by Kevin Schroeder | 5:37 pm

A couple of days ago I wrote a blog post on how why you should not use .htaccess files, or AllowOverride != All, on a production web server.  What you should do is place the .htaccess configuration information into your httpd.conf file instead.

So of course I was asked what that would look like.  So here it is.  I took all of the .htaccess settings, stripped some of the superfuous ones and removed the comments ( for clarity 🙂 ) and here is what you have.  Customize for your own site, of course.

<VirtualHost *:80>
	ServerName magento.loc
	DocumentRoot /var/www/html
	DirectoryIndex index.php

	<Directory /var/www/html/var/>
		Order deny,allow
		Deny from all
	</Directory>

	<Directory /var/www/html/>
		AllowOverride None
		<IfModule mod_php5.c>

		    php_value memory_limit 128M
		    php_value max_execution_time 18000

		    php_flag magic_quotes_gpc off
		    php_flag session.auto_start off

		</IfModule>

		<IfModule mod_security.c>
		    SecFilterEngine Off
		    SecFilterScanPOST Off
		</IfModule>

		<IfModule mod_ssl.c>
		    SSLOptions StdEnvVars
		</IfModule>
		<IfModule mod_rewrite.c>

		    Options +FollowSymLinks
		    RewriteEngine on

		    #RewriteBase /magento/
		    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
		    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
		    RewriteCond %{REQUEST_FILENAME} !-f
		    RewriteCond %{REQUEST_FILENAME} !-d
		    RewriteCond %{REQUEST_FILENAME} !-l
		    RewriteRule .* index.php [L]

		</IfModule>

		    AddDefaultCharset Off
		    #AddDefaultCharset UTF-8

		<IfModule mod_expires.c>
		    ExpiresDefault "access plus 1 year"
		</IfModule>
	    Order allow,deny
	    Allow from all
	</Directory>

	<Directory /var/www/html/includes/>
		Order deny,allow
		Deny from all
	</Directory>

	<Directory /var/www/html/errors/>
		<FilesMatch "\.(xml|phtml)$">
		    Deny from all
		</FilesMatch>
	</Directory>

	<Directory /var/www/html/pkginfo/>
		Order deny,allow
		Deny from all
	</Directory>

	<Directory /var/www/html/app/>
		Order deny,allow
		Deny from all
	</Directory>

	<Directory /var/www/html/lib/>
		Order deny,allow
		Deny from all
	</Directory>

	<Directory /var/www/html/downloader/>
		<IfModule mod_deflate.c>

		    RemoveOutputFilter DEFLATE
		    RemoveOutputFilter GZIP

		</IfModule>

		<Files ~ "\.(cfg|ini|xml)$">
		    order allow,deny
		    deny from all
		</Files>
	</Directory>

	<Directory /var/www/html/downloader/template/>
		Order deny,allow
		Deny from all
	</Directory>

	<Directory /var/www/html/media/>
		Options All -Indexes
		<IfModule mod_php5.c>
			php_flag engine 0
		</IfModule>

		AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
		Options -ExecCGI

		<IfModule mod_rewrite.c>
		    Options +FollowSymLinks
		    RewriteEngine on
		    RewriteCond %{REQUEST_FILENAME} !-f
		    RewriteRule .* ../get.php [L]
		</IfModule>
	</Directory>

	<Directory /var/www/html/media/customer/>
		Order deny,allow
		Deny from all
	</Directory>

	<Directory /var/www/html/media/downloadable/>
		Order deny,allow
		Deny from all
	</Directory>

</VirtualHost>

Comments

colinmollenhour

I scripted this process and posted about it almost three years ago. 😉
http://colin.mollenhour.com/2010/06/30/the-right-way-to-optimize-apaches-htaccess-files/

Mar 19.2013 | 03:57 pm

adamshuy

I used this script for my virtual hosting on the DigitalOcean account.  But the overwrite part does not work, even I used the command ‘sudo a2enmod rewrite’ to install the module.  Anyone knows how to fix it?

Nov 26.2013 | 10:48 am

Leave a Reply

Your email address will not be published. Required fields are marked *