I'd like to have my .htaccess set-up so uploads aren't executed and are forced to download if they're not images or videos. However I'm having some difficulty with this as I used to have it working but since changing hosts the htaccess no longer works, it instead creates a 500 error.
Previous .htaccess
ForceType application/octet-stream
Header set Content-Disposition attachment
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
ForceType none
Header unset Content-Disposition
</FilesMatch>
Header set X-Content-Type-Options nosniff
Related
Following this - https://www.ibm.com/support/pages/configuring-cors-websphere-application-server - I am trying to configure Apache for multiple origin domains and it isn't working. I have the following:
<IfModule setenvif_module>
SetEnvIfNoCase Origin "https?://(dev.mydomain.com|qa.mydomain.com|mydomain.com|myotherdomain.com|www.myotherdomain.com)(:\d+)?$" ACAO=$0
SetEnvIfNoCase REQUEST_METHOD OPTIONS skipwas=1
</IfModule>
<IfModule headers_module>
Header onsuccess unset Access-Control-Allow-origin env=ACAO
Header always set Access-Control-Allow-Origin "%{ACAO}e" env=ACAO
Header always append Vary "Origin"
</IfModule>
This results in a no ACAO header present in the logs when I open up the Chrome console and attempt to fetch from any of the present domains. Just wondering what I'm doing wrong?
Having issues setting up a generic Allow Origin for any subdomain in my .htaccess file. The following works for a singular subdomain:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin http://subdomain.website.com
</IfModule>
But what I am looking for is something similar to this:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin {ANY SUBDOMAIN}.website.com
</IfModule>
I have tried using a simple *.website.com wildcard, but that does not seem to work. Do you have to specify exactly what is coming in?
If you're looking to do it for whatever subdomain was being requested, try the following:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin %{HTTP_HOST}
</IfModule>
If you need something more advanced, use mod_rewrite to set an environment variable and then refer to it using %{variable_name}e
A few days ago I had a problem with writing my first htaccess in order to remove .html extension from URL. There were problems because I had a Windows server which I changed to Linux.
Now the issue is this:
I finally did manage to remove the .html extension from URL. What I can't do is to set an expiration date for all images (JPEG, PNG, SVG).
My working code is this (extension removal):
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.html [NC,L]
For Image caching parameter I added the following:
//Caching schema
<FilesMatch "\.(jpg|png|svg)$">
Header set Cache-Control "private, max-age=160704000"
</FilesMatch>
When I added the additional code above I got an internal server error.
I don't know what's going on to be honest. If I remove this additional code it will work but if I add this then it wont.
So do you guys have any ideas of how to add an Image caching parameter?? The additional code above doesn't work :(
UPDATE
After some research I tried this one:
<ifModule mod_headers.c>
ExpiresActive On
# Expires after 1 month
<filesMatch ".(gif|png|jpg|jpeg|ico|pdf|js|htm|html|txt)$">
Header set Cache-Control "max-age=2592000"
</filesMatch>
# Expires after 1 day
<filesMatch ".(css)$">
Header set Cache-Control "max-age=86400"
</filesMatch>
</ifModule>
Surprisingly this works. I tested it with gtmetrix.com .You think I should move forward now?
Set AllowOverride All in your server config for the host. Do this for the directory where your htaccess resides rather than the whole server, e.g.
<Directory /var/www/html/mysite/>
AllowOverride All
</Directory>
The issue is that your syntax is valid, but the server is refusing to process the request because AllowOverride is set to something other than 'All' which is what FilesMatch requires.
If you don't want to set AllowOverride to All for the .htaccess file, then you could move the <FilesMatch> statement into the host configuration for your site and it will work from there.
Our assets are in a sub domain and in order to overrun security features of our platform so we can add a Json query we have to add the following htaccess code
<FilesMatch "\.(ttf|otf|eot|woff)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
Header add Access-Control-Allow-Origin "*"
However the last line "Header add Access-Control-Allow-Origin "*"" creates an internal server error on my local machine, which is odd because we do not get the same error on our prod environment. We are using Apache 2.2.22 php 5.4.3.
Any help is appreciated thanks.
Is it possible you do not have mod_headers enabled?
Secondly I think you may want to put the IfModule block outside the FilesMatch block. Like so
# Allow access from all domains for web fonts
<IfModule mod_headers.c>
<FilesMatch "\.(eot|font.css|otf|ttc|ttf|woff)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
Code taken directly from https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess#L45
I made my own cache-control rule in httpd.conf. ANd need to apply different rules on each different sub directories.
I made no-cache for .do extension for default(httpd.conf).
# use .htaccess files for overriding,
AccessFileName .htaccess
...
<ifModule mod_headers.c>
<LocationMatch "\.(do)$">
Header append Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
</LocationMatch>
</ifModule>
And need to cache for some directories(.htaccess).
example URL : XXX.com/en/product.do
So I made a .htaccess on <webRoot>/en.
<ifModule mod_headers.c>
<LocationMatch "\.(do)$">
Header set Cache-Control "max-age=216000, public, must-revalidate"
</LocationMatch>
</ifModule>
Am I going wrong? Is there other way to rule different on different directories?
Nothing like <locationMatch> can be used in .htaccess; it will generate a runtime error.
Also, usually *.do is proxied, in which case no filesystem directory would ever be read for .htaccess.
I suggest putting the second stanza first, and adding ^/en/ to the front.