# Kirby .htaccess # revision 2020-06-15 # rewrite rules # enable awesome urls. i.e.: # http://yourdomain.com/about-us/team RewriteEngine on # make sure to set the RewriteBase correctly # if you are running the site in a subfolder; # otherwise links or the entire site will break. # # If your homepage is http://yourdomain.com/mysite, # set the RewriteBase to: # # RewriteBase /mysite # In some environments it's necessary to # set the RewriteBase to: # RewriteBase / # block files and folders beginning with a dot, such as .git # except for the .well-known folder, which is used for Let's Encrypt and security.txt RewriteRule (^|/)\.(?!well-known\/) index.php [L] # block all files in the content folder from being accessed directly RewriteRule ^content/(.*) index.php [L] # block all files in the site folder from being accessed directly RewriteRule ^site/(.*) index.php [L] # block direct access to Kirby and the Panel sources RewriteRule ^kirby/(.*) index.php [L] # make site links work RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*) index.php [L] # pass the Authorization header to PHP SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 # compress text file responses AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript ## Custom htaccess # block update scripts RewriteRule ^(.*).sh$ error [R=301,L] # block git repo RewriteRule ^.git/(.*) error [R=301,L] RewriteRule ^.gitattributes error [R=301,L] RewriteRule ^.gitignore error [R=301,L] RewriteRule ^.gitmodules error [R=301,L] # enable browser caching headers AddType image/svg+xml .svg AddType application/vnd.ms-fontobject .eot AddType application/x-font-opentype .otf AddType application/x-font-ttf .ttf AddType application/font-woff .woff ExpiresActive On ExpiresDefault "access plus 1 seconds" ExpiresByType text/html "access plus 1 hour" ExpiresByType text/xml "access plus 1 hour" ExpiresByType text/css "access plus 1 month" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType text/javascript "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType application/vnd.ms-fontobject "access plus 1 year" ExpiresByType application/x-font-opentype "access plus 1 year" ExpiresByType application/x-font-ttf "access plus 1 year" ExpiresByType application/font-woff "access plus 1 year"