascript \
application/json \
application/rss+xml \
application/vnd.ms-fontobject \
application/x-font-ttf \
application/x-web-app-manifest+json \
application/xhtml+xml \
application/xml \
font/opentype \
image/svg+xml \
image/x-icon \
text/css \
text/html \
text/plain \
text/x-component \
text/xml

#Source
#Set Expires Headers

#Expires headers tell the browser whether they should request a specific file from the server or just grab it from the cache. It is advisable to set static content's expires headers to something #far in the future.

#If you don’t control versioning with filename-based cache busting, consider lowering the cache time for resources like CSS and JS to something like 1 week. Source


ExpiresActive on
ExpiresDefault"access plus 1 month"

# CSS
ExpiresByType text/css"access plus 1 year"

# Data interchange
ExpiresByType application/json"access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType text/xml"access plus 0 seconds"

# Favicon (cannot be renamed!)
ExpiresByType image/x-icon"access plus 1 week"

# HTML components (HTCs)
ExpiresByType text/x-component"access plus 1 month"

# HTML
ExpiresByType text/html "access plus 0 seconds"

# JavaScript
ExpiresByType application/javascript"access plus 1 year"

# Manifest files
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"

# Media
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg"access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/webm"access plus 1 month"

# Web feeds
ExpiresByType application/atom+xml"access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"

# Web fonts
ExpiresByType application/font-woff2"access plus 1 month"
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType application/x-font-ttf"access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"

Turn eTags Off

By removing the ETag header, you disable caches and browsers from being able to validate files, so they are forced to rely on your Cache-Control and Expires header. Source


Header unset ETag

FileETag None

Miscellaneous
Set PHP Variables

php_value

# For example:
php_value upload_max_filesize 50M
php_value max_execution_time 240

Custom Error Pages

ErrorDocument 500 "Houston, we have a problem."
ErrorDocument 401 http://error.example.com/mordor.html
ErrorDocument 404 /errors/halflife3.html

Force Downloading

Sometimes you want to force the browser to download some content instead of displaying it.


ForceType application/octet-stream
Header set Content-Disposition attachment

Now there is a yang to this yin:
Prevent Downloading

Sometimes you want to force the browser to display some content instead of downloading it.


Header set Content-Type text/plain

Allow Cross-Domain Fonts

CDN-served webfonts might not work in Firefox or IE due to CORS. This snippet solves the problem.



Header set Access-Control-Allow-Origin "*"

Source
Auto UTF-8 Encode

Your text content should always be UTF-8 encoded, no?

# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8

# Force UTF-8 for a number of file formats
AddCharset utf-8 .atom .css .js .json .rss .vtt .xml

Source
Switch to Another PHP Version

If you’re on a shared host, chances are there are more than one version of PHP installed, and sometimes you want a specific version for your website. The following snippet should switch the PHP version for you.

AddHandler application/x-httpd-php56 .php

# Alternatively, you can use AddType
AddType application/x-httpd-php56 .php

Disable Internet Explorer Compatibility View

Compatibility View in IE may affect how some websites are displayed. The following snippet should force IE to use the Edge Rendering Engine and disable the Compatibility View.


BrowserMatch MSIE is-msie
Header set X-UA-Compatible IE=edge env=is-msie

Serve WebP Images

If WebP images are supported and an image with a .webp extension and the same name is found at the same place as the jpg/png image that is going to be served, then the WebP image is served instead.

RewriteEngine On
RewriteCond %{HTTP_ACCEPT} image/webp
RewriteCond %{DOCUMENT_ROOT}/$1.webp -f
RewriteRule (.+)\.(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]


# 301 redirect

RewriteEngine on Redirect 301 /old-url /new-url



#####Redirect Entire Site

Redirect 301 / https://domainnamehere.com/



#####Permanent Page Redirect

Redirect 301 /oldlink.html https://domainnamehere.com/help/
Redirect 301 /oldlink https://domainnamehere.com/about/



#####Alias Directory

RewriteRule ^source_directory/(.*) target_directory/$1


#####Force HTTPS

RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}



#####Force www

RewriteCond %{HTTP_HOST} ^domainnamehere\.com [NC]
RewriteRule ^(.*)$ http://www.domainnamehere.com/$1 [L,R=301,NC]



#####Force non-www

RewriteCond %{HTTP_HOST} ^www\.domainnamehere\.com [NC]
RewriteRule ^(.*)$ http://domainnamehere.com/$1 [L,R=301]



####EXTENIONLESS###URLS####
#######################
#remove .php but let your scripts run 🙂

RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^([^.]+)$ $1.php [NC,L]



# 301 Redirect .php Extension

RewriteCond %{THE_REQUEST} \.php
RewriteRule ^(.*)\.php$ /$1 [R=301,L]


# 301 Redirect Trailing slash

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(.*)$
RewriteRule ^(.*)$ https://domainnamehere.com/$1 [R=301,L]



###### .html EXTENSION REDIECTS

RewriteCond %{THE_REQUEST} \.html
RewriteRule ^(.*)\.html$ /$1 [R=301,L]



###### .htm EXTENSION REDIECTS

RewriteCond %{THE_REQUEST} \.htm
RewriteRule ^(.*)\.htm$ /$1 [R=301,L]



#####Custom Error Pages

ErrorDocument 500 "Sorry, something went wrong!"
ErrorDocument 404 https://domainnamehere.com/



#####Block IP Address

Order deny,allow
Allow from all
Deny from 123.123.123.123
Deny from 123.123.123.123



#####Allow Access From Only One IP

Require all denied
Require ip 123.123.123.123



#Block hidden files except .well-known - Apache

RewriteRule "(^|/)\.(?!well-known\/)" - [F]



#HTTP authentification

AuthType Basic AuthName "Log in"
AuthUserFile /path/to/.htpasswd Require valid-user



#Security headers


Header set X-XSS-Protection "1; mode=block" Header set X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff Header set Strict-Transport-Security "max-age=15768000;" env=HTTPS



#Expires Headers - static files



ExpiresActive on
ExpiresDefault "access plus 365 days"



#Cache control - static files



Header set Cache-Control "max-age=31536000, public"



#Gzip


AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/richtext
image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/javascript



#WP - block xmlrpc.php

order deny,allow deny from all #JetPack + other Automattic networks allow from 76.74.254.0/25 allow from 216.151.209.64/26 allow from 66.135.48.128/25 allow from 69.174.248.128/25 allow from 76.74.255.0/25 allow from 216.151.210.0/25 allow from 76.74.248.128/25 allow from 207.198.112.0/23 allow from 207.198.101.0/25 allow from 198.181.116.0/24 allow from 192.0.64.0/18 allow from 66.155.38.0/24 allow from 209.15.21.0/24 allow from 64.34.206.0/24



#WP - allow wp-login.php only from specified IP


order deny,allow
allow from x.x.x.x
deny from all



#WP - block whole wp-admin - .htaccess in this folder

order deny,allow
allow from x.x.x.x
deny from all

order allow,deny
allow from all
satisfy any


order allow,deny
allow from all
satisfy any



#WP - block PHP in uploads 1st method - .htaccess in /wp-content/uploads/


order allow,deny
deny from all



#WP - block PHP in uploads 2nd method - global .htaccess

RewriteRule ^(.*)/uploads/(.*)\.php$ - [F]



#WP - block username harvesting

RewriteCond %{QUERY_STRING} author=
RewriteRule ^(.*)$ - [R=403,NC,L]



#WP - block direct POSTs

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} ^$ RewriteRule ^ - [F,L]



#Redirect from HTTP to HTTPS and from non-www to www #non-www to www (+https)

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,QSA,NE,R=301]



#http to https

RewriteCond %{HTTPS} !on
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,NE,R=301]



##GEO IP
#allow country with mod_geoip 1st option


GeoIPEnable On
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(US)$
RewriteRule ^(.*)$ - [F,L]



#block country with mod_geoip 1st option


GeoIPEnable On
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(RU|CN)$
RewriteRule ^(.*)$ - [F,L]



#allow country with mod_geoip 2nd option


GeoIPEnable On
SetEnvIf
GEOIP_COUNTRY_CODE US
AllowCountry
deny from all
allow from env=AllowCountry

#block country with mod_geoip 2nd option


GeoIPEnable On
SetEnvIf
GEOIP_COUNTRY_CODE RU
BlockCountry
SetEnvIf
GEOIP_COUNTRY_CODE CN
BlockCountry
deny from env=BlockCountry

# AddType TYPE/SUBTYPE EXTENSION
AddType audio/mpeg mp3
AddType audio/mp4 m4a
AddType audio/ogg ogg
AddType audio/ogg oga
AddType audio/webm webma
AddType audio/wav wav

########

# BEGIN W3TC Page Cache cache
AddDefaultCharset UTF-8
FileETag MTime Size

AddType text/html .html_gzip
AddEncoding gzip .html_gzip
AddType text/xml .xml_gzip
AddEncoding gzip .xml_gzip


SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
SetEnvIfNoCase Request_URI \.xml_gzip$ no-gzip

# END W3TC Page Cache cache

###################################

##############################################################################

# .html PAGE REDIECTS
RewriteCond %{THE_REQUEST} \.html
RewriteRule ^(.*)\.php$ /$1 [R=301,L]

AddType application/x-httpd-php .html .htm

# .html PAGE REDIECTS

SetHandler application/x-httpd-php

# serve alternate default index page
DirectoryIndex index.php

redirect 301 /inex25.php /

# Redirect index to root
RewriteRule ^(.*)index\.(php|html|htm)$ /$1 [R=301,L]

# protect against DOS attacks by limiting file upload size
LimitRequestBody 10240000

#Misc.
AddType video/ogg .ogv
AddType audio/ogg .oga

#########################################################
# Video Caching

Header set Expires "Mon, 27 Mar 2038 13:33:37 GMT"
Header set Cache-Control "max-age=604800, must-revalidate"


ExpiresActive On
ExpiresByType video/mp4 "access 1 month"
ExpiresByType video/webm "access 1 month"

#######################################

# START – TN Disable server signature #
ServerSignature Off
# END – TN Disable server signature #

####################################################

#################################################################################

#########################################################################################################################################
#-- even morrrrre security --#

#WP - block username harvesting
RewriteCond %{QUERY_STRING} author=
RewriteRule ^(.*)$ - [R=403,NC,L]

# Disable directory views
Options -Indexes

# Set default encoding
AddDefaultCharset UTF-8

# Set encoding for CSS & JS

AddCharset utf-8 .html .css .js

# Add Vary header


Header append Vary: Accept-Encoding

# Add Security Headers

Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff

# Protect sensitive files

Order Allow,Deny
Deny from all

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

# 5G:[REQUEST METHOD]

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

#########################################################################################################################################

# Prevent use of specified methods in HTTP Request
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]

# Block outuse of User Agent Strings containing references to specific crawler libraries
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]

# Block outuse of User Agent Strings containing specific robot (crawler) identifiers
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner|havij|wapiti).* [NC,OR]

# Measures to block outSQL injection attacks
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00|%2F).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark|table|column|distinct|substr|concat|schema|hex|truncate|convert|exec|version|passthru|system|popen|proc|load|between|like|null|delay|char).* [NC,OR]

# Block outreference to localhost/loopback/127.0.0.1 in the Query String
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]

# Block outuse of illegal or unsafe characters in the Query String variable
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]

RewriteRule .* - [F]

############################################

# .html PAGE REDIECTS

SetHandler application/x-httpd-php

# serve alternate default index page
DirectoryIndex index.php

# Redirect index to root
RewriteRule ^(.*)index\.(php|html|htm)$ /$1 [R=301,L]

#Misc.
AddType video/ogg .ogv
AddType audio/ogg .oga

###########################################################################################
AddDefaultCharset UTF-8
ServerSignature Off
Options -Indexes
FileETag none


Header unset Cookie
Header unset Set-Cookie


RewriteEngine On


ExpiresActive on


ExpiresDefault "access plus 2 years"


ExpiresByType image/x-icon "access plus 2 years"
ExpiresByType image/ico "access plus 2 years"
ExpiresByType image/gif "access plus 2 years"
ExpiresByType image/jpg "access plus 2 years"
ExpiresByType image/jpe "access plus 2 years"
ExpiresByType image/jpeg "access plus 2 years"
ExpiresByType image/png "access plus 2 years"

##############################################################################

#----------------------------------------------------#

# BEGIN
# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset UTF-8
# Force UTF-8 for a number of file formats

AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml

# FileETag None is not enough for every server.

Header unset ETag
Header set Connection keep-alive

# Since we're sending far-future expires, we don't need ETags for static content.
# developer.yahoo.com/performance/rules.html#etags
FileETag None




Header set X-Powered-By "WP Rocket/2.6.11"
Header unset Pragma
Header append Cache-Control "public"
Header unset Last-Modified



Header unset Pragma
Header append Cache-Control "public"


# Gzip compression

# Active compression
SetOutputFilter DEFLATE
# Force deflate for mangled headers


SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
# Don't compress images and other uncompressible content
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g)$ no-gzip dont-vary

### extra shit ###

# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml

# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent

### extra shit end ###

# Compress all output labeled with one of the following MIME-types

AddOutputFilterByType DEFLATE application/atom+xml \
application/javascript \
application/json \
application/rss+xml \
application/vnd.ms-fontobject \
application/x-font-ttf \
application/xhtml+xml \
application/xml \
font/opentype \
image/svg+xml \
image/x-icon \
text/css \
text/html \
text/plain \
text/x-component \
text/xml


Header append Vary: Accept-Encoding


AddType text/html .html_gzip
AddEncoding gzip .html_gzip


SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip

# END

#################################################################################

#-- Cache iz KING --#

# BEGIN Browser Cache

AddType text/css .css
AddType text/x-component .htc
AddType application/x-javascript .js
AddType application/javascript .js2
AddType text/javascript .js3
AddType text/x-js .js4
AddType text/html .html .htm
AddType text/richtext .rtf .rtx
AddType image/svg+xml .svg .svgz
AddType text/plain .txt
AddType text/xsd .xsd
AddType text/xsl .xsl
AddType text/xml .xml
AddType video/asf .asf .asx .wax .wmv .wmx
AddType video/avi .avi
AddType image/bmp .bmp
AddType application/java .class
AddType video/divx .divx
AddType application/msword .doc .docx
AddType application/vnd.ms-fontobject .eot
AddType application/x-msdownload .exe
AddType image/gif .gif
AddType application/x-gzip .gz .gzip
AddType image/x-icon .ico
AddType image/jpeg .jpg .jpeg .jpe
AddType application/json .json
AddType application/vnd.ms-access .mdb
AddType audio/midi .mid .midi
AddType video/quicktime .mov .qt
AddType audio/mpeg .mp3 .m4a
AddType video/mp4 .mp4 .m4v
AddType video/mpeg .mpeg .mpg .mpe
AddType application/vnd.ms-project .mpp
AddType application/x-font-otf .otf
AddType application/vnd.oasis.opendocument.database .odb
AddType application/vnd.oasis.opendocument.chart .odc
AddType application/vnd.oasis.opendocument.formula .odf
AddType application/vnd.oasis.opendocument.graphics .odg
AddType application/vnd.oasis.opendocument.presentation .odp
AddType application/vnd.oasis.opendocument.spreadsheet .ods
AddType application/vnd.oasis.opendocument.text .odt
AddType audio/ogg .ogg
AddType application/pdf .pdf
AddType image/png .png
AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
AddType audio/x-realaudio .ra .ram
AddType application/x-shockwave-flash .swf
AddType application/x-tar .tar
AddType image/tiff .tif .tiff
AddType application/x-font-ttf .ttf .ttc
AddType audio/wav .wav
AddType audio/wma .wma
AddType application/vnd.ms-write .wri
AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
AddType application/zip .zip


ExpiresActive On
ExpiresByType text/css A31536000
ExpiresByType text/x-component A31536000
ExpiresByType application/x-javascript A31536000
ExpiresByType application/javascript A31536000
ExpiresByType text/javascript A31536000
ExpiresByType text/x-js A31536000
ExpiresByType text/html A3600
ExpiresByType text/richtext A3600
ExpiresByType image/svg+xml A3600
ExpiresByType text/plain A3600
ExpiresByType text/xsd A3600
ExpiresByType text/xsl A3600
ExpiresByType text/xml A3600
ExpiresByType video/asf A31536000
ExpiresByType video/avi A31536000
ExpiresByType image/bmp A31536000
ExpiresByType application/java A31536000
ExpiresByType video/divx A31536000
ExpiresByType application/msword A31536000
ExpiresByType application/vnd.ms-fontobject A31536000
ExpiresByType application/x-msdownload A31536000
ExpiresByType image/gif A31536000
ExpiresByType application/x-gzip A31536000
ExpiresByType image/x-icon A31536000
ExpiresByType image/jpeg A31536000
ExpiresByType application/json A31536000
ExpiresByType application/vnd.ms-access A31536000
ExpiresByType audio/midi A31536000
ExpiresByType video/quicktime A31536000
ExpiresByType audio/mpeg A31536000
ExpiresByType video/mp4 A31536000
ExpiresByType video/mpeg A31536000
ExpiresByType application/vnd.ms-project A31536000
ExpiresByType application/x-font-otf A31536000
ExpiresByType application/vnd.oasis.opendocument.database A31536000
ExpiresByType application/vnd.oasis.opendocument.chart A31536000
ExpiresByType application/vnd.oasis.opendocument.formula A31536000
ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
ExpiresByType application/vnd.oasis.opendocument.text A31536000
ExpiresByType audio/ogg A31536000
ExpiresByType application/pdf A31536000
ExpiresByType image/png A31536000
ExpiresByType application/vnd.ms-powerpoint A31536000
ExpiresByType audio/x-realaudio A31536000
ExpiresByType image/svg+xml A31536000
ExpiresByType application/x-shockwave-flash A31536000
ExpiresByType application/x-tar A31536000
ExpiresByType image/tiff A31536000
ExpiresByType application/x-font-ttf A31536000
ExpiresByType audio/wav A31536000
ExpiresByType audio/wma A31536000
ExpiresByType application/vnd.ms-write A31536000
ExpiresByType application/vnd.ms-excel A31536000
ExpiresByType application/zip A31536000



Header append Vary User-Agent env=!dont-vary

AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json

# DEFLATE by extension
AddOutputFilter DEFLATE js css htm html xml




Header set Pragma "public"
Header append Cache-Control "public, must-revalidate, proxy-revalidate"
Header set X-Powered-By "yummy"



FileETag MTime Size

Header set Pragma "public"
Header append Cache-Control "public, must-revalidate, proxy-revalidate"
Header set X-Powered-By "yummy"




Header set Pragma "public"
Header append Cache-Control "public, must-revalidate, proxy-revalidate"
Header set X-Powered-By "yummy"


# END Browser Cache

#######################################################

#################################################################################

###########################################################################################

ServerSignature Off
Options -Indexes
FileETag none


Header unset Cookie
Header unset Set-Cookie

##############################################################################

## BEGIN GZIP Compression ##

AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE image/svg+xml
SetOutputFilter DEFLATE

## END GZIP Compression ##

## BEGIN Vary: Accept-Encoding Header ##


Header append Vary: Accept-Encoding


## END Vary: Accept-Encoding Header ##

## BEGIN Leverage Browser Caching (Expires Caching) ##

ExpiresActive On
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType image/x-icon "access 1 year"
ExpiresByType application/pdf "access 1 month"
ExpiresByType application/javascript "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresDefault "access 1 month"

## END Leverage Browser Caching (Expires Caching) ##

## BEGIN Disable ETag header ##
Header unset Pragma
Header unset ETag
FileETag None
## END Disable ETag header ##

##############################################################################################

##################################################