I have KOHANA_ENV environment var set to DEVELOPMENT for example. Now there is a set of rules I'd like to apply only if that var is set to PRODUCTION (turn on mod_deflate, set expires headers defaults, turn off ETags, etc.), like:
if (KOHANA_ENV == PRODUCTION) {
// .. do stuff
}
Is there a way to do this on Apache level at all or it's better to have two conf files?
I do it with the help of the great module mod_macro.
Let's say you have in /etc/apache2/envvars (for a Debian-like distribution it's the place to store apache environnement variables):
#export KOHANA_ENV=PROD
export KOHANA_ENV=DEV
Where you [un]coment depending on production or development.
In the other side you have your VirtualHost, or just a part of it defined with a macro. Macro is the way to write a generic configuration part with some variables. I use it for complete Virtualhosts but here's an example with just a part of a VirtualHost. We'll use the environnement variable to decide which macro to use (keyword Use):
<Virtualhost *:80>
ServerName foobar.com
#(...)
Use EnvStuff_${KOHANA_ENV} /tmp
#(...)
Here the macro takes an argument (tmp directory path) it's not an obligation.
Then you should only define 2 different macro where the environnement variable is part of the macro name EnvStuff_PROD & EnvStuff_DEV:
<Macro EnvStuff_PROD $tmp>
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
</IfModule>
<IfModule mod_headers.c>
Header set MyHeader "Hello this is PRODUCTION envirronment. It took %D microseconds for Apache to serve this request."
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
#(...)
</IfModule>
php_admin_value upload_tmp_dir $tmp/upload
#(... other php settings for production)
</Macro>
<Macro EnvStuff_DEV $tmp>
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive Off
</IfModule>
<IfModule mod_headers.c>
Header set MyHeader "Hello this is DEVELOPMENT envirronment. It took %D microseconds for Apache to serve this request."
</IfModule>
php_admin_value upload_tmp_dir $tmp/upload
</Macro>
In these examples you can checkl headers in responses and you'll see easily if it worked for you.
Be careful, if the environnement variable is not set well, you'll get some problems, maybe you can create a macro EnvStuff_ as well :-)
Related
Context : I'm working on a Drupal 8 project and want to add new modules.
Problem: when I try to install new module through the web interface (logged as admin user), I get the error message:
Access denied, You are not authorized to access this page.
The problem I have is exactly the same as this problem. However, there are no clear solutions. I tried to play with allow_authorize_operations parameters in setting.php file, .htaccess file and files permissions without success.
After reading this similar issue, I suspect the problem is about the .htaccess or the site.conf file. I'm not confortable with these 2 files and suspect I'm missing something:
Edit: I founded this interesting discussion. They highlight in comment #35 also a similar issue. The problems might come from the fact that the index.php belongs to the web folder. To clean the URL, I apply the following in root directory:
.htaccess
RewriteEngine on
RewriteRule (.*) web/$1 [L]
All files:
web/.htaccess
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
</IfModule>
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Add correct encoding for SVGZ.
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
# Most of the following PHP settings cannot be changed at runtime. See
# sites/default/default.settings.php and
# Drupal\Core\DrupalKernel::bootEnvironment() for settings that can be
# changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_value assert.active 0
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
# PHP 5.6 has deprecated $HTTP_RAW_POST_DATA and produces warnings if this is
# not set.
php_value always_populate_raw_post_data -1
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Set a fallback resource if mod_rewrite is not enabled. This allows Drupal to
# work without clean URLs. This requires Apache version >= 2.2.16. If Drupal is
# not accessed by the top level URL (i.e.: http://example.com/drupal/ instead of
# http://example.com/), the path to index.php will need to be adjusted.
<IfModule !mod_rewrite.c>
FallbackResource /index.php
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
# RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "/\.|^\.(?!well-known/)" - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/foo will be redirected to http://www.example.com/foo)
# uncomment the following:
# RewriteCond %{HTTP_HOST} .
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/foo will be redirected to http://example.com/foo)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /web
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Redirect common PHP files to their new locations.
RewriteCond %{REQUEST_URI} ^(.*)?/(install.php) [OR]
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild.php)
RewriteCond %{REQUEST_URI} !core
RewriteRule ^ %1/core/%2 [L,QSA,R=301]
# Rewrite install.php during installation to see if mod_rewrite is working
RewriteRule ^core/install.php core/install.php?rewrite=ok [QSA,L]
# Pass all requests not referring directly to files in the filesystem to
# index.php.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# For security reasons, deny access to other PHP files on public sites.
# Note: The following URI conditions are not anchored at the start (^),
# because Drupal may be located in a subdirectory. To further improve
# security, you can replace '!/' with '!^/'.
# Allow access to PHP files in /core (like authorize.php or install.php):
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
# Allow access to test-specific PHP files:
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
# Allow access to Statistics module's custom front controller.
# Copy and adapt this rule to directly execute PHP files in contributed or
# custom modules or to run another PHP application in the same directory.
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
# Deny access to any other PHP files that do not match the rules above.
# Specifically, disallow autoload.php from being served directly.
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
# Various header fixes.
<IfModule mod_headers.c>
# Disable content sniffing, since it's an attack vector.
Header always set X-Content-Type-Options nosniff
# Disable Proxy header, since it's an attack vector.
RequestHeader unset Proxy
</IfModule>
Or the site.conf file:
<VirtualHost *:80>
ServerName domain.fr
ServerAlias www.domain.fr
DocumentRoot /var/www/my_project
<Directory /var/www/my_project>
AllowOverride all
Order allow,deny
allow from all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.fr [OR]
RewriteCond %{SERVER_NAME} =domain.fr
</VirtualHost>
At the end of the settings.php, I add:
if (isset($GLOBALS['request']) and
'/web/index.php' === $GLOBALS['request']->server->get('SCRIPT_NAME')) {
$GLOBALS['request']->server->set('SCRIPT_NAME', '/index.php');
}
Note:
The installation of new module using composer is working.
I replicated the project on my local machine (Windows) and the installation process is working.
In the reports logs, after I tried to upload a module through the web interface, there is the following message:
Type access denied
Date Saturday 21 March 2020 - 15:12
User Anonymous (not verified)
Location http://www.domain.fr/web/core/authorize.php/
Referrer http://www.domain.fr/admin/modules/install
Message authorize.php
Importance Avertissement
In the above report, there is the web folder appearing in the location path
I post it as a solution as it might help someone later.
The problem comes from the project structure. The DocumentRoot in the site.conf was pointing to the drupal root folder. However, since the web/index.php belongs to the web directory, I add an .htaccess in the root folder to redirect to the web folder.
The solution was:
Delete .htaccess file at drupal root folder
Update DocumentRoot path in the site.conf:
DocumentRoot /var/www/my_project/web
<Directory /var/www/my_project/web>
AllowOverride all
Order allow,deny
allow from all
Require all granted
</Directory>
Restart apache server: service apache2 reload
Note
Someone suggested that this is a duplicate of How to serve precompressed gzip/brotli files with .htaccess. That question seeks only to serve pre-compressed files. This question is different. Please see below.
My Goal
I want to serve pre-compressed brotli files when they exist. If no pre-compressed brotli file exists, fall back to on-the-fly gzip-compression.
Current Code
I'm working on a site that already has on-the-fly gzip enabled from its .htaccess file as follows:
<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml...
</ifmodule>
Modified Code
I've setup a build script that compresses many static assets with brotli. In order to serve them, I've replaced the above mod_deflate block with the following:
<IfModule mod_headers.c>
# Serve brotli compressed CSS and JS files if they exist
# and the client accepts brotli.
RewriteCond "%{HTTP:Accept-encoding}" "br"
RewriteCond "%{REQUEST_FILENAME}\.br" "-s"
RewriteRule "^(.*)\.(js|css)" "$1\.$2\.br" [QSA]
# Serve correct content types, and prevent double compression.
RewriteRule "\.css\.br$" "-" [T=text/css,E=no-brotli:1]
RewriteRule "\.js\.br$" "-" [T=text/javascript,E=no-brotli:1]
<FilesMatch "(\.js\.br|\.css\.br)$">
# Serve correct encoding type.
Header append Content-Encoding br
# Force proxies to cache brotli &
# non-brotli css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
The Problem
This serves brotli-encoded files when they exist as expected. However, the problem I face now is that, because the remaining assets are not brotli-encoded at build time, they are now served with no compression.
I've been unable to figure out how I might serve brotli with a gzip fallback that does not require me to pre-compress for gzip output.
Any help is appreciated, thank you!
Your problem is you’ve replaced the dynamic gzip config with the static.
You need both bits of config in place but also to change your Brotli code to set the environment to no-gzip so it won’t fallback. The below should work;
<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml...
</ifmodule>
<IfModule mod_headers.c>
# Serve brotli compressed CSS and JS files if they exist
# and the client accepts brotli.
RewriteCond "%{HTTP:Accept-encoding}" "br"
RewriteCond "%{REQUEST_FILENAME}\.br" "-s"
RewriteRule "^(.*)\.(js|css)" "$1\.$2\.br" [QSA]
# Serve correct content types, and prevent double compression.
RewriteRule "\.css\.br$" "-" [T=text/css,E=no-gzip:1]
RewriteRule "\.js\.br$" "-" [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.br|\.css\.br)$">
# Serve correct encoding type.
Header append Content-Encoding br
# Force proxies to cache brotli &
# non-brotli css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
A few days ago I had a problem with writing my first htaccess in order to remove .html extension from URL. There were problems because I had a Windows server which I changed to Linux.
Now the issue is this:
I finally did manage to remove the .html extension from URL. What I can't do is to set an expiration date for all images (JPEG, PNG, SVG).
My working code is this (extension removal):
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.html [NC,L]
For Image caching parameter I added the following:
//Caching schema
<FilesMatch "\.(jpg|png|svg)$">
Header set Cache-Control "private, max-age=160704000"
</FilesMatch>
When I added the additional code above I got an internal server error.
I don't know what's going on to be honest. If I remove this additional code it will work but if I add this then it wont.
So do you guys have any ideas of how to add an Image caching parameter?? The additional code above doesn't work :(
UPDATE
After some research I tried this one:
<ifModule mod_headers.c>
ExpiresActive On
# Expires after 1 month
<filesMatch ".(gif|png|jpg|jpeg|ico|pdf|js|htm|html|txt)$">
Header set Cache-Control "max-age=2592000"
</filesMatch>
# Expires after 1 day
<filesMatch ".(css)$">
Header set Cache-Control "max-age=86400"
</filesMatch>
</ifModule>
Surprisingly this works. I tested it with gtmetrix.com .You think I should move forward now?
Set AllowOverride All in your server config for the host. Do this for the directory where your htaccess resides rather than the whole server, e.g.
<Directory /var/www/html/mysite/>
AllowOverride All
</Directory>
The issue is that your syntax is valid, but the server is refusing to process the request because AllowOverride is set to something other than 'All' which is what FilesMatch requires.
If you don't want to set AllowOverride to All for the .htaccess file, then you could move the <FilesMatch> statement into the host configuration for your site and it will work from there.
I am trying to set up gzip compression on a website, but we are not sure where it will be hosted and I want to be able to support mod_gzip if it's available.
What I'd like to do is something like this:
<IfModule mod_gzip.c>
# mod_gzip rules
<IfOtherModule mod_deflate.c>
# mod_deflate rules
</IfModule>
Do apache configs allow this? Is mod_deflate smart enough not to work if mod_gzip has already done its thing?
<IfModule mod_gzip.c>
# mod_gzip rules
</IfModule>
<IfModule !mod_gzip.c>
<IfModule mod_deflate.c>
# mod_deflate rules
</IfModule>
</IfModule>
Although I would change the order around and first try mod_defate. mod_gzip is no longer under development so you are better of using mod_deflate (which by the way also uses gzip, and not deflate, as the name might suggest).
I am trying to use the following apache configuration on a Godaddy shared hosting account:
<Files ~ ".*">
<IfModule mod_headers.c>
RequestHeader unset Host
RequestHeader append Host mydomain.com
</IfModule>
</Files>
The above is contained in a .htaccess file.
In other words... For all files and paths set the request's host to mydomain.com
The above doesn't seem to work. I get a 500 error on Godaddy's servers.
Thanks muchly!
The answer to this question was provided by Gumbo in the comments above
I rather think that your pattern is
incorrect. If using mod_rewrite in a
.htaccess file, the path prefix is
being removed before applied to the
pattern. Thereby “/foo/bar” is
converted to “foo/bar” (if the
.htaccess file is in the root “/”). So
remove the leading slash from the
pattern. – Gumbo Feb 23 at 14:29