[HELP!].htaccess file for 2 sites under the same account - Joomla! Forum - community, help and support
hi,
i have 2 different joomla (1.5.26) running under www/ja , www/asterisk directories under same account. have placed .htaccess file based on forum's faq under www each joomla home directory. results this:
www/ja - works fine
www/asterisk - text shown, no graphics, no script running
if remove .htaccess www, both ja , asterisk sites work fine.
i went on , modified www/asterisk/.htaccess 1 below, hoping start identifying preventing asterisk site showing up:
still, asterisk show text. can please tell me wrong .htaccess file under www cause this?
.htaccess user/www :
###############################################################################
## master .htaccess
##
## version 2.5 (proposed) - may 16th, 2011
##
## ----------
########## begin - rewriteengine enabled
rewriteengine on
########## end - rewriteengine enabled
########## begin - rewritebase
# uncomment following line if webserver's url
# not directly related physical file paths.
# update joomla! directory (just / root)
# rewritebase /
########## end - rewritebase
########## begin - no directory listings
## note: +followsymlinks may cause problems , might have remove it
indexignore *
options +followsymlinks -indexes
########## end - no directory listings
########## begin - file execution order, komra.de
directoryindex index.php index.html
########## end - file execution order
########## begin - etag optimization
## rule create etag files based on modification
## timestamp , size. works wonders if using rsync'ed
## servers, inode number of identical files differs.
## note: may cause problems on server , may need remove it
fileetag mtime size
########## end - etag optimization
########## begin - common hacking tools , bandwidth hoggers block
## sigsiu.net , @nikosdion.
# line disables akeeba remote control 2.5 , earlier
setenvif user-agent "indy library" stayout=1
# warning: disabling wget block common method for
# running cron jobs. remove if have issues cron jobs.
setenvif user-agent "wget" stayout=1
# following rules bandwidth-hogging download tools
setenvif user-agent "libwww-perl" stayout=1
setenvif user-agent "download demon" stayout=1
setenvif user-agent "getright" stayout=1
setenvif user-agent "getweb!" stayout=1
setenvif user-agent "go!zilla" stayout=1
setenvif user-agent "go-ahead-got-it" stayout=1
setenvif user-agent "grabnet" stayout=1
setenvif user-agent "turnitinbot" stayout=1
# line denies access of above tools
deny env=stayout
########## end - common hacking tools , bandwidth hoggers block
########## begin - automatic compression of resources
addoutputfilterbytype deflate text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
########## end - automatic compression of resources
########## begin - add optional bad user agent or ip blocking code
#
# if need block user agents or ip addresses and
# other signatures, place code here. ensure rules use
# correct rewriterule syntax , [f] flag.
#
########## end - add optional bad user agent or ip blocking code
########## begin - rewrite rules block out common exploits
## if experience problems on site block out operations listed below
## attempts block common type of exploit `attempts` joomla!
#
# if request query string contains /proc/self/environ (by sigsiu.net)
rewritecond %{query_string} proc/self/environ [or]
# block out script trying set mosconfig value through url
# (these attacks wouldn't work w/out joomla! 1.5's legacy mode plugin)
rewritecond %{query_string} mosconfig_[a-za-z_]{1,21}(=|\%3d) [or]
# block out script trying base64_encode or base64_decode data within url
rewritecond %{query_string} base64_(en|de)code[^(]*\([^)]*\) [or]
## important: if above line throws http 500 error, replace these 2 lines:
# rewritecond %{query_string} base64_encode\(.*\) [or]
# rewritecond %{query_string} base64_decode\(.*\) [or]
# block out script includes <script> tag in url
rewritecond %{query_string} (<|%3c)([^s]*s)+cript.*(>|%3e) [nc,or]
# block out script trying set php globals variable via url
rewritecond %{query_string} globals(=|\[|\%[0-9a-z]{0,2}) [or]
# block out script trying modify _request variable via url
rewritecond %{query_string} _request(=|\[|\%[0-9a-z]{0,2})
# return 403 forbidden header , show content of root homepage
rewriterule .* index.php [f]
#
########## end - rewrite rules block out common exploits
########## begin - file injection protection, sigsiu.net
rewritecond %{request_method} get
rewritecond %{query_string} [a-za-z0-9_]=http:// [or]
rewritecond %{query_string} [a-za-z0-9_]=(\.\.//?)+ [or]
rewritecond %{query_string} [a-za-z0-9_]=/([a-z0-9_.]//?)+ [nc]
rewriterule .* - [f]
########## end - file injection protection
########## begin - basic antispam filter, sigsiu.net
## removed common words, tweak liking
## code uses pcre , works apache 2.x.
## code not work apache 1.x servers.
rewritecond %{query_string} \b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b [nc,or]
rewritecond %{query_string} \b(erections|hoodia|huronriveracres|impotence|levitra|libido|footbal|.info|.ru)\b [nc,or]
rewritecond %{query_string} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b [nc,or]
rewritecond %{query_string} \b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b [nc]
## note: final rewritecond must not use [or] flag.
rewriterule .* - [f]
## note: previous lines "compressed" version
## of filters. can add own filters as:
## rewritecond %{query_string} \bbadword\b [nc,or]
## "badword" word want exclude.
########## end - basic antispam filter, sigsiu.net
########## begin - advanced server protection - query strings, referrer , config
# advanced server protection, version 3.2 - may 2011
# nicholas k. dionysopoulos
## disallow php easter eggs (can used in fingerprinting attacks determine
## php version). see http://www.0php.com/php_easter_egg.php and
## http://osvdb.org/12184 more information
rewritecond %{query_string} \=php[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [nc]
rewriterule .* - [f]
## sqli first line of defense, radek suski (sigsiu.net) @
## http://www.sigsiu.net/presentations/for ... bsite.html
## may cause problems on legitimate requests
rewritecond %{query_string} concat[^\(]*\( [nc,or]
rewritecond %{query_string} union([^s]*s)+elect [nc,or]
rewritecond %{query_string} union([^a]*a)+ll([^s]*s)+elect [nc]
rewriterule .* - [f]
## referrer filtering common media files. replace own domain name.
## blocks common fingerprinting attacks
## note: change www\.example\.com own domain name, substituting the
## dots \. i.e. use www\.example\.com www.example.com
rewriterule ^images/stories/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [l]
rewritecond %{request_filename} -f
rewriterule \.(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [f]
## disallow visual fingerprinting of joomla! sites (module position dump)
rewritecond %{query_string} (^|&)tmpl=(component|system) [nc]
rewriterule .* - [l]
rewritecond %{query_string} (^|&)t(p|emplate|mpl)= [nc]
rewriterule .* - [f]
## disallow access htaccess.txt, configuration.php, configuration.php-dist , php.ini
rewriterule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ - [f]
########## end - advanced server protection - query strings, referrer , config
########## begin - advanced server protection rules exceptions ####
##
## these sample exceptions advanced server protection 3.1
## rule set further down file.
##
## allow uddeim captcha
rewriterule ^components/com_uddeim/captcha15\.php$ - [l]
## allow phil taylor's turbo gears
rewriterule ^plugins/system/googlegears/gears-manifest\.php$ - [l]
## allow joomlaworks allvideos
rewriterule ^plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php$ - [l]
## allow admin tools joomla! updater run
rewriterule ^administrator/components/com_admintools/restore\.php$ - [l]
## allow akeeba backup professional's integrated restoration script run
rewriterule ^administrator/components/com_akeeba/restore\.php$ - [l]
## allow akeeba kickstart
rewriterule ^kickstart\.php$ - [l]
# add more rules single php files here
## allow agora attachments, not php files in directory!
rewritecond %{request_filename} !(\.php)$
rewritecond %{request_filename} -f
rewriterule ^components/com_agora/img/members/ - [l]
# add more rules allowing full access (except php files) on more directories here
## uncomment allow full access cache directory (strongly not recommended!)
#rewriterule ^cache/ - [l]
## uncomment allow full access tmp directory (strongly not recommended!)
#rewriterule ^tmp/ - [l]
# add more full access rules here
########## end - advanced server protection rules exceptions ####
########## begin - advanced server protection - paths , files
# advanced server protection, version 3.2 - may 2011
# nicholas k. dionysopoulos
## back-end protection
## blocks fingerprinting attacks browsing xml , ini files
rewriterule ^administrator/?$ - [l]
rewriterule ^administrator/index\.(php|html?)$ - [l]
rewriterule ^administrator/index[23]\.php$ - [l]
rewriterule ^administrator/(components|modules|templates|images|plugins)/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$ - [l]
rewriterule ^administrator/ - [f]
## explicitly allow access xml-rpc's xmlrpc/index.php or plain xmlrpc/ directory
rewriterule ^xmlrpc/(index\.php)?$ - [l]
rewriterule ^xmlrpc/ - [f]
## disallow front-end access joomla! system directories
rewriterule ^includes/js/ - [l]
rewriterule ^(cache|includes|language|libraries|logs|tmp)/ - [f]
## allow limited access joomla! system directories client-accessible content
rewriterule ^(components|modules|plugins|templates)/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$ - [l]
rewriterule ^(components|modules|plugins|templates)/ - [f]
## disallow access rogue php files throughout site, unless explicitly allowed
rewritecond %{request_filename} \.php$
rewritecond %{request_filename} !/index[23]?\.php$
## next line explicitly allow forum post assistant(fpa-xx)script run
rewritecond %{request_filename} !/fpa-[a-z]{2}\.php
rewritecond %{request_filename} -f
rewriterule ^([^/]+/)*([^/.]+\.)+php$ - [f]
########## end - advanced server protection - paths , files
########## begin - redirect (www.)olddomain.com www.example.com
redirect /index.html http://mysite. com/ja/ <--- renamed sitename real 1 here.
########## end - redirect (www.)olddomain.com www.example.com
########## begin - force https pages
rewritecond %{server_port} !^443$
## alternatively, comment above line , uncomment following line:
# rewritecond %{https} ^off$ [nc]
rewriterule ^foobar\.html$ https://www.example.com/foobar.html [r=301,l]
## note: if http 500 error, please swap [r=301,l] [r,l]
# add more rules below line required
########## end - force https pages
########## begin - redirect index.php /
## note: change example.com reflect own domain name
rewritecond %{the_request} !^post
rewritecond %{the_request} ^[a-z]{3,9}\ /index\.php\ http/
rewritecond %{server_port}>s ^(443>(s)|[0-9]+>s)$
rewriterule ^index\.php$ http%2://www.misite.com/ja/$1 [r=301,l] <--- renamed real sitename here
## if above line throws 500 error, change [r=301,l] [r,l]
########## end - redirect index.php /
########## begin - redirect non-www www
rewritecond %{http_host} !^www\. [nc]
## if above throws http 500 error, swap [r=301,l] [r,l]
########## end - redirect non-www www
########## begin - redirect www non-www
## warning: comment out non-www www rule if choose use this
# rewritecond %{http_host} ^www\.(.+)$ [nc]
#
## if above throws http 500 error, swap [r=301,l] [r,l]
########## end - redirect non-www www
########## begin - custom internal rewrites
#
# if need internally rewrite specific url requests,
# place code here. ensure internal rewrites use the
# correct rewriterule syntax without domain name , [l] flag.
#
########## end - custom internal rewrites
########## begin - joomla! core sef section
#
rewriterule .* - [e=http_authorization:%{http:authorization}]
#
# if requested path , file not /index.php , request
# has not been internally rewritten index.php script
rewritecond %{request_uri} !^/index\.php
# , request site root, or extensionless url,
# or requested url ends 1 of listed extensions
rewritecond %{request_uri} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw|ini|zip|json|file))$ [nc]
# , requested path , file doesn't directly match physical file
rewritecond %{request_filename} !-f
# , requested path doesn't directly match physical folder
rewritecond %{request_filename} !-d
# internally rewrite request index.php script
rewriterule .* index.php [l]
#
########## end - joomla! core sef section
########## begin - optimal default expiration time
## note: might cause problems , might have comment out by
## placing hash in front of section's lines
<ifmodule mod_expires.c>
# enable expiration control
expiresactive on
# default expiration: 1 hour after request
expiresdefault "now plus 1 hour"
# css , js expiration: 1 week after request
expiresbytype text/css "now plus 1 week"
expiresbytype application/javascript "now plus 1 week"
expiresbytype application/x-javascript "now plus 1 week"
# image files expiration: 1 month after request
expiresbytype image/bmp "now plus 1 month"
expiresbytype image/gif "now plus 1 month"
expiresbytype image/jpeg "now plus 1 month"
expiresbytype image/jp2 "now plus 1 month"
expiresbytype image/pipeg "now plus 1 month"
expiresbytype image/png "now plus 1 month"
expiresbytype image/svg+xml "now plus 1 month"
expiresbytype image/tiff "now plus 1 month"
expiresbytype image/vnd.microsoft.icon "now plus 1 month"
expiresbytype image/x-icon "now plus 1 month"
expiresbytype image/ico "now plus 1 month"
expiresbytype image/icon "now plus 1 month"
expiresbytype text/ico "now plus 1 month"
expiresbytype application/ico "now plus 1 month"
expiresbytype image/vnd.wap.wbmp "now plus 1 month"
expiresbytype application/vnd.wap.wbxml "now plus 1 month"
expiresbytype application/smil "now plus 1 month"
# audio files expiration: 1 month after request
expiresbytype audio/basic "now plus 1 month"
expiresbytype audio/mid "now plus 1 month"
expiresbytype audio/midi "now plus 1 month"
expiresbytype audio/mpeg "now plus 1 month"
expiresbytype audio/x-aiff "now plus 1 month"
expiresbytype audio/x-mpegurl "now plus 1 month"
expiresbytype audio/x-pn-realaudio "now plus 1 month"
expiresbytype audio/x-wav "now plus 1 month"
# movie files expiration: 1 month after request
expiresbytype application/x-shockwave-flash "now plus 1 month"
expiresbytype x-world/x-vrml "now plus 1 month"
expiresbytype video/x-msvideo "now plus 1 month"
expiresbytype video/mpeg "now plus 1 month"
expiresbytype video/mp4 "now plus 1 month"
expiresbytype video/quicktime "now plus 1 month"
expiresbytype video/x-la-asf "now plus 1 month"
expiresbytype video/x-ms-asf "now plus 1 month"
</ifmodule>
i have 2 different joomla (1.5.26) running under www/ja , www/asterisk directories under same account. have placed .htaccess file based on forum's faq under www each joomla home directory. results this:
www/ja - works fine
www/asterisk - text shown, no graphics, no script running
if remove .htaccess www, both ja , asterisk sites work fine.
i went on , modified www/asterisk/.htaccess 1 below, hoping start identifying preventing asterisk site showing up:
code: select all
order deny,allow
deny all
allow allstill, asterisk show text. can please tell me wrong .htaccess file under www cause this?
.htaccess user/www :
###############################################################################
## master .htaccess
##
## version 2.5 (proposed) - may 16th, 2011
##
## ----------
########## begin - rewriteengine enabled
rewriteengine on
########## end - rewriteengine enabled
########## begin - rewritebase
# uncomment following line if webserver's url
# not directly related physical file paths.
# update joomla! directory (just / root)
# rewritebase /
########## end - rewritebase
########## begin - no directory listings
## note: +followsymlinks may cause problems , might have remove it
indexignore *
options +followsymlinks -indexes
########## end - no directory listings
########## begin - file execution order, komra.de
directoryindex index.php index.html
########## end - file execution order
########## begin - etag optimization
## rule create etag files based on modification
## timestamp , size. works wonders if using rsync'ed
## servers, inode number of identical files differs.
## note: may cause problems on server , may need remove it
fileetag mtime size
########## end - etag optimization
########## begin - common hacking tools , bandwidth hoggers block
## sigsiu.net , @nikosdion.
# line disables akeeba remote control 2.5 , earlier
setenvif user-agent "indy library" stayout=1
# warning: disabling wget block common method for
# running cron jobs. remove if have issues cron jobs.
setenvif user-agent "wget" stayout=1
# following rules bandwidth-hogging download tools
setenvif user-agent "libwww-perl" stayout=1
setenvif user-agent "download demon" stayout=1
setenvif user-agent "getright" stayout=1
setenvif user-agent "getweb!" stayout=1
setenvif user-agent "go!zilla" stayout=1
setenvif user-agent "go-ahead-got-it" stayout=1
setenvif user-agent "grabnet" stayout=1
setenvif user-agent "turnitinbot" stayout=1
# line denies access of above tools
deny env=stayout
########## end - common hacking tools , bandwidth hoggers block
########## begin - automatic compression of resources
addoutputfilterbytype deflate text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
########## end - automatic compression of resources
########## begin - add optional bad user agent or ip blocking code
#
# if need block user agents or ip addresses and
# other signatures, place code here. ensure rules use
# correct rewriterule syntax , [f] flag.
#
########## end - add optional bad user agent or ip blocking code
########## begin - rewrite rules block out common exploits
## if experience problems on site block out operations listed below
## attempts block common type of exploit `attempts` joomla!
#
# if request query string contains /proc/self/environ (by sigsiu.net)
rewritecond %{query_string} proc/self/environ [or]
# block out script trying set mosconfig value through url
# (these attacks wouldn't work w/out joomla! 1.5's legacy mode plugin)
rewritecond %{query_string} mosconfig_[a-za-z_]{1,21}(=|\%3d) [or]
# block out script trying base64_encode or base64_decode data within url
rewritecond %{query_string} base64_(en|de)code[^(]*\([^)]*\) [or]
## important: if above line throws http 500 error, replace these 2 lines:
# rewritecond %{query_string} base64_encode\(.*\) [or]
# rewritecond %{query_string} base64_decode\(.*\) [or]
# block out script includes <script> tag in url
rewritecond %{query_string} (<|%3c)([^s]*s)+cript.*(>|%3e) [nc,or]
# block out script trying set php globals variable via url
rewritecond %{query_string} globals(=|\[|\%[0-9a-z]{0,2}) [or]
# block out script trying modify _request variable via url
rewritecond %{query_string} _request(=|\[|\%[0-9a-z]{0,2})
# return 403 forbidden header , show content of root homepage
rewriterule .* index.php [f]
#
########## end - rewrite rules block out common exploits
########## begin - file injection protection, sigsiu.net
rewritecond %{request_method} get
rewritecond %{query_string} [a-za-z0-9_]=http:// [or]
rewritecond %{query_string} [a-za-z0-9_]=(\.\.//?)+ [or]
rewritecond %{query_string} [a-za-z0-9_]=/([a-z0-9_.]//?)+ [nc]
rewriterule .* - [f]
########## end - file injection protection
########## begin - basic antispam filter, sigsiu.net
## removed common words, tweak liking
## code uses pcre , works apache 2.x.
## code not work apache 1.x servers.
rewritecond %{query_string} \b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b [nc,or]
rewritecond %{query_string} \b(erections|hoodia|huronriveracres|impotence|levitra|libido|footbal|.info|.ru)\b [nc,or]
rewritecond %{query_string} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b [nc,or]
rewritecond %{query_string} \b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b [nc]
## note: final rewritecond must not use [or] flag.
rewriterule .* - [f]
## note: previous lines "compressed" version
## of filters. can add own filters as:
## rewritecond %{query_string} \bbadword\b [nc,or]
## "badword" word want exclude.
########## end - basic antispam filter, sigsiu.net
########## begin - advanced server protection - query strings, referrer , config
# advanced server protection, version 3.2 - may 2011
# nicholas k. dionysopoulos
## disallow php easter eggs (can used in fingerprinting attacks determine
## php version). see http://www.0php.com/php_easter_egg.php and
## http://osvdb.org/12184 more information
rewritecond %{query_string} \=php[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [nc]
rewriterule .* - [f]
## sqli first line of defense, radek suski (sigsiu.net) @
## http://www.sigsiu.net/presentations/for ... bsite.html
## may cause problems on legitimate requests
rewritecond %{query_string} concat[^\(]*\( [nc,or]
rewritecond %{query_string} union([^s]*s)+elect [nc,or]
rewritecond %{query_string} union([^a]*a)+ll([^s]*s)+elect [nc]
rewriterule .* - [f]
## referrer filtering common media files. replace own domain name.
## blocks common fingerprinting attacks
## note: change www\.example\.com own domain name, substituting the
## dots \. i.e. use www\.example\.com www.example.com
rewriterule ^images/stories/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [l]
rewritecond %{request_filename} -f
rewriterule \.(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [f]
## disallow visual fingerprinting of joomla! sites (module position dump)
rewritecond %{query_string} (^|&)tmpl=(component|system) [nc]
rewriterule .* - [l]
rewritecond %{query_string} (^|&)t(p|emplate|mpl)= [nc]
rewriterule .* - [f]
## disallow access htaccess.txt, configuration.php, configuration.php-dist , php.ini
rewriterule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ - [f]
########## end - advanced server protection - query strings, referrer , config
########## begin - advanced server protection rules exceptions ####
##
## these sample exceptions advanced server protection 3.1
## rule set further down file.
##
## allow uddeim captcha
rewriterule ^components/com_uddeim/captcha15\.php$ - [l]
## allow phil taylor's turbo gears
rewriterule ^plugins/system/googlegears/gears-manifest\.php$ - [l]
## allow joomlaworks allvideos
rewriterule ^plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php$ - [l]
## allow admin tools joomla! updater run
rewriterule ^administrator/components/com_admintools/restore\.php$ - [l]
## allow akeeba backup professional's integrated restoration script run
rewriterule ^administrator/components/com_akeeba/restore\.php$ - [l]
## allow akeeba kickstart
rewriterule ^kickstart\.php$ - [l]
# add more rules single php files here
## allow agora attachments, not php files in directory!
rewritecond %{request_filename} !(\.php)$
rewritecond %{request_filename} -f
rewriterule ^components/com_agora/img/members/ - [l]
# add more rules allowing full access (except php files) on more directories here
## uncomment allow full access cache directory (strongly not recommended!)
#rewriterule ^cache/ - [l]
## uncomment allow full access tmp directory (strongly not recommended!)
#rewriterule ^tmp/ - [l]
# add more full access rules here
########## end - advanced server protection rules exceptions ####
########## begin - advanced server protection - paths , files
# advanced server protection, version 3.2 - may 2011
# nicholas k. dionysopoulos
## back-end protection
## blocks fingerprinting attacks browsing xml , ini files
rewriterule ^administrator/?$ - [l]
rewriterule ^administrator/index\.(php|html?)$ - [l]
rewriterule ^administrator/index[23]\.php$ - [l]
rewriterule ^administrator/(components|modules|templates|images|plugins)/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$ - [l]
rewriterule ^administrator/ - [f]
## explicitly allow access xml-rpc's xmlrpc/index.php or plain xmlrpc/ directory
rewriterule ^xmlrpc/(index\.php)?$ - [l]
rewriterule ^xmlrpc/ - [f]
## disallow front-end access joomla! system directories
rewriterule ^includes/js/ - [l]
rewriterule ^(cache|includes|language|libraries|logs|tmp)/ - [f]
## allow limited access joomla! system directories client-accessible content
rewriterule ^(components|modules|plugins|templates)/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$ - [l]
rewriterule ^(components|modules|plugins|templates)/ - [f]
## disallow access rogue php files throughout site, unless explicitly allowed
rewritecond %{request_filename} \.php$
rewritecond %{request_filename} !/index[23]?\.php$
## next line explicitly allow forum post assistant(fpa-xx)script run
rewritecond %{request_filename} !/fpa-[a-z]{2}\.php
rewritecond %{request_filename} -f
rewriterule ^([^/]+/)*([^/.]+\.)+php$ - [f]
########## end - advanced server protection - paths , files
########## begin - redirect (www.)olddomain.com www.example.com
redirect /index.html http://mysite. com/ja/ <--- renamed sitename real 1 here.
########## end - redirect (www.)olddomain.com www.example.com
########## begin - force https pages
rewritecond %{server_port} !^443$
## alternatively, comment above line , uncomment following line:
# rewritecond %{https} ^off$ [nc]
rewriterule ^foobar\.html$ https://www.example.com/foobar.html [r=301,l]
## note: if http 500 error, please swap [r=301,l] [r,l]
# add more rules below line required
########## end - force https pages
########## begin - redirect index.php /
## note: change example.com reflect own domain name
rewritecond %{the_request} !^post
rewritecond %{the_request} ^[a-z]{3,9}\ /index\.php\ http/
rewritecond %{server_port}>s ^(443>(s)|[0-9]+>s)$
rewriterule ^index\.php$ http%2://www.misite.com/ja/$1 [r=301,l] <--- renamed real sitename here
## if above line throws 500 error, change [r=301,l] [r,l]
########## end - redirect index.php /
########## begin - redirect non-www www
rewritecond %{http_host} !^www\. [nc]
## if above throws http 500 error, swap [r=301,l] [r,l]
########## end - redirect non-www www
########## begin - redirect www non-www
## warning: comment out non-www www rule if choose use this
# rewritecond %{http_host} ^www\.(.+)$ [nc]
#
## if above throws http 500 error, swap [r=301,l] [r,l]
########## end - redirect non-www www
########## begin - custom internal rewrites
#
# if need internally rewrite specific url requests,
# place code here. ensure internal rewrites use the
# correct rewriterule syntax without domain name , [l] flag.
#
########## end - custom internal rewrites
########## begin - joomla! core sef section
#
rewriterule .* - [e=http_authorization:%{http:authorization}]
#
# if requested path , file not /index.php , request
# has not been internally rewritten index.php script
rewritecond %{request_uri} !^/index\.php
# , request site root, or extensionless url,
# or requested url ends 1 of listed extensions
rewritecond %{request_uri} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw|ini|zip|json|file))$ [nc]
# , requested path , file doesn't directly match physical file
rewritecond %{request_filename} !-f
# , requested path doesn't directly match physical folder
rewritecond %{request_filename} !-d
# internally rewrite request index.php script
rewriterule .* index.php [l]
#
########## end - joomla! core sef section
########## begin - optimal default expiration time
## note: might cause problems , might have comment out by
## placing hash in front of section's lines
<ifmodule mod_expires.c>
# enable expiration control
expiresactive on
# default expiration: 1 hour after request
expiresdefault "now plus 1 hour"
# css , js expiration: 1 week after request
expiresbytype text/css "now plus 1 week"
expiresbytype application/javascript "now plus 1 week"
expiresbytype application/x-javascript "now plus 1 week"
# image files expiration: 1 month after request
expiresbytype image/bmp "now plus 1 month"
expiresbytype image/gif "now plus 1 month"
expiresbytype image/jpeg "now plus 1 month"
expiresbytype image/jp2 "now plus 1 month"
expiresbytype image/pipeg "now plus 1 month"
expiresbytype image/png "now plus 1 month"
expiresbytype image/svg+xml "now plus 1 month"
expiresbytype image/tiff "now plus 1 month"
expiresbytype image/vnd.microsoft.icon "now plus 1 month"
expiresbytype image/x-icon "now plus 1 month"
expiresbytype image/ico "now plus 1 month"
expiresbytype image/icon "now plus 1 month"
expiresbytype text/ico "now plus 1 month"
expiresbytype application/ico "now plus 1 month"
expiresbytype image/vnd.wap.wbmp "now plus 1 month"
expiresbytype application/vnd.wap.wbxml "now plus 1 month"
expiresbytype application/smil "now plus 1 month"
# audio files expiration: 1 month after request
expiresbytype audio/basic "now plus 1 month"
expiresbytype audio/mid "now plus 1 month"
expiresbytype audio/midi "now plus 1 month"
expiresbytype audio/mpeg "now plus 1 month"
expiresbytype audio/x-aiff "now plus 1 month"
expiresbytype audio/x-mpegurl "now plus 1 month"
expiresbytype audio/x-pn-realaudio "now plus 1 month"
expiresbytype audio/x-wav "now plus 1 month"
# movie files expiration: 1 month after request
expiresbytype application/x-shockwave-flash "now plus 1 month"
expiresbytype x-world/x-vrml "now plus 1 month"
expiresbytype video/x-msvideo "now plus 1 month"
expiresbytype video/mpeg "now plus 1 month"
expiresbytype video/mp4 "now plus 1 month"
expiresbytype video/quicktime "now plus 1 month"
expiresbytype video/x-la-asf "now plus 1 month"
expiresbytype video/x-ms-asf "now plus 1 month"
</ifmodule>
please read documentation provided htaccess. viewtopic.php?f=432&t=549841 place discuss issues user provided alternative standard htaccess file
Comments
Post a Comment