# Use the front controller as index file. It serves as a fallback solution when # every other rewrite/redirect fails (e.g. in an aliased environment without # mod_rewrite). Additionally, this reduces the matching process for the # start page (path "/") because otherwise Apache will apply the rewriting rules # to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl). #DirectoryIndex index.php RewriteEngine On # Set Authorization header for OAuth2 for when php is running under fcgi RewriteCond %{HTTP:Authorization} .+ RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # Determine the RewriteBase automatically and set it as environment variable. # If you are using Apache aliases to do mass virtual hosting or installed the # project in a subdirectory, the base path will be prepended to allow proper # resolution of the app.php file and to redirect to the correct URI. It will # work in environments without path prefix as well, providing a safe, one-size # fits all solution. But as you do not need it in this case, you can comment # the following 2 lines to eliminate the overhead. RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ RewriteRule ^(.*) - [E=BASE:%1] # Redirect to URI without front controller to prevent duplicate content # (with and without `/app.php`). Only do this redirect on the initial # rewrite by Apache and not on subsequent cycles. Otherwise we would get an # endless redirect loop (request -> rewrite to front controller -> # redirect -> request -> ...). # So in case you get a "too many redirects" error or you always get redirected # to the start page because your Apache does not expose the REDIRECT_STATUS # environment variable, you have 2 choices: # - disable this feature by commenting the following 2 lines or # - use Apache >= 2.3.9 and replace all L flags by END flags and remove the # following RewriteCond (best solution) RewriteCond %{ENV:REDIRECT_STATUS} ^$ RewriteRule ^index\.php(/(.*)|$) %{ENV:BASE}/$2 [R=301,L] # If the requested filename exists, simply serve it. # We only want to let Apache serve files and not directories. RewriteCond %{REQUEST_FILENAME} -f RewriteRule .? - [L] # Rewrite all other queries to the front controller. RewriteRule .? %{ENV:BASE}/index.php [L] # When mod_rewrite is not available, we instruct a temporary redirect of # the start page to the front controller explicitly so that the website # and the generated links can still be used. RedirectMatch 302 ^(?!/(index\.php|app|addons|plugins|media|upgrade))(/(.*))$ /index.php$2 # RedirectTemp cannot be used instead # @link https://github.com/mautic/mautic/issues/1504 php_value always_populate_raw_post_data -1 AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/vnd.ms-fontobject AddOutputFilterByType DEFLATE application/x-font AddOutputFilterByType DEFLATE application/x-font-opentype AddOutputFilterByType DEFLATE application/x-font-otf AddOutputFilterByType DEFLATE application/x-font-truetype AddOutputFilterByType DEFLATE application/x-font-ttf AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE font/opentype AddOutputFilterByType DEFLATE font/otf AddOutputFilterByType DEFLATE font/ttf AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE image/x-icon AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/javascript # Do not enable compression for file types that could contain secrets #AddOutputFilterByType DEFLATE text/html #AddOutputFilterByType DEFLATE text/plain #AddOutputFilterByType DEFLATE text/xml #AddOutputFilterByType DEFLATE application/xhtml+xml #AddOutputFilterByType DEFLATE application/xml #AddOutputFilterByType DEFLATE application/json # Remove browser bugs (only needed for really old browsers) BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html Header append Vary User-Agent # Apache 2.4+ # Deny access via HTTP requests to all PHP files. Require all denied # Deny access via HTTP requests to composer files. Require all denied # Except those allowed below. Require all granted # Fallback for Apache < 2.4 # Deny access via HTTP requests to all PHP files. Order deny,allow Deny from all # Deny access via HTTP requests to composer files Order deny,allow Deny from all # Except those allowed below. Order allow,deny Allow from all