2.13.9.9. Standard .htaccess for Magento 2.3

Content of standard .htaccess for Magento 2.3 (GitHub):

  • From site root directory (GitHub):
    1. ############################################
    2. ## overrides deployment configuration mode value
    3. ## use command bin/magento deploy:mode:set to switch modes
    4.  
    5. #   SetEnv MAGE_MODE developer
    6.  
    7. ############################################
    8. ## uncomment these lines for CGI mode
    9. ## make sure to specify the correct cgi php binary file name
    10. ## it might be /cgi-bin/php-cgi
    11.  
    12. #    Action php5-cgi /cgi-bin/php5-cgi
    13. #    AddHandler php5-cgi .php
    14.  
    15. ############################################
    16. ## GoDaddy specific options
    17.  
    18. #   Options -MultiViews
    19.  
    20. ## you might also need to add this line to php.ini
    21. ##     cgi.fix_pathinfo = 1
    22. ## if it still doesn't work, rename php.ini to php5.ini
    23.  
    24. ############################################
    25. ## this line is specific for 1and1 hosting
    26.  
    27.     #AddType x-mapp-php5 .php
    28.     #AddHandler x-mapp-php5 .php
    29.  
    30. ############################################
    31. ## enable usage of methods arguments in backtrace
    32.  
    33.     SetEnv MAGE_DEBUG_SHOW_ARGS 1
    34.  
    35. ############################################
    36. ## default index file
    37.  
    38.     DirectoryIndex index.php
    39.  
    40. <IfModule mod_php5.c>
    41. ############################################
    42. ## adjust memory limit
    43.  
    44.     php_value memory_limit 756M
    45.     php_value max_execution_time 18000
    46.  
    47. ############################################
    48. ## disable automatic session start
    49. ## before autoload was initialized
    50.  
    51.     php_flag session.auto_start off
    52.  
    53. ############################################
    54. ## enable resulting html compression
    55.  
    56.     #php_flag zlib.output_compression on
    57.  
    58. ###########################################
    59. ## disable user agent verification to not break multiple image upload
    60.  
    61.     php_flag suhosin.session.cryptua off
    62. </IfModule>
    63. <IfModule mod_php7.c>
    64. ############################################
    65. ## adjust memory limit
    66.  
    67.     php_value memory_limit 756M
    68.     php_value max_execution_time 18000
    69.  
    70. ############################################
    71. ## disable automatic session start
    72. ## before autoload was initialized
    73.  
    74.     php_flag session.auto_start off
    75.  
    76. ############################################
    77. ## enable resulting html compression
    78.  
    79.     #php_flag zlib.output_compression on
    80.  
    81. ###########################################
    82. ## disable user agent verification to not break multiple image upload
    83.  
    84.     php_flag suhosin.session.cryptua off
    85. </IfModule>
    86. <IfModule mod_security.c>
    87. ###########################################
    88. ## disable POST processing to not break multiple image upload
    89.  
    90.     SecFilterEngine Off
    91.     SecFilterScanPOST Off
    92. </IfModule>
    93.  
    94. <IfModule mod_deflate.c>
    95.  
    96. ############################################
    97. ## enable apache served files compression
    98. ## http://developer.yahoo.com/performance/rules.html#gzip
    99.  
    100.     # Insert filter on all content
    101.     ###SetOutputFilter DEFLATE
    102.     # Insert filter on selected content types only
    103.     #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json image/svg+xml
    104.  
    105.     # Netscape 4.x has some problems...
    106.     #BrowserMatch ^Mozilla/4 gzip-only-text/html
    107.  
    108.     # Netscape 4.06-4.08 have some more problems
    109.     #BrowserMatch ^Mozilla/4\.0[678] no-gzip
    110.  
    111.     # MSIE masquerades as Netscape, but it is fine
    112.     #BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    113.  
    114.     # Don't compress images
    115.     #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
    116.  
    117.     # Make sure proxies don't deliver the wrong content
    118.     #Header append Vary User-Agent env=!dont-vary
    119.  
    120. </IfModule>
    121.  
    122. <IfModule mod_ssl.c>
    123.  
    124. ############################################
    125. ## make HTTPS env vars available for CGI mode
    126.  
    127.     SSLOptions StdEnvVars
    128.  
    129. </IfModule>
    130.  
    131. ############################################
    132. ## workaround for Apache 2.4.6 CentOS build when working via ProxyPassMatch with HHVM (or any other)
    133. ## Please, set it on virtual host configuration level
    134.  
    135. ##    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    136. ############################################
    137.  
    138. <IfModule mod_rewrite.c>
    139.  
    140. ############################################
    141. ## enable rewrites
    142.  
    143.     Options +SymLinksIfOwnerMatch
    144.     RewriteEngine on
    145.  
    146. ############################################
    147. ## you can put here your magento root folder
    148. ## path relative to web root
    149.  
    150.     #RewriteBase /magento/
    151.  
    152. ############################################
    153. ## workaround for HTTP authorization
    154. ## in CGI environment
    155.  
    156.     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    157.  
    158. ############################################
    159. ## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
    160.  
    161.     RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
    162.     RewriteRule .* - [L,R=405]
    163.  
    164. ############################################
    165. ## redirect for mobile user agents
    166.  
    167.     #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
    168.     #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
    169.     #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
    170.  
    171. ############################################
    172. ## never rewrite for existing files, directories and links
    173.  
    174.     RewriteCond %{REQUEST_FILENAME} !-f
    175.     RewriteCond %{REQUEST_FILENAME} !-d
    176.     RewriteCond %{REQUEST_FILENAME} !-l
    177.  
    178. ############################################
    179. ## rewrite everything else to index.php
    180.  
    181.     RewriteRule .* index.php [L]
    182.  
    183. </IfModule>
    184.  
    185.  
    186. ############################################
    187. ## Prevent character encoding issues from server overrides
    188. ## If you still have problems, use the second line instead
    189.  
    190.     AddDefaultCharset Off
    191.     #AddDefaultCharset UTF-8
    192.     AddType 'text/html; charset=UTF-8' html
    193.  
    194. <IfModule mod_expires.c>
    195.  
    196. ############################################
    197. ## Add default Expires header
    198. ## http://developer.yahoo.com/performance/rules.html#expires
    199.  
    200.     ExpiresDefault "access plus 1 year"
    201.     ExpiresByType text/html A0
    202.     ExpiresByType text/plain A0
    203.  
    204. </IfModule>
    205.  
    206. ###########################################
    207. ## Deny access to root files to hide sensitive application information
    208.     RedirectMatch 403 /\.git
    209.  
    210.     <Files composer.json>
    211. #        <IfVersion < 2.4>
    212. #            order allow,deny
    213. #            deny from all
    214. #        </IfVersion>
    215. #        <IfVersion >= 2.4>
    216.             Require all denied
    217. #        </IfVersion>
    218.     </Files>
    219.     <Files composer.lock>
    220. #        <IfVersion < 2.4>
    221. #            order allow,deny
    222. #            deny from all
    223. #        </IfVersion>
    224. #        <IfVersion >= 2.4>
    225.             Require all denied
    226. #        </IfVersion>
    227.     </Files>
    228.     <Files .gitignore>
    229. #        <IfVersion < 2.4>
    230. #            order allow,deny
    231. #            deny from all
    232. #        </IfVersion>
    233. #        <IfVersion >= 2.4>
    234.             Require all denied
    235. #        </IfVersion>
    236.     </Files>
    237.     <Files .htaccess>
    238. #        <IfVersion < 2.4>
    239. #            order allow,deny
    240. #            deny from all
    241. #        </IfVersion>
    242. #        <IfVersion >= 2.4>
    243.             Require all denied
    244. #        </IfVersion>
    245.     </Files>
    246.     <Files .htaccess.sample>
    247. #        <IfVersion < 2.4>
    248. #            order allow,deny
    249. #            deny from all
    250. #        </IfVersion>
    251. #        <IfVersion >= 2.4>
    252.             Require all denied
    253. #        </IfVersion>
    254.     </Files>
    255.     <Files .php_cs.dist>
    256. #        <IfVersion < 2.4>
    257. #            order allow,deny
    258. #            deny from all
    259. #        </IfVersion>
    260. #        <IfVersion >= 2.4>
    261.             Require all denied
    262. #        </IfVersion>
    263.     </Files>
    264.     <Files .travis.yml>
    265. #        <IfVersion < 2.4>
    266. #            order allow,deny
    267. #            deny from all
    268. #        </IfVersion>
    269. #        <IfVersion >= 2.4>
    270.             Require all denied
    271. #        </IfVersion>
    272.     </Files>
    273.     <Files CHANGELOG.md>
    274. #        <IfVersion < 2.4>
    275. #            order allow,deny
    276. #            deny from all
    277. #        </IfVersion>
    278. #        <IfVersion >= 2.4>
    279.             Require all denied
    280. #        </IfVersion>
    281.     </Files>
    282.     <Files COPYING.txt>
    283. #        <IfVersion < 2.4>
    284. #            order allow,deny
    285. #            deny from all
    286. #        </IfVersion>
    287. #        <IfVersion >= 2.4>
    288.             Require all denied
    289. #        </IfVersion>
    290.     </Files>
    291.     <Files Gruntfile.js>
    292. #        <IfVersion < 2.4>
    293. #            order allow,deny
    294. #            deny from all
    295. #        </IfVersion>
    296. #        <IfVersion >= 2.4>
    297.             Require all denied
    298. #        </IfVersion>
    299.     </Files>
    300.     <Files LICENSE.txt>
    301. #        <IfVersion < 2.4>
    302. #            order allow,deny
    303. #            deny from all
    304. #        </IfVersion>
    305. #        <IfVersion >= 2.4>
    306.             Require all denied
    307. #        </IfVersion>
    308.     </Files>
    309.     <Files LICENSE_AFL.txt>
    310. #        <IfVersion < 2.4>
    311. #            order allow,deny
    312. #            deny from all
    313. #        </IfVersion>
    314. #        <IfVersion >= 2.4>
    315.             Require all denied
    316. #        </IfVersion>
    317.     </Files>
    318.     <Files nginx.conf.sample>
    319. #        <IfVersion < 2.4>
    320. #            order allow,deny
    321. #            deny from all
    322. #        </IfVersion>
    323. #        <IfVersion >= 2.4>
    324.             Require all denied
    325. #        </IfVersion>
    326.     </Files>
    327.     <Files package.json>
    328. #        <IfVersion < 2.4>
    329. #            order allow,deny
    330. #            deny from all
    331. #        </IfVersion>
    332. #        <IfVersion >= 2.4>
    333.             Require all denied
    334. #        </IfVersion>
    335.     </Files>
    336.     <Files php.ini.sample>
    337. #        <IfVersion < 2.4>
    338. #            order allow,deny
    339. #            deny from all
    340. #        </IfVersion>
    341. #        <IfVersion >= 2.4>
    342.             Require all denied
    343. #        </IfVersion>
    344.     </Files>
    345.     <Files README.md>
    346. #        <IfVersion < 2.4>
    347. #            order allow,deny
    348. #            deny from all
    349. #        </IfVersion>
    350. #        <IfVersion >= 2.4>
    351.             Require all denied
    352. #        </IfVersion>
    353.     </Files>
    354.     <Files magento_umask>
    355. #        <IfVersion < 2.4>
    356. #            order allow,deny
    357. #            deny from all
    358. #        </IfVersion>
    359. #        <IfVersion >= 2.4>
    360.             Require all denied
    361. #        </IfVersion>
    362.     </Files>
    363.     <Files auth.json>
    364. #        <IfVersion < 2.4>
    365. #            order allow,deny
    366. #            deny from all
    367. #        </IfVersion>
    368. #        <IfVersion >= 2.4>
    369.             Require all denied
    370. #        </IfVersion>
    371.     </Files>
    372.     <Files .user.ini>
    373. #        <IfVersion < 2.4>
    374. #            order allow,deny
    375. #            deny from all
    376. #        </IfVersion>
    377. #        <IfVersion >= 2.4>
    378.             Require all denied
    379. #        </IfVersion>
    380.     </Files>
    381.  
    382. # For 404s and 403s that aren't handled by the application, show plain 404 response
    383. ErrorDocument 404 /pub/errors/404.php
    384. ErrorDocument 403 /pub/errors/404.php
    385.  
    386. ################################
    387. ## If running in cluster environment, uncomment this
    388. ## http://developer.yahoo.com/performance/rules.html#etags
    389.  
    390.     #FileETag none
    391.  
    392. # ######################################################################
    393. # # INTERNET EXPLORER                                                  #
    394. # ######################################################################
    395.  
    396. # ----------------------------------------------------------------------
    397. # | Document modes                                                     |
    398. # ----------------------------------------------------------------------
    399.  
    400. # Force Internet Explorer 8/9/10 to render pages in the highest mode
    401. # available in the various cases when it may not.
    402. #
    403. # https://hsivonen.fi/doctype/#ie8
    404. #
    405. # (!) Starting with Internet Explorer 11, document modes are deprecated.
    406. # If your business still relies on older web apps and services that were
    407. # designed for older versions of Internet Explorer, you might want to
    408. # consider enabling `Enterprise Mode` throughout your company.
    409. #
    410. # https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
    411. # http://blogs.msdn.com/b/ie/archive/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11.aspx
    412.  
    413. <IfModule mod_headers.c>
    414.  
    415.     Header set X-UA-Compatible "IE=edge"
    416.  
    417.     # `mod_headers` cannot match based on the content-type, however,
    418.     # the `X-UA-Compatible` response header should be send only for
    419.     # HTML documents and not for the other resources.
    420.  
    421.     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
    422.         Header unset X-UA-Compatible
    423.     </FilesMatch>
    424.  
    425. </IfModule>

    For compatibility with our hosting, the directive on line 143 has been changed and a number of directives in the range of lines 211-379 have been commented out.

  • From subdirectory pub (GitHub):
    1. ############################################
    2. ## Optional override of deployment mode. We recommend you use the
    3. ## command bin/magento deploy:mode:set to switch modes instead
    4.  
    5. # Options are default, production, or developer
    6. #   SetEnv MAGE_MODE default
    7.  
    8. ############################################
    9. ## Uncomment these lines for CGI mode.
    10. ## Make sure to specify the correct cgi php binary file name
    11. ## it might be /cgi-bin/php-cgi
    12.  
    13. #    Action php5-cgi /cgi-bin/php5-cgi
    14. #    AddHandler php5-cgi .php
    15.  
    16. ############################################
    17. ## GoDaddy specific options
    18.  
    19. #   Options -MultiViews
    20.  
    21. ## You might also need to add this line to php.ini
    22. ##     cgi.fix_pathinfo = 1
    23. ## If it still doesn't work, rename php.ini to php5.ini
    24.  
    25. ############################################
    26. ## This line is specific for 1and1 hosting
    27.  
    28.     #AddType x-mapp-php5 .php
    29.     #AddHandler x-mapp-php5 .php
    30.  
    31. ############################################
    32. ## Default index file
    33.  
    34.     DirectoryIndex index.php
    35.  
    36. <IfModule mod_php5.c>
    37. ############################################
    38. ## Adjust memory limit
    39.  
    40.     php_value memory_limit 756M
    41.     php_value max_execution_time 18000
    42.  
    43. ############################################
    44. ## Disable automatic session start
    45. ## before autoload was initialized
    46.  
    47.     php_flag session.auto_start off
    48.  
    49. ############################################
    50. # Disable user agent verification to not break multiple image upload
    51.  
    52.     php_flag suhosin.session.cryptua off
    53. </IfModule>
    54. <IfModule mod_php7.c>
    55. ############################################
    56. ## Adjust memory limit
    57.  
    58.     php_value memory_limit 756M
    59.     php_value max_execution_time 18000
    60.  
    61. ############################################
    62. ## Disable automatic session start
    63. ## before autoload was initialized
    64.  
    65.     php_flag session.auto_start off
    66.  
    67. ############################################
    68. ## Enable resulting html compression
    69.  
    70.     #php_flag zlib.output_compression on
    71.  
    72. ###########################################
    73. # Disable user agent verification to not break multiple image upload
    74.  
    75.     php_flag suhosin.session.cryptua off
    76. </IfModule>
    77.  
    78.  
    79. <IfModule mod_security.c>
    80. ###########################################
    81. # Disable POST processing to not break multiple image upload
    82.  
    83.     SecFilterEngine Off
    84.     SecFilterScanPOST Off
    85. </IfModule>
    86.  
    87. <IfModule mod_deflate.c>
    88.  
    89. ############################################
    90. ## Enable apache served files compression
    91. ## http://developer.yahoo.com/performance/rules.html#gzip
    92.  
    93.     # Insert filter on all content
    94.     ###SetOutputFilter DEFLATE
    95.     # Insert filter on selected content types only
    96.     #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
    97.  
    98.     # Netscape 4.x has some problems...
    99.     #BrowserMatch ^Mozilla/4 gzip-only-text/html
    100.  
    101.     # Netscape 4.06-4.08 have some more problems
    102.     #BrowserMatch ^Mozilla/4\.0[678] no-gzip
    103.  
    104.     # MSIE masquerades as Netscape, but it is fine
    105.     #BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    106.  
    107.     # Don't compress images
    108.     #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
    109.  
    110.     # Make sure proxies don't deliver the wrong content
    111.     #Header append Vary User-Agent env=!dont-vary
    112.  
    113. </IfModule>
    114.  
    115. <IfModule mod_ssl.c>
    116.  
    117. ############################################
    118. ## Make HTTPS env vars available for CGI mode
    119.  
    120.     SSLOptions StdEnvVars
    121.  
    122. </IfModule>
    123.  
    124. <IfModule mod_rewrite.c>
    125.  
    126. ############################################
    127. ## Enable rewrites
    128.  
    129.     Options +SymLinksIfOwnerMatch
    130.     RewriteEngine on
    131.  
    132. ############################################
    133. ## You can put here your magento root folder
    134. ## path relative to web root
    135.  
    136.     #RewriteBase /magento/
    137.  
    138. ############################################
    139. ## Workaround for HTTP authorization
    140. ## in CGI environment
    141.  
    142.     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    143.  
    144. ############################################
    145. ## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
    146.  
    147.     RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
    148.     RewriteRule .* - [L,R=405]
    149.  
    150. ############################################
    151. ## Never rewrite for existing files, directories and links
    152.  
    153.     RewriteCond %{REQUEST_FILENAME} !-f
    154.     RewriteCond %{REQUEST_FILENAME} !-d
    155.     RewriteCond %{REQUEST_FILENAME} !-l
    156.  
    157. ############################################
    158. ## Rewrite everything else to index.php
    159.  
    160.     RewriteRule .* index.php [L]
    161.  
    162. </IfModule>
    163.  
    164.  
    165. ############################################
    166. ## Prevent character encoding issues from server overrides
    167. ## If you still have problems, use the second line instead
    168.  
    169.     AddDefaultCharset Off
    170.     #AddDefaultCharset UTF-8
    171.  
    172. <IfModule mod_expires.c>
    173.  
    174. ############################################
    175. ## Add default Expires header
    176. ## http://developer.yahoo.com/performance/rules.html#expires
    177.  
    178.     ExpiresDefault "access plus 1 year"
    179.     ExpiresByType text/html A0
    180.     ExpiresByType text/plain A0
    181.  
    182. </IfModule>
    183.  
    184. ###########################################
    185. ## Deny access to release notes to prevent disclosure of the installed Magento version
    186.  
    187.     <Files RELEASE_NOTES.txt>
    188. #        <IfVersion < 2.4>
    189. #            order allow,deny
    190. #            deny from all
    191. #        </IfVersion>
    192. #        <IfVersion >= 2.4>
    193.             Require all denied
    194. #        </IfVersion>
    195.     </Files>
    196.  
    197. # For 404s and 403s that aren't handled by the application, show plain 404 response
    198. ErrorDocument 404 /errors/404.php
    199. ErrorDocument 403 /errors/404.php
    200.  
    201. ############################################
    202. ## If running in cluster environment, uncomment this
    203. ## http://developer.yahoo.com/performance/rules.html#etags
    204.  
    205.     #FileETag none
    206.  
    207. ###########################################
    208. ## Deny access  to cron.php
    209.     <Files cron.php>
    210. #        <IfVersion < 2.4>
    211. #            order allow,deny
    212. #            deny from all
    213. #        </IfVersion>
    214. #        <IfVersion >= 2.4>
    215.             Require all denied
    216. #        </IfVersion>
    217.     </Files>
    218. ## Deny access  to .user.ini
    219.     <Files .user.ini>
    220. #        <IfVersion < 2.4>
    221. #            order allow,deny
    222. #            deny from all
    223. #        </IfVersion>
    224. #        <IfVersion >= 2.4>
    225.             Require all denied
    226. #        </IfVersion>
    227.     </Files>
    228.  
    229. <IfModule mod_headers.c>
    230.     ############################################
    231.     ## Prevent clickjacking
    232.     Header set X-Frame-Options
							
      
								
      
									
      Content