Manage cookies that are used for advertising, such as ad personalization, remarketing, and ad effectiveness analysis.
2.14.13.9. Standard .htaccess for Magento 2.3
The contents of the default .htaccess for Magento 2.3 (GitHub):
- From site root directory (GitHub) — for compatibility with our hosting, the directive in line 143 has been changed and a number of directives in the range of lines 211-379 have been commented out:
############################################ ## overrides deployment configuration mode value ## use command bin/magento deploy:mode:set to switch modes # SetEnv MAGE_MODE developer ############################################ ## uncomment these lines for CGI mode ## make sure to specify the correct cgi php binary file name ## it might be /cgi-bin/php-cgi # Action php5-cgi /cgi-bin/php5-cgi # AddHandler php5-cgi .php ############################################ ## GoDaddy specific options # Options -MultiViews ## you might also need to add this line to php.ini ## cgi.fix_pathinfo = 1 ## if it still doesn't work, rename php.ini to php5.ini ############################################ ## this line is specific for 1and1 hosting #AddType x-mapp-php5 .php #AddHandler x-mapp-php5 .php ############################################ ## enable usage of methods arguments in backtrace SetEnv MAGE_DEBUG_SHOW_ARGS 1 ############################################ ## default index file DirectoryIndex index.php <IfModule mod_php5.c> ############################################ ## adjust memory limit php_value memory_limit 756M php_value max_execution_time 18000 ############################################ ## disable automatic session start ## before autoload was initialized php_flag session.auto_start off ############################################ ## enable resulting html compression #php_flag zlib.output_compression on ########################################### ## disable user agent verification to not break multiple image upload php_flag suhosin.session.cryptua off </IfModule> <IfModule mod_php7.c> ############################################ ## adjust memory limit php_value memory_limit 756M php_value max_execution_time 18000 ############################################ ## disable automatic session start ## before autoload was initialized php_flag session.auto_start off ############################################ ## enable resulting html compression #php_flag zlib.output_compression on ########################################### ## disable user agent verification to not break multiple image upload php_flag suhosin.session.cryptua off </IfModule> <IfModule mod_security.c> ########################################### ## disable POST processing to not break multiple image upload SecFilterEngine Off SecFilterScanPOST Off </IfModule> <IfModule mod_deflate.c> ############################################ ## enable apache served files compression ## http://developer.yahoo.com/performance/rules.html#gzip # Insert filter on all content ###SetOutputFilter DEFLATE # Insert filter on selected content types only #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json image/svg+xml # Netscape 4.x has some problems... #BrowserMatch ^Mozilla/4 gzip-only-text/html # Netscape 4.06-4.08 have some more problems #BrowserMatch ^Mozilla/4\.0[678] no-gzip # MSIE masquerades as Netscape, but it is fine #BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # Don't compress images #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary # Make sure proxies don't deliver the wrong content #Header append Vary User-Agent env=!dont-vary </IfModule> <IfModule mod_ssl.c> ############################################ ## make HTTPS env vars available for CGI mode SSLOptions StdEnvVars </IfModule> ############################################ ## workaround for Apache 2.4.6 CentOS build when working via ProxyPassMatch with HHVM (or any other) ## Please, set it on virtual host configuration level ## SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 ############################################ <IfModule mod_rewrite.c> ############################################ ## enable rewrites Options +SymLinksIfOwnerMatch RewriteEngine on ############################################ ## you can put here your magento root folder ## path relative to web root #RewriteBase /magento/ ############################################ ## workaround for HTTP authorization ## in CGI environment RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] ############################################ ## TRACE and TRACK HTTP methods disabled to prevent XSS attacks RewriteCond %{REQUEST_METHOD} ^TRAC[EK] RewriteRule .* - [L,R=405] ############################################ ## redirect for mobile user agents #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$ #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC] #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302] ############################################ ## never rewrite for existing files, directories and links RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l ############################################ ## rewrite everything else to index.php RewriteRule .* index.php [L] </IfModule> ############################################ ## Prevent character encoding issues from server overrides ## If you still have problems, use the second line instead AddDefaultCharset Off #AddDefaultCharset UTF-8 AddType 'text/html; charset=UTF-8' html <IfModule mod_expires.c> ############################################ ## Add default Expires header ## http://developer.yahoo.com/performance/rules.html#expires ExpiresDefault "access plus 1 year" ExpiresByType text/html A0 ExpiresByType text/plain A0 </IfModule> ########################################### ## Deny access to root files to hide sensitive application information RedirectMatch 403 /\.git <Files composer.json> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files composer.lock> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files .gitignore> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files .htaccess> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files .htaccess.sample> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files .php_cs.dist> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files .travis.yml> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files CHANGELOG.md> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files COPYING.txt> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files Gruntfile.js> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files LICENSE.txt> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files LICENSE_AFL.txt> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files nginx.conf.sample> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files package.json> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files php.ini.sample> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files README.md> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files magento_umask> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files auth.json> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <Files .user.ini> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> # For 404s and 403s that aren't handled by the application, show plain 404 response ErrorDocument 404 /pub/errors/404.php ErrorDocument 403 /pub/errors/404.php ################################ ## If running in cluster environment, uncomment this ## http://developer.yahoo.com/performance/rules.html#etags #FileETag none # ###################################################################### # # INTERNET EXPLORER # # ###################################################################### # ---------------------------------------------------------------------- # | Document modes | # ---------------------------------------------------------------------- # Force Internet Explorer 8/9/10 to render pages in the highest mode # available in the various cases when it may not. # # https://hsivonen.fi/doctype/#ie8 # # (!) Starting with Internet Explorer 11, document modes are deprecated. # If your business still relies on older web apps and services that were # designed for older versions of Internet Explorer, you might want to # consider enabling `Enterprise Mode` throughout your company. # # https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode # http://blogs.msdn.com/b/ie/archive/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11.aspx <IfModule mod_headers.c> Header set X-UA-Compatible "IE=edge" # `mod_headers` cannot match based on the content-type, however, # the `X-UA-Compatible` response header should be send only for # HTML documents and not for the other resources. <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$"> Header unset X-UA-Compatible </FilesMatch> </IfModule> - From the
pubsubdirectory (GitHub) — for compatibility with our hosting, the directive in line 129 has been changed and a number of directives in the range of lines 188-226 have been commented out:############################################ ## Optional override of deployment mode. We recommend you use the ## command bin/magento deploy:mode:set to switch modes instead # Options are default, production, or developer # SetEnv MAGE_MODE default ############################################ ## Uncomment these lines for CGI mode. ## Make sure to specify the correct cgi php binary file name ## it might be /cgi-bin/php-cgi # Action php5-cgi /cgi-bin/php5-cgi # AddHandler php5-cgi .php ############################################ ## GoDaddy specific options # Options -MultiViews ## You might also need to add this line to php.ini ## cgi.fix_pathinfo = 1 ## If it still doesn't work, rename php.ini to php5.ini ############################################ ## This line is specific for 1and1 hosting #AddType x-mapp-php5 .php #AddHandler x-mapp-php5 .php ############################################ ## Default index file DirectoryIndex index.php <IfModule mod_php5.c> ############################################ ## Adjust memory limit php_value memory_limit 756M php_value max_execution_time 18000 ############################################ ## Disable automatic session start ## before autoload was initialized php_flag session.auto_start off ############################################ # Disable user agent verification to not break multiple image upload php_flag suhosin.session.cryptua off </IfModule> <IfModule mod_php7.c> ############################################ ## Adjust memory limit php_value memory_limit 756M php_value max_execution_time 18000 ############################################ ## Disable automatic session start ## before autoload was initialized php_flag session.auto_start off ############################################ ## Enable resulting html compression #php_flag zlib.output_compression on ########################################### # Disable user agent verification to not break multiple image upload php_flag suhosin.session.cryptua off </IfModule> <IfModule mod_security.c> ########################################### # Disable POST processing to not break multiple image upload SecFilterEngine Off SecFilterScanPOST Off </IfModule> <IfModule mod_deflate.c> ############################################ ## Enable apache served files compression ## http://developer.yahoo.com/performance/rules.html#gzip # Insert filter on all content ###SetOutputFilter DEFLATE # Insert filter on selected content types only #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript # Netscape 4.x has some problems... #BrowserMatch ^Mozilla/4 gzip-only-text/html # Netscape 4.06-4.08 have some more problems #BrowserMatch ^Mozilla/4\.0[678] no-gzip # MSIE masquerades as Netscape, but it is fine #BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # Don't compress images #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary # Make sure proxies don't deliver the wrong content #Header append Vary User-Agent env=!dont-vary </IfModule> <IfModule mod_ssl.c> ############################################ ## Make HTTPS env vars available for CGI mode SSLOptions StdEnvVars </IfModule> <IfModule mod_rewrite.c> ############################################ ## Enable rewrites Options +SymLinksIfOwnerMatch RewriteEngine on ############################################ ## You can put here your magento root folder ## path relative to web root #RewriteBase /magento/ ############################################ ## Workaround for HTTP authorization ## in CGI environment RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] ############################################ ## TRACE and TRACK HTTP methods disabled to prevent XSS attacks RewriteCond %{REQUEST_METHOD} ^TRAC[EK] RewriteRule .* - [L,R=405] ############################################ ## Never rewrite for existing files, directories and links RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l ############################################ ## Rewrite everything else to index.php RewriteRule .* index.php [L] </IfModule> ############################################ ## Prevent character encoding issues from server overrides ## If you still have problems, use the second line instead AddDefaultCharset Off #AddDefaultCharset UTF-8 <IfModule mod_expires.c> ############################################ ## Add default Expires header ## http://developer.yahoo.com/performance/rules.html#expires ExpiresDefault "access plus 1 year" ExpiresByType text/html A0 ExpiresByType text/plain A0 </IfModule> ########################################### ## Deny access to release notes to prevent disclosure of the installed Magento version <Files RELEASE_NOTES.txt> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> # For 404s and 403s that aren't handled by the application, show plain 404 response ErrorDocument 404 /errors/404.php ErrorDocument 403 /errors/404.php ############################################ ## If running in cluster environment, uncomment this ## http://developer.yahoo.com/performance/rules.html#etags #FileETag none ########################################### ## Deny access to cron.php <Files cron.php> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> ## Deny access to .user.ini <Files .user.ini> # <IfVersion < 2.4> # order allow,deny # deny from all # </IfVersion> # <IfVersion >= 2.4> Require all denied # </IfVersion> </Files> <IfModule mod_headers.c> ############################################ ## Prevent clickjacking Header set X-Frame-Options SAMEORIGIN </IfModule> - From the
pub/staticsubdirectory. (GitHub):<IfModule mod_php5.c> php_flag engine 0 </IfModule> <IfModule mod_php7.c> php_flag engine 0 </IfModule> # To avoid situation when web server automatically adds extension to path Options -MultiViews <IfModule mod_rewrite.c> RewriteEngine On ## you can put here your pub/static folder path relative to web root #RewriteBase /magento/pub/static/ # Remove signature of the static files that is used to overcome the browser cache RewriteRule ^version.+?/(.+)$ $1 [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-l RewriteRule .* ../static.php?resource=$0 [L] # Detects if moxieplayer request with uri params and redirects to uri without params <Files moxieplayer.swf> RewriteCond %{QUERY_STRING} !^$ RewriteRule ^(.*)$ %{REQUEST_URI}? [R=301,L] </Files> </IfModule> ############################################ ## setting MIME types # JavaScript AddType application/javascript js jsonp AddType application/json json # HTML AddType text/html html # CSS AddType text/css css # Images and icons AddType image/x-icon ico AddType image/gif gif AddType image/png png AddType image/jpeg jpg AddType image/jpeg jpeg # SVG AddType image/svg+xml svg # Fonts AddType application/vnd.ms-fontobject eot AddType application/x-font-ttf ttf AddType application/x-font-otf otf AddType application/x-font-woff woff AddType application/font-woff2 woff2 # Flash AddType application/x-shockwave-flash swf # Archives and exports AddType application/zip gzip AddType application/x-gzip gz gzip AddType application/x-bzip2 bz2 AddType text/csv csv AddType application/xml xml <IfModule mod_headers.c> <FilesMatch .*\.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|json)$> Header append Cache-Control public </FilesMatch> <FilesMatch .*\.(zip|gz|gzip|bz2|csv|xml)$> Header append Cache-Control no-store </FilesMatch> </IfModule> <IfModule mod_expires.c> ############################################ ## Add default Expires header ## http://developer.yahoo.com/performance/rules.html#expires ExpiresActive On # Data <FilesMatch \.(zip|gz|gzip|bz2|csv|xml)$> ExpiresDefault "access plus 0 seconds" </FilesMatch> ExpiresByType text/xml "access plus 0 seconds" ExpiresByType text/csv "access plus 0 seconds" ExpiresByType application/json "access plus 0 seconds" ExpiresByType application/zip "access plus 0 seconds" ExpiresByType application/x-gzip "access plus 0 seconds" ExpiresByType application/x-bzip2 "access plus 0 seconds" # CSS, JavaScript, html <FilesMatch \.(css|js|html|json)$> ExpiresDefault "access plus 1 year" </FilesMatch> ExpiresByType text/css "access plus 1 year" ExpiresByType text/html "access plus 1 year" ExpiresByType application/javascript "access plus 1 year" ExpiresByType application/json "access plus 1 year" # Favicon, images, flash <FilesMatch \.(ico|gif|png|jpg|jpeg|swf|svg)$> ExpiresDefault "access plus 1 year" </FilesMatch> ExpiresByType image/gif "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/jpg "access plus 1 year" ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" # Fonts <FilesMatch \.(eot|ttf|otf|svg|woff|woff2)$> ExpiresDefault "access plus 1 year" </FilesMatch> ExpiresByType application/vnd.ms-fontobject "access plus 1 year" ExpiresByType application/x-font-ttf "access plus 1 year" ExpiresByType application/x-font-otf "access plus 1 year" ExpiresByType application/x-font-woff "access plus 1 year" ExpiresByType application/font-woff2 "access plus 1 year" </IfModule>