Skip to content

GitLab

Last edited by Jonatan Machado
Page history
This is an old version of this page. You can view the most recent version or browse the history.

Htaccess

### Evite que o sftp-config.json seja carregado
<files sftp-config.json>
    order allow,deny
    deny from all
</files>

### Proteger .htaccess

<Files ~ "^.*\.([Hh][Tt][Aa])">
    order allow,deny
    deny from all
    satisfy all
</Files>

###Bloquear extensões sensíveis

<FilesMatch ".+\.(zip|sql|htaccess|htpasswd|ini|phps|fla|log|psd|sh)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

#### Bloqueio de Bots indesejados que entopem o servidor #####

	RewriteCond %{HTTP_USER_AGENT} MJ12bot
	RewriteRule .* - [F]
	RewriteCond %{HTTP_USER_AGENT} 80legs [NC]
	RewriteRule ^ - [F]

##### Adicionar suporte para gráficos SVG e CSS3 Pie #####

	AddType image/svg+xml svg svgz
	AddEncoding gzip svgz
	AddType text/x-component .htc
	DirectoryIndex index.html index.php 

##### Configuração padrão do php do projeto #####

<IfModule mod_php5.c> 
	php_value memory_limit 512M 
	php_value max_execution_time 18000 
	php_flag magic_quotes_gpc off 
	php_flag session.auto_start off 
	php_flag suhosin.session.cryptua off 
	php_flag zend.ze1_compatibility_mode Off 
</IfModule>


<IfModule mod_rewrite.c>

    ##Bloqueia /rss
    RewriteRule ^(index.php/?)?rss/ - [L,R=403]

    ##Bloqueia /downloader
    RewriteRule ^downloader/ - [L,R=403]

    ##Forçar o uso do www
    #RewriteCond %{HTTP_HOST} !=""
    #RewriteCond %{HTTP_HOST} !^www\. [NC]
    #RewriteCond %{HTTPS}s ^on(s)|
    #RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    ##Reescreva as chamadas da API2 para api.php (agora é apenas REST)

    RewriteRule ^api/rest api.php?type=rest [QSA,L]

	Options +FollowSymLinks
	RewriteEngine on
	RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
	RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_FILENAME} !-l
	RewriteRule .* index.php [L]

</IfModule>

##### Ativar compactação de arquivos exibidos por apache #####

<IfModule mod_deflate.c>
	AddOutputFilterByType DEFLATE text/plain
	AddOutputFilterByType DEFLATE text/html
	AddOutputFilterByType DEFLATE text/xml
	AddOutputFilterByType DEFLATE text/css
	AddOutputFilterByType DEFLATE application/xml
	AddOutputFilterByType DEFLATE application/xhtml+xml
	AddOutputFilterByType DEFLATE application/rss+xml
	AddOutputFilterByType DEFLATE application/javascript
	AddOutputFilterByType DEFLATE application/x-javascript
	AddOutputFilterByType DEFLATE application/x-httpd-php
  	AddOutputFilterByType DEFLATE application/cgi-php5
  	AddOutputFilterByType DEFLATE application/cgi-php53
  	AddOutputFilterByType DEFLATE application/cgi-php54
	BrowserMatch ^Mozilla/4 gzip-only-text/html
	BrowserMatch ^Mozilla/4\.0[678] no-gzip
	BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
	SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
	SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
  	SetEnvIfNoCase Request_URI \.(?:pdf|doc)$ no-gzip dont-vary
  	SetEnvIfNoCase Request_URI \.(?:avi|mov|mp3|mp4|rm)$ no-gzip dont-vary
</IfModule>

<Files *.php>
	SetOutputFilter DEFLATE 
</Files>

<IfModule mod_ssl.c>
	SSLOptions StdEnvVars 
</IfModule>

##### Cabeçalho #####

<ifModule mod_headers.c>
	Header unset ETag
	Header unset Last-Modified
</ifModule>

##### disable POST processing to not break multiple image upload #####

<IfModule mod_security.c> 
	#SecRuleEngine Off 
	SecFilterScanPOST Off
</IfModule> 



##### Modifique o gzip e o armazenamento em cache para melhorar a velocidade do site #####

<ifModule mod_gzip.c>
	mod_gzip_on Yes
	mod_gzip_dechunk Yes
	mod_gzip_item_include  \.(html?|txt|css|js|php|pl)$
	mod_gzip_item_include handler ^cgi-script$
	mod_gzip_item_include mime ^text/.*
	mod_gzip_item_include mime ^application/x-javascript.*
	mod_gzip_item_exclude mime ^image/.*
	mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* 
</ifModule>

##### O padrão expira cabeçalhos para todos os tipos de arquivo  #####
##### Não recomendado para ambiente de desenvolvimento #####

<ifModule mod_expires.c>
	ExpiresActive On
	ExpiresDefault "access plus 1 seconds"
	ExpiresByType text/html "access plus 1 seconds"
	ExpiresByType image/gif "access plus 2592000 seconds"
	ExpiresByType image/jpeg "access plus 2592000 seconds"
	ExpiresByType image/png "access plus 2592000 seconds"
	ExpiresByType text/css "access plus 604800 seconds"
	ExpiresByType text/javascript "access plus 216000 seconds"
	ExpiresByType application/x-javascript "access plus 216000 seconds"
</ifModule> 

##### Mime Type Cache #####

<IfModule mod_mime.c>

	##### AUDIO #####
    AddType audio/mp4 m4a f4a f4b
    AddType audio/ogg oga ogg

  	##### JAVASCRIPT #####
    # Normalize to standard type (it's sniffed in IE anyways):
    # http://tools.ietf.org/html/rfc4329#section-7.2
    AddType application/javascript						js jsonp
    AddType application/json							json

  	##### VIDEO #####
    AddType video/mp4                                   mp4 m4v f4v f4p
    AddType video/ogg                                   ogv
    AddType video/webm                                  webm
    AddType video/x-flv                                 flv

  	##### WEB FONTS #####
    AddType application/font-woff                       woff
    AddType application/vnd.ms-fontobject               eot

    ##### Browsers usually ignore the font MIME types	#####
    ##### and sniff the content, however, Chrome shows 	#####
    ##### a warning if other MIME types are used for 	#####
	##### the following fonts.							#####
    AddType application/x-font-ttf                      ttc ttf
    AddType font/opentype                               otf
	

  	##### OTHER #####
    AddType application/octet-stream                    safariextz
    AddType application/x-chrome-extension              crx
    AddType application/x-opera-extension               oex
    AddType application/x-shockwave-flash               swf
    AddType application/x-web-app-manifest+json         webapp
    AddType application/x-xpinstall                     xpi
    AddType application/xml                             atom rdf rss xml
    AddType image/webp                                  webp
    AddType image/x-icon                                ico
    AddType text/cache-manifest                         appcache manifest
    AddType text/vtt                                    vtt
    AddType text/x-component                            htc
    AddType text/x-vcard                                vcf

</IfModule>

<IfModule mod_mime.c>
    AddCharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml
</IfModule>

##### Desabilitado ETags http://developer.yahoo.com/performance/rules.html#etags #####

	FileETag None

##### Evitar problemas de codificação de caracteres das substituições do servidor #####

	AddDefaultCharset UTF-8

##### Por padrão, permitir todo o acesso #####

	Order allow,deny
	Allow from all