No-.htaccess httpd.conf file for Magento

A couple of days ago I wrote a blog post on how why you should not use .htaccess files, or AllowOverride != All, on a production web server.  What you should do is place the .htaccess configuration information into your httpd.conf file instead.

So of course I was asked what that would look like.  So here it is.  I took all of the .htaccess settings, stripped some of the superfuous ones and removed the comments ( for clarity 🙂 ) and here is what you have.  Customize for your own site, of course.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<VirtualHost *:80>
	ServerName magento.loc
	DocumentRoot /var/www/html
	DirectoryIndex index.php
 
	<Directory /var/www/html/var/>
		Order deny,allow
		Deny from all
	</Directory>
 
	<Directory /var/www/html/>
		AllowOverride None
		<IfModule mod_php5.c>
 
		    php_value memory_limit 128M
		    php_value max_execution_time 18000
 
		    php_flag magic_quotes_gpc off
		    php_flag session.auto_start off
 
		</IfModule>
 
		<IfModule mod_security.c>
		    SecFilterEngine Off
		    SecFilterScanPOST Off
		</IfModule>
 
		<IfModule mod_ssl.c>
		    SSLOptions StdEnvVars
		</IfModule>
		<IfModule mod_rewrite.c>
 
		    Options +FollowSymLinks
		    RewriteEngine on
 
		    #RewriteBase /magento/
		    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
		    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
		    RewriteCond %{REQUEST_FILENAME} !-f
		    RewriteCond %{REQUEST_FILENAME} !-d
		    RewriteCond %{REQUEST_FILENAME} !-l
		    RewriteRule .* index.php [L]
 
		</IfModule>
 
		    AddDefaultCharset Off
		    #AddDefaultCharset UTF-8

		<IfModule mod_expires.c>
		    ExpiresDefault "access plus 1 year"
		</IfModule>
	    Order allow,deny
	    Allow from all
	</Directory>
 
	<Directory /var/www/html/includes/>
		Order deny,allow
		Deny from all
	</Directory>
 
	<Directory /var/www/html/errors/>
		<FilesMatch "\.(xml|phtml)$">
		    Deny from all
		</FilesMatch>
	</Directory>
 
	<Directory /var/www/html/pkginfo/>
		Order deny,allow
		Deny from all
	</Directory>
 
	<Directory /var/www/html/app/>
		Order deny,allow
		Deny from all
	</Directory>
 
	<Directory /var/www/html/lib/>
		Order deny,allow
		Deny from all
	</Directory>
 
	<Directory /var/www/html/downloader/>
		<IfModule mod_deflate.c>
 
		    RemoveOutputFilter DEFLATE
		    RemoveOutputFilter GZIP
 
		</IfModule>
 
		<Files ~ "\.(cfg|ini|xml)$">
		    order allow,deny
		    deny from all
		</Files>
	</Directory>
 
	<Directory /var/www/html/downloader/template/>
		Order deny,allow
		Deny from all
	</Directory>
 
	<Directory /var/www/html/media/>
		Options All -Indexes
		<IfModule mod_php5.c>
			php_flag engine 0
		</IfModule>
 
		AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
		Options -ExecCGI
 
		<IfModule mod_rewrite.c>
		    Options +FollowSymLinks
		    RewriteEngine on
		    RewriteCond %{REQUEST_FILENAME} !-f
		    RewriteRule .* ../get.php [L]
		</IfModule>
	</Directory>
 
	<Directory /var/www/html/media/customer/>
		Order deny,allow
		Deny from all
	</Directory>
 
	<Directory /var/www/html/media/downloadable/>
		Order deny,allow
		Deny from all
	</Directory>
 
</VirtualHost>

Related posts

2 thoughts on “No-.htaccess httpd.conf file for Magento

  1. colinmollenhour

    I scripted this process and posted about it almost three years ago. 😉
    http://colin.mollenhour.com/2010/06/30/the-right-way-to-optimize-apaches-htaccess-files/

  2. I used this script for my virtual hosting on the DigitalOcean account.  But the overwrite part does not work, even I used the command ‘sudo a2enmod rewrite’ to install the module.  Anyone knows how to fix it?

Leave a Comment