I want to disable the browser cache for CSS, images and scripts by adding this code to webroot/.htaccess file:
<FilesMatch "(.)*.(css|js|jpg|jpeg|gif|png)$">
Header set Cache-Control "max-age=1"
</FilesMatch>
This is the error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
When I add a command to every .htaccess file in CakePHP, I receive this error!
Use FilesMatch:
<FilesMatch "\.(css|js|jpg|jpeg|gif|png)$">
Improved (note I removed "jpg"):
<FilesMatch "\.(css|js|jpe?g|gif|png)$">
Related
The Apache 2.4 documentation mentions .htaccess as a valid context for using the <FilesMatch> directive, with, for example, a Require all denied in it.
Ref: https://httpd.apache.org/docs/2.4/en/mod/core.html#filesmatch
Yet, it leads to a 500 Internal Error if I place it in an .htaccess, and no error if I place it in the main configuration file.
However, it seems like it is less the FilesMatch directive that is a problem than the Require all denied, as no errors occurs if I leave the former empty.
Example of the block that I use:
<FilesMatch "[\._](htaccess|passwd|inf|ini|inc|cls)$">
Require all denied
</FilesMatch>
Any idea of how to make it work in the .htaccess file?
I'm trying to optimize my site using Google Analytic's site speed suggestions and one of the suggestions it gave me was to Leverage Browser Caching in my .htaccess file.
After doing some research on .htaccess I found that my site didn't have one. I created my own .htaccess and filled it with the below text:
AllowOverride All
## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access 1 month"
</IfModule>
## EXPIRES CACHING ##
I uploaded it to my site, and now when loading any of the pages on my site I get an error page that says the following:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable
to complete your request.
Please contact the server administrator, [no address given] and inform them
of the time the error occurred, and anything you might have done that may
have caused the error.
More information about this error may be available in the server error log.
Any idea what might be causing this? I'm new to this so any help would be greatly appreciated!
Remove or comment out this line
AllowOverride All
As this directive isn't allowed in htaccess. It is only allowed in Apache config, hence presence of this line is causing internal 500 error.
I am encountering some behaviour from a produciton server and I was wondering if someone could confirm if something is possible and how it might have been done.
I have a website www.example.com with SSL enabled and all traffic forwarding to https
On that site I have a font file https://www.example.com/wp-content/assets/fonts/icons.ttf
I have additional campaign sites (e.g www.examplecampaign.com) that use the css file from example.com which loads in a font face using that font file. I am actually adding all the relevant file types woff, etc but will refer to ttf for simplicity. The icon font displays fine on www.example.com but on www.examplecampaign.com because in Firefox I get the error
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.example.com/wp-content/assets/fonts/icons.ttf. This can be fixed by moving the resource to the same domain or enabling CORS.
So here begins my problem. On our stage server which we have full access to I can add
# BEGIN REQUIRED FOR WEBFONTS
AddType font/ttf .ttf
AddType font/eot .eot
AddType font/otf .otf
AddType font/woff .woff
<FilesMatch "\.(ttf|otf|eot|woff)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
# END REQUIRED FOR WEBFONTS
to the .htaccess file and that solves the problem. However on our produciton server which is owned and managed by the client this header modification is ignored. I am using http://web-sniffer.net/ to test this.
To further complicate things I hvae found that if I just added
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
on my stage site the header would appear when requesting any page or resource BUT on the production server if I added that the Access-Control-Allow-Origin would appear on all pages apart from the font files (and possible other resources).
So my question is, is it possible in Apache to disable / ignore header modification for a certain file type(s) and how would that be done. It's weird that it's so specific. We no longer have sudo access and have to request changes to conf files which is one of the reasons im making this change in .htaccess not that I think that would matter where this is set? Also example.com is a wordpress site but I don't think that would affect anything? As it's working on stage but not produciton.
Does anyone know of the Apache configuration that would restrict the use of mod_header in that way?
I had font-loading problem.
So I added this code to my root .htaccess:
<FilesMatch "\.(eot|otf|woff|ttf)$">
SetEnvIf Origin
"^http(s)?://(.+\.)?(domain1\.org|domain\.com)$" origin_is=$0
Header set Access-Control-Allow-Origin %{origin_is}e env=origin_is
</FilesMatch>
But the server throws Error 500.
I also have enabled mod_headers, and have checked it with phpinfo() to see if it's loaded or not, and it says it's loaded.
I have restarted the WAMP, but still the problem exists.
I'm using an htaccess rule to proxy to an internal server, using the answer recommended on this question, "Can ProxyPass and ProxyPassReverse Work in htaccess". I'm using htaccess as that is all I have access to. The method suggested works, but when I make a change on one of the internal pages and reload (from the external server) I don't even see it hitting the internal server, even after clearing the cache on the browser. In fact, if I try to load the page from another browser which never has tried to load the page before, it too gets the old copy.
This suggests something is being cached on the server, but how to change this? The apparent caching is rather annoying as I am trying to fix some issues that only occur on the proxied page.
If I hit the internal server directly and reload after a change, I always get the latest page.
I have tried a <filesMatch ...> rule for the affected pattern (using the same pattern as used in the RewriteRule in the following manner:
<filesMatch "^/?somedir/(.*)$">
Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
</filesMatch>
My rewrite rule looks like this, and comes after the filesMatch directive:
RewriteEngine On
RewriteRule ^/?somedir/(.*)$ https://internal.local.net:8000/$1 [L,P]
But this has not had any effect. I have also tried "NoCache *" but this directive causes an error as it is not allowed in an .htaccess file.
The P-flag in your RewriteRule causes the request to be proxied to the internal server using mod_proxy. mod_proxy by itself does not cache content. The caching is probably a result of mod_cache being enabled as well on the server. The settings you need to disable caching for your internal server can unfortunately only be done in server or virtual-host config. The solution would be to add what you tried to the configuration of the internal server thus telling mod_cache that it should not cache any response from your internal server:
Using .htaccess
Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
or PHP
header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1.
header('Pragma: no-cache'); // HTTP 1.0.
header('Expires: 0'); // Proxies.
Try adding this in an htaccess file in your "somedir" directory:
ExpiresActive On
ExpiresDefault "now"