A couple of days ago I wrote a blog post on how why you should not use .htaccess files, or AllowOverride != All, on a production web server. What you should do is place the .htaccess configuration information into your httpd.conf file instead.
So of course I was asked what that would look like. So here it is. I took all of the .htaccess settings, stripped some of the superfuous ones and removed the comments ( for clarity 🙂 ) and here is what you have. Customize for your own site, of course.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 | <VirtualHost *:80> ServerName magento.loc DocumentRoot /var/www/html DirectoryIndex index.php <Directory /var/www/html/var/> Order deny,allow Deny from all </Directory> <Directory /var/www/html/> AllowOverride None <IfModule mod_php5.c> php_value memory_limit 128M php_value max_execution_time 18000 php_flag magic_quotes_gpc off php_flag session.auto_start off </IfModule> <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> <IfModule mod_ssl.c> SSLOptions StdEnvVars </IfModule> <IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine on #RewriteBase /magento/ RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteCond %{REQUEST_URI} !^/(media|skin|js)/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule .* index.php [L] </IfModule> AddDefaultCharset Off #AddDefaultCharset UTF-8 <IfModule mod_expires.c> ExpiresDefault "access plus 1 year" </IfModule> Order allow,deny Allow from all </Directory> <Directory /var/www/html/includes/> Order deny,allow Deny from all </Directory> <Directory /var/www/html/errors/> <FilesMatch "\.(xml|phtml)$"> Deny from all </FilesMatch> </Directory> <Directory /var/www/html/pkginfo/> Order deny,allow Deny from all </Directory> <Directory /var/www/html/app/> Order deny,allow Deny from all </Directory> <Directory /var/www/html/lib/> Order deny,allow Deny from all </Directory> <Directory /var/www/html/downloader/> <IfModule mod_deflate.c> RemoveOutputFilter DEFLATE RemoveOutputFilter GZIP </IfModule> <Files ~ "\.(cfg|ini|xml)$"> order allow,deny deny from all </Files> </Directory> <Directory /var/www/html/downloader/template/> Order deny,allow Deny from all </Directory> <Directory /var/www/html/media/> Options All -Indexes <IfModule mod_php5.c> php_flag engine 0 </IfModule> AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi Options -ExecCGI <IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .* ../get.php [L] </IfModule> </Directory> <Directory /var/www/html/media/customer/> Order deny,allow Deny from all </Directory> <Directory /var/www/html/media/downloadable/> Order deny,allow Deny from all </Directory> </VirtualHost> |
Comments
colinmollenhour
I scripted this process and posted about it almost three years ago. 😉
http://colin.mollenhour.com/2010/06/30/the-right-way-to-optimize-apaches-htaccess-files/
adamshuy
I used this script for my virtual hosting on the DigitalOcean account. But the overwrite part does not work, even I used the command ‘sudo a2enmod rewrite’ to install the module. Anyone knows how to fix it?