Improve Performance, Stability and Security of Joomla 3.5 with htaccess
With a small change to the default Joomla's htaccess, with can improve Performance, Stability and Security of the CMS.
Ingredients
1) Server / Hosting based on Linux with Apache >2.0
2) In Global Configuration:
Search Engine Friendly URLs and Use URL Rewriting ► YES
3) Rename htaccess.txt in .htaccess
4) At the end of .htaccess, put this:
## GENERAL
#################################################################################
ServerSignature Off
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
RewriteCond %{THE_REQUEST} (\\r|\\n|%0A|%0D) [NC,OR]
#################################################################################
## ETAG
#################################################################################
Header unset ETag
FileETag None
#################################################################################
## COMPRESSION
#################################################################################
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|ico|svg)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:avi|mov|mp3|mp4|rm|flv|swf|mp?g)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.mp3$ no-gzip dont-vary
</IfModule>
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
</IfModule>
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist
# and the client accepts gzip.
RewriteCond "%{HTTP:Accept-encoding}" "gzip"
RewriteCond "%{REQUEST_FILENAME}\.gz" -s
RewriteRule "^(.*)\.css" "$1\.css\.gz" [QSA]
# Serve gzip compressed JS files if they exist
# and the client accepts gzip.
RewriteCond "%{HTTP:Accept-encoding}" "gzip"
RewriteCond "%{REQUEST_FILENAME}\.gz" -s
RewriteRule "^(.*)\.js" "$1\.js\.gz" [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1]
RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header append Content-Encoding gzip
# Force proxies to cache gzipped &
# non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
#################################################################################
## EXPIRES CACHING
#################################################################################
<IfModule mod_expires.c>
ExpiresActive on
# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
ExpiresByType text/cache-manifest "access plus 0 seconds"
# Data
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"
# Feed
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/atom+xml "access plus 1 hour"
# Favicon (cannot be renamed)
AddType image/x-icon .ico
ExpiresByType image/x-icon "access plus 1 year"
# Media: images, video, audio
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
# HTC files (css3pie)
ExpiresByType text/x-component "access plus 1 month"
# Webfonts
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
# CSS and JavaScript
ExpiresByType text/css "access plus 1 year"
ExpiresByType text/javascript "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType application/x-javascript "access plus 1 year"
</IfModule>
#################################################################################
## HEADER
#################################################################################
<IfModule mod_headers.c>
RequestHeader unset Range
Header set Timing-Allow-Origin: "*"
Header set X-Content-Type-Options "nosniff"
<FilesMatch "\.(js|css|xml|gz)$">
Header append Vary: Accept-Encoding
</FilesMatch>
## UNSET COOKIES
################################################
<FilesMatch "\.(js|css|jpg|png|jpeg|gif|xml|json|txt|pdf|mov|avi|otf|woff|ico|swf)$">
RequestHeader unset Cookie
Header unset Cookie
Header unset Set-Cookie
</FilesMatch>
################################################
## COMPATIBILITY
################################################
Header set X-UA-Compatible "IE=edge"
<FilesMatch "(?i)^.*\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svg|svgz|ttf|vcf|webm|webp|woff|xml|xpi)$">
Header unset X-UA-Compatible
</FilesMatch>
################################################
## SECURITY
################################################
Header set X-XSS-Protection "1; mode=block"
<FilesMatch "(?i)^.*\.(appcache|crx|css|cur|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svgz?|ttf|vcf|webapp|webm|webp|woff|xml|xpi)$">
Header unset X-XSS-Protection
</FilesMatch>
################################################
</IfModule>
#################################################################################
## CROSS-ORIGIN
#################################################################################
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
<FilesMatch "\.(bmp|cur|gif|ico|jpe?g|png|svgz?|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(eot|otf|tt[cf]|woff2?)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
#################################################################################
## JOOMLA & SYSTEM CONFIG
###############################################
php_flag register_globals Off
php_flag magic_quotes On
php_flag magic_quotes_gpc Off
php_flag magic_quotes_runtime Off
php_flag magic_quotes_sybase Off
php_flag display_errors off
php_value default_charset "utf-8"
### disable caching for development/debugging purposes
#Header unset Cache-Control
#Header set Cache-Control: "no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0"
#Header unset ETag
#Header set Pragma "no-cache"
#Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
Now you can check Header and Performance with these Online Free Tools:
° RedBot
° PageSpeed Insights by Google
° Webpagetest
° GTmetrix
Sono Il Re sul Carro Danzante. Attraversando La Città Getto Via I Coriandoli Della Vostra Tristezza Regalando Passione Ed Estasi Nei Vostri Occhi.
Follow Trony on: FusoElektronique | Facebook | Twitter | Soundcloud
Please Log in or Create an account to join the conversation.
You might also be interested...
Community and Web Radio of Electronic Music since July 2008. Rome, Italy
Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) 2021.
About us | Our team | Cookie Policy | Privacy Policy | Terms and Conditions | Contact us | Sitemap
