I'm not even sure if I'm describing this problem correctly. I think the main thing I want to know is how I can trace the source of these requests in the code.
The problem had occurred before and I "solved" it by adding a deny to .htaccess against the IP of the server itself.
The problem reoccurred suddenly and for no apparent reason. My .htaccess setting lost its magical protective power. No changes were made in the code. Around the time of the reccurrence, I changed a config setting to add a cookie domain. I tried changing it back to blank, and I tried deleting all session files (and Magento cache). If the sessions setting caused the recurrence, that should have fixed it but it didn't.
The only thing that "fixed" it was turning off the Magento setting for web server rewrites for "clean" urls along with commenting out this line in .htacces:
RewriteRule .* index.php [L]
The site now "works", with ugly urls and, mysteriously, incredibly degraded performance. 10-20 seconds for pages to load that used to take 1-2. PHP and MySQL appear to function normally now.
But with original setting after the problem happened, I was seeing a bunch of PHP instances in top from the command line. MySQL SHOW PROCESSLIST shoeds an ever-increasing quantity of sleeping processes. And my Magento website's session folder continuously added new sessions (about 1 new session per second, even though my client browser IP address was the ONLY one allowed by htaccess during this test).
From the browser on the client side, most requests time out, and rarely the page does load after a VERY long time (10+ minutes - PHP max_execution_time is long to allow for long import/export processes to complete).
A static index.php that just echoes "it works" loads without any weird errors.
I have no idea what the problem is. Is it malicious code? Is it some problem with session handling? Could it even be related to DNS? I could make progress solving the problem if I could trace the source of the "zombie" requests somehow.
EDIT: Here is my complete .htaccess file, with some things redacted ( I changed IP addresses)
############################################
## default index file
DirectoryIndex index.php
<IfModule mod_php5.c>
############################################
## adjust memory limit
# php_value memory_limit 512M
# php_value max_execution_time 10
php_value max_input_time 18000
############################################
## disable magic quotes for php request vars
php_flag magic_quotes_gpc off
############################################
## disable automatic session start
## before autoload was initialized
php_flag session.auto_start off
############################################
## enable resulting html compression
php_flag zlib.output_compression on
###########################################
# disable user agent verification to not break multiple image upload
php_flag suhosin.session.cryptua off
###########################################
# turn off compatibility with PHP4 when dealing with objects
php_flag zend.ze1_compatibility_mode Off
</IfModule>
<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
<IfModule mod_deflate.c>
############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip
# Insert filter
SetOutputFilter DEFLATE
# Netscape 4.x has some problemsÂ~E
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# DonÂ~Rt compress images
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies donÂ~Rt deliver the wrong content
Header append Vary User-Agent env=!dont-vary
# enable resulting html compression
#php_flag zlib.output_compression on
</IfModule>
<IfModule mod_ssl.c>
############################################
## make HTTPS env vars available for CGI mode
SSLOptions StdEnvVars
</IfModule>
<IfModule mod_rewrite.c>
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
# if site is at raw ip/user url like http://111.22.33.44/~users_folder/
# RewriteBase /~users_folder/
RewriteBase /
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead
AddDefaultCharset Off
#AddDefaultCharset UTF-8
<IfModule mod_expires.c>
############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires
ExpiresActive On
ExpiresDefault "access plus 1 year"
#ExpiresDefault "access plus 1 year"
</IfModule>
############################################
## By default allow all access
Order allow,deny
Allow from all
#try denying own ip. it seems like it is sending the requests!
#this server ip e.g. 111.22.33.44
# this hack "fixed" the problem a long time ago.
Deny from 111.22.33.44
# Order deny,allow
# Deny from all
# Allow from [particular IP for testing]
<FilesMatch "\.(?:inc|ini|txt|tar|gz|sql|sh|zip|htm|html|log)$|apc.php">
Order allow,deny
Deny from all
</FilesMatch>
############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags
FileETag none
Options All -Indexes
# 4 Weeks
<FilesMatch "\.(html|htm|phtml)$">
Header set Cache-Control "max-age=2419200, must-revalidate"
</FilesMatch>
<FilesMatch "\.(js|css|swf)$">
Header set Cache-Control "max-age=2419200"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|PNG|JPEG|GIF|SWF|JPG)$">
Header set Cache-Control "max-age=2419200, public"
</FilesMatch>
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
# compress text, HTML, JavaScript, CSS, and XML
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/phtml
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
# remove browser bugs
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Default directive
ExpiresDefault "access plus 1 month"
# My favicon
ExpiresByType image/x-icon "access plus 1 year"
# Images
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/GIF "access plus 1 month"
ExpiresByType image/PNG "access plus 1 month"
ExpiresByType image/JPG "access plus 1 month"
ExpiresByType image/JPEG "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
# CSS
ExpiresByType text/css "access 1 month"
# Javascript
ExpiresByType application/javascript "access plus 1 year"
</IfModule>
Related
I have those lines in the .htaccess file.
# BEGIN WordPress
# The directives (lines) between BEGIN WordPress and END WordPress are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^file-pdf.php$ wp-content/themes/astra-child/filepdf.php [QSA,L,NC]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
The line number 4 is extremely important because this is an alias that, on click, it takes to another file. I MUST maintain this line where she is.
Line N°4
RewriteRule ^file-pdf.php$ wp-content/themes/astra-child/filepdf.php [QSA,L,NC]
I do use just a few plugins, but it happens that this specific line it`s been removed from the .htaccess and this breaks the application functionality.
I have read some points in this online tutorial, i did not find a solution for my case.
online Tutorial
What should I do please to maintain this line in this block of code without to be removed from any plugin update or even the future wordpress releases updates?
As I said. this line is actually an alias that leads to another file and I haven't found a better way to make an alias. So I need to keep this line at that block position. Or use another alternative that I don't know, but that might work.
Thank you so much in advance.
Here it follows the whole code from the .htaccess file in use.
# 1° - Deny access to anyone surfing for it - 15:15 09.03.2021
<files wp-config.php>
order allow,deny
deny from all
</files>
# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
<IfModule LiteSpeed>
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]
RewriteRule \.litespeed_conf\.dat - [F,L]
### marker FAVICON start ###
RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400]
### marker FAVICON end ###
### marker DROPQS start ###
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:utm*
CacheKeyModify -qs:_ga
### marker DROPQS end ###
</IfModule>
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN NON_LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
### marker BROWSER CACHE start ###
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType application/pdf A31557600
ExpiresByType image/x-icon A31557600
ExpiresByType image/vnd.microsoft.icon A31557600
ExpiresByType image/svg+xml A31557600
ExpiresByType image/jpg A31557600
ExpiresByType image/jpeg A31557600
ExpiresByType image/png A31557600
ExpiresByType image/gif A31557600
ExpiresByType image/webp A31557600
ExpiresByType video/ogg A31557600
ExpiresByType audio/ogg A31557600
ExpiresByType video/mp4 A31557600
ExpiresByType video/webm A31557600
ExpiresByType text/css A31557600
ExpiresByType text/javascript A31557600
ExpiresByType application/javascript A31557600
ExpiresByType application/x-javascript A31557600
ExpiresByType application/x-font-ttf A31557600
ExpiresByType application/x-font-woff A31557600
ExpiresByType application/font-woff A31557600
ExpiresByType application/font-woff2 A31557600
ExpiresByType application/vnd.ms-fontobject A31557600
ExpiresByType font/ttf A31557600
ExpiresByType font/otf A31557600
ExpiresByType font/woff A31557600
ExpiresByType font/woff2 A31557600
</IfModule>
### marker BROWSER CACHE end ###
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END NON_LSCACHE
# BEGIN WordPress
# The directives (lines) between BEGIN WordPress and END WordPress are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^pdf-one.php$ wp-content/themes/astra-child/convertpdf.php [QSA,L,NC]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# 3° - BEGIN BLOCK THE INCLUDE-ONLY FILES.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# END BLOCK THE INCLUDE-ONLY FILES.
# 4° - BEGIN STOPS BOTS TRYING TO REGISTER IN WORDPRESS SITES THAT HAVE REGISTRATION DISABLED
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ^action=register$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^.*registration=disabled$ [NC]
RewriteRule (.*) - [F]
</IfModule>
# 4° - END STOPS BOTS TRYING TO REGISTER IN WORDPRESS SITES THAT HAVE REGISTRATION DISABLED
# 5° - BEGIN BLOCK TRACE & TRACK REQUEST METHODS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)$
RewriteRule (.*) - [F]
</IfModule>
# 5° - END BLOCK TRACE & TRACK REQUEST METHODS
# 6° - BEGIN mod_deflate - website faster
<IfModule mod_deflate.c>
# Insert filters / compress text, html, javascript, css, xml:
# mod_deflate can be used for Apache v2 and later and is the recommended GZip mechanism to use
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/vtt
AddOutputFilterByType DEFLATE text/x-component
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/js
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/ld+json
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/font-sfnt
AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE font/sfnt
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
# Exception: Images
SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png)$ no-gzip dont-vary
# Drop problematic browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
</IfModule>
# 6° - END mod_deflate - website faster
# 7° START - EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 week"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType application/rdf+xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType application/ld+json "access plus 0 seconds"
ExpiresByType application/schema+json "access plus 0 seconds"
ExpiresByType application/vnd.geo+json "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType image/vnd.microsoft.icon "access plus 1 month"
ExpiresByType text/html "access plus 1 minute"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 months"
ExpiresByType application/x-javascript "access plus 1 months"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType image/bmp "access plus 1 month"
ExpiresByType image/webp "access plus 1 month"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
ExpiresByType text/plain "access plus 1 month"
ExpiresByType text/x-component "access plus 1 month"
ExpiresByType application/manifest+json "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType font/eot "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/font-woff2 "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType font/woff "access plus 1 month"
</IfModule>
# 7° - END EXPIRES CACHING ##
# 8° - BEGIN Alternative caching using Apache's "mod_headers", if it's installed.
#Caching of common files - ENABLED
<IfModule mod_headers.c>
# 1 Month
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
# 2 DAYS
<FilesMatch "\.(xml|txt)$">
Header set Cache-Control "max-age=172800, public, must-revalidate"
</FilesMatch>
# 2 HOURS
<FilesMatch "\.(html|htm)$">
Header set Cache-Control "max-age=7200, must-revalidate"
</FilesMatch>
</IfModule>
# 8° - END Alternative caching using Apache's "mod_headers", if it's installed.
# 9° BEGIN
<IfModule mod_headers.c>
<FilesMatch "\.(js|css|xml|gz|html|ttf)$">
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>
# 9° END
# 10° - BEGIN Set Keep Alive Header
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>
# 10° - END Set Keep Alive Header
# 11° - BEGIN If your server don't support ETags deactivate with "None" (and remove header)
<IfModule mod_expires.c>
<IfModule mod_headers.c>
Header unset ETag
</IfModule>
FileETag None
</IfModule>
# 11° - END If your server don't support ETags deactivate with "None" (and remove header)
# 14° - BEGIN adding font MIME types
<IfModule mod_mime.c>
AddType application/vnd.ms-fontobject .eot
AddType application/x-font-opentype .otf
AddType image/svg+xml .svg
AddType application/x-font-ttf .ttf
AddType application/font-woff .woff
AddType application/font-woff2 .woff2
</IfModule>
# 14° - END
# 15° BEGIN DS-XML-RPC-API
# BEGIN WordPress
# The directives (lines) between "BEGIN DS-XML-RPC-API" and "END DS-XML-RPC-API" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<Files xmlrpc.php>
order deny,allow
deny from all
Allow from 122.248.245.244/32
Allow from 54.217.201.243/32
Allow from 54.232.116.4/32
Allow from 192.0.80.0/20
Allow from 192.0.96.0/20
Allow from 192.0.112.0/20
Allow from 195.234.108.0/22
Allow from 192.0.96.202/32
Allow from 192.0.98.138/32
Allow from 192.0.102.71/32
Allow from 192.0.102.95/32
</Files>
# 15° END DS-XML-RPC-API
# 16° BEGIN SECURITY POLICIES HEADER PROTOCOL
#
<IfModule mod_headers.c>
Header always set Content-Security-Policy "
default-src 'self' 5pila.com 'unsafe-inline';
script-src 'unsafe-eval';
# script-src 'self' https://m.addthis.com/live/red_lojson/300lo.json https://s7.addthis.com/js/300/addthis_widget.js https://z.moatads.com/addthismoatframe568911941483/moatframe.js;
# script-src-elem 'self' https://s7.addthis.com/js/300/addthis_widget.js?ver=80f4fcb896a389b28de3cdecff635a74;
script-src 'self' google-analytics.com ajax.googleapis.com;
script-src 'self' https://5pila.com/wp-content/themes/astra-child/assets/js/jquery-3.5.1.min.js?ver=1.0.0;
script-src 'self' https://5pila.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.4.6;
script-src 'unsafe-inline';
font-src 'self' https://fonts.gstatic.com;
font-src 'self' https://5pila.com/wp-content/themes/astra-child/assets/css/fonts/Roboto-Thin.woff?ver=2.4.5.1592433682;
font-src 'self' https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2;
font-src 'self' https://fonts.googleapis.com/css?family=Raleway:400,300,200,500,600,700;
font-src 'self' https://fonts.googleapis.com/css?family=Roboto+Condensed:300,300italic,regular,italic,700,700italic&subset=latin-ext,greek-ext,cyrillic-ext,greek,vietnamese,latin,cyrillic;
base-uri 'self';
worker-src 'none';
img-src 'self' 5pila.com;
img-src https://5pila.com;
";
</IfModule>
# 16° END SECURITY POLICIES HEADER PROTOCOL
#
## 17° BEGIN
<IfModule mod_headers.c>
Header always set Permissions-Policy "geolocation=(),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=(),sync-xhr=(),accelerometer=()"
##Header always set Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();accelerometer=();gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);"
##Header always set Permissions-Policy "geolocation=(), midi=(),accelerometer=(), gyroscope=(), magnetometer=(), payment=(), camera=(), microphone=(), usb=()"
</IfModule>
## 17° END
## 18° BEGIN
<IfModule mod_headers.c>
Header always set Upgrade-Insecure-Requests: 1
</IfModule>
## 18° END
## 19° BEGIN
<IfModule mod_headers.c>
Header always set Cross-Origin-Embedder-Policy: "unsafe-none"
</IfModule>
## 19° END
## 20° BEGIN
<IfModule mod_headers.c>
Header always set Cross-Origin-Opener-Policy "same-origin"
</IfModule>
## 20° END
## 21° BEGIN
<IfModule mod_headers.c>
Header always set Cross-Origin-Resource-Policy "same-site"
</IfModule>
## 21° END
## 22° BEGIN
<IfModule mod_headers.c>
Header always set NEL "{}"
</IfModule>
## 22° END
## 23° BEGIN
<IfModule mod_headers.c>
Header always set Report_to "{}"
</IfModule>
## 23° END
## 24° BEGIN
<IfModule mod_headers.c>
Header always set Expect-CT "max-age=7776000, enforce, report-uri=https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
</IfModule>
## 24° END
## 25° BEGIN
<IfModule mod_headers.c>
Header always set Alt-Svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
</IfModule>
## 25° END
## 26° BEGIN
# off: Esta diretiva desativa a pré-busca de DNS.
# Isso é útil se você não monitora a referência das páginas
# ou se sabe que não deseja vazar informações para esses sites
<IfModule mod_headers.c>
Header always set X-DNS-Prefetch-Control "off"
</IfModule>
## 26° END
# END SECURITY POLICIES HEADER PROTOCOL
#
## 27° BEGIN
# BEGIN HARDEN YOUR .HTACCESS AND WP-CONFIG.PHP FILES
<files wp-config.php>
order allow,deny
deny from all
</files>
## 27° END
## 28° BEGIN
<Files .htaccess>
order allow,deny
deny from all
</Files>
# END HARDEN YOUR .HTACCESS AND WP-CONFIG.PHP FILES
## 28° BEGIN
# 29° BEGIN REDIRECTING HTTP TO HTTPS TRAFFIC ON APACHE
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
[L,R=301]
</IfModule>
# 29° END REDIRECTING HTTP TO HTTPS TRAFFIC ON APACHE
## 30° BEGIN
# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file '/home/pilacom/public_html/wordfence-waf.php'
</IfModule>
<IfModule
lsapi_module>
php_value auto_prepend_file '/home/pilacom/public_html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule
mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# 30° END Wordfence WAF
## 31° BEGIN
# Disable Directory Indexing and Browsing
Options -Indexes
## 31° END
# 32° - BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php7_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 256M
php_value post_max_size 8M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php72"
php_value upload_max_filesize 2M
php_flag zlib.output_compression On
</IfModule>
<IfModule lsapi_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 256M
php_value post_max_size 8M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php72"
php_value upload_max_filesize 2M
php_flag zlib.output_compression On
</IfModule>
# 32° - END cPanel-generated php ini directives, do not edit
## 33° BEGIN
## 33° END
# BEGIN DS-XML-RPC-API
# As diretrizes (linhas) entre "BEGIN DS-XML-RPC-API" e "END DS-XML-RPC-API" são
# geradas dinamicamente e só devem ser modificadas através de filtros do WordPress.
# Quaisquer alterações nas diretivas entre esses marcadores serão sobrescritas.
<Files xmlrpc.php>
order deny,allow
deny from all
Allow from 122.248.245.244/32
Allow from 54.217.201.243/32
Allow from 54.232.116.4/32
Allow from 192.0.80.0/20
Allow from 192.0.96.0/20
Allow from 192.0.112.0/20
Allow from 195.234.108.0/22
Allow from 192.0.96.202/32
Allow from 192.0.98.138/32
Allow from 192.0.102.71/32
Allow from 192.0.102.95/32
</Files>
# END DS-XML-RPC-API
# BEGIN PREVENT HOTLINKING
# RewriteEngine on
# RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?5pila.com [NC]
# RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
# END PREVENT HOTLINKING
# BEGIN DS-XML-RPC-FIX-HOTLINK
# As diretrizes (linhas) entre "BEGIN DS-XML-RPC-FIX-HOTLINK" e "END DS-XML-RPC-FIX-HOTLINK" são
# geradas dinamicamente e só devem ser modificadas através de filtros do WordPress.
# Quaisquer alterações nas diretivas entre esses marcadores serão sobrescritas.
# END DS-XML-RPC-FIX-HOTLINK
# sends all requests for “/” to “/Site/am/index.php”
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php72” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php72___lsphp .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
I MUST maintain this line where she is.
That directive does not need to go inside the WordPress code block. You should place that directive before the # BEGIN WordPress comment marker. And this will prevent it from being overwritten by WordPress. In fact, you could place your custom rules at the very top of the file to make them easier to find/maintain.
It will work exactly the same.
You do not need to enclose it in an <IfModule> container like the other directives. And you should not repeat the RewriteEngine On and RewriteBase / directives. (The order of these particular directives do not matter. In fact, the last instance "wins" and controls the entire file.)
For example:
# Custom rules
RewriteRule ^file-pdf\.php$ wp-content/themes/astra-child/filepdf.php [L,NC]
# BEGIN WordPress
:
Don't forget to backslash-escape literal dots in the RewriteRule pattern. The QSA flag is not required here.
Aside:
However, some of your other rules are in the wrong order and so are not working as they should be. For instance:
The section # 29° BEGIN REDIRECTING HTTP TO HTTPS should be near the top of the file, before the WordPress code block / front-controller. By placing this after the WP front-controller it's simply never going to be processed for anything other than static resources.
Sections # 4° and # 5° should also be before the WordPress code block, otherwise they are not going to block the requests they are supposed to block. Generally, blocking directives should be at the top.
You also have 3 blocks of caching directives that conflict/override each other. However, no one block would seem to be the "master" and your current caching scheme appears to be a mixture of all 3!
I am trying to optimize my store, I have added Gzip Code and Leverage Browser Cache Code in my .htaccess File:
# Leverage browser caching using mod_expires #
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
# End of Leverage browser caching using mod_expires #
# Leverage browser caching using mod_headers #
<IfModule mod_headers.c>
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Expires "Wed, 15 Apr 2020 20:00:00 GMT"
Header set Cache-Control "public"
</FilesMatch>
</IfModule>
# End of Leverage browser caching using mod_headers #
Enable Apache mod_headers and mod_expires modules
Please check mod_expires and mod_headers are enable or not on your store through the below code.
<?php phpinfo();?>
If both extension not unable to your server,please follow following steps:-
Step 1 :-
Now login to server using SSH console and continue below steps:
To enable mod_headers:
sudo a2enmod headers
To enable mod_expires:
sudo a2enmod expires
Step 2 :-
after completing the server update, you need to restart Apache server
to make these changes effective. Enter below line in your SSH console
to restart Apache.
service apache2 restart
Or else reboot your server by following code in SSH:
reboot
Use following code in your .htaccess file.
<IfModule mod_headers.c>
# YEAR
<FilesMatch "\.(ico|gif|jpg|jpeg|png|flv|pdf)$">
Header set Cache-Control "max-age=29030400"
</FilesMatch>
# WEEK
<FilesMatch "\.(js|css|swf|woff)$">
Header set Cache-Control "max-age=604800"
</FilesMatch>
# 45 MIN
<FilesMatch "\.(html|htm|txt)$">
Header set Cache-Control "max-age=86400"
</FilesMatch>
Header set Connection keep-alive
</IfModule>
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl|asp|html)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript
</ifmodule>
After clear your store cache and reload your website URL,recheck gtmetrix tool or whatever you are using tool.
Here is the code for GZIP compression
<ifModule mod_deflate.c>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css text/plain text/xml application/x-javascript application/x-httpd-php
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip
Header append Vary User-Agent env=!dont-vary
</ifModule>
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
and for Leverage browser caching your code is correct but if its not working then you have to check that mod_expires and mod_headers modules are enabled or not on your server.
My main website is:
http://sandybeachit.co.uk
I have a wordpress site setup at my addon-domain:
[http://imadeitviral.com][1]
The wordpress site is in:
/hosting/imadeitviral
The above address can be found here on the primary site under sandybeachit.co.uk/hosting/imadeitviral/
I have got the site url and home set to "http:// imadeitviral.com" (without the space between "http:// and madeitviral.com"
But when you go imadeitviral.com the site attempts to load my primary site at sandybeachit.co.uk except the site does not load correctly, you can try it and your see what i mean.
If i set the wordpress site url and home to pointing to "sandybeachit.co.uk/hosting/imadeitviral" the site will load fine, so i know i have got something wrong, but i can not figure out what.
I have tried removing the .htaccess file in my main domain and editing it so i an sure its not that is the problem as well as the .htaccess file in the wordpress folder.
I did the install via Site Software Softaculous Apps Installer
Can i get some pointers as to what i have done wrong or missed ?
Thanks
HTACCESS FILE IN WORDPRESS DIRECTORY:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /hosting/imadeitviral/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /hosting/imadeitviral/index.php [L]
</IfModule>
# END WordPress
HTACCESS FILE IN MAIN DIRECTORY:
RewriteCond %{HTTP_HOST} ^(www\.)?imadeitviral\.com
RewriteRule .* - [L]
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*)/$ /$1.php [L]
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule .*[^/]$ /$0/ [L,R=301]
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
#RULES ADDED AFTER 14TH JANUARY 2017
# Set Timezone
<IfModule !fcgid_module>
php_value date.timezone "Europe/London"
</IfModule>
# Disable directory browsing
Options All -Indexes
### Security - Disable HTTP Track and Trace
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
#DENY ACCESS - START
<FilesMatch "config.php|\.tpl$">
Order allow,deny
Deny from all
</FilesMatch>
#DENY ACCESS - END
# One year for image files
<filesMatch ".(jpg|jpeg|png|gif|ico)$">
Header set Cache-Control "max-age=31536000, public"
</filesMatch>
# One month for css and js
<filesMatch ".(css|js)$">
Header set Cache-Control "max-age=2628000, public"
</filesMatch>
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)(\.gz)?$">
Header set Expires "Thu, 15 Apr 2012 20:00:00 GMT"
Header unset ETag
FileETag None
</FilesMatch>
# BEGIN EXPIRES
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 10 days"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/plain "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType application/x-icon "access plus 1 year"
</IfModule>
# END EXPIRES
# GZIP BEGIN - COMPRESS - .CSS .JS .HTML .XHTML .PHP .TXT
#Gzip
<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x- javascript application/javascript
</ifmodule>
#End Gzip
<IfModule mod_deflate.c>
#The following line is enough for .js and .css
AddOutputFilter DEFLATE js css
#The following line also enables compression by file content type, for the following list of Content-Type:s
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml
#The following lines are to avoid bugs with some browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>
<ifModule mod_headers.c>
Header unset Vary
Header set Vary "Accept-Encoding, X-HTTP-Method-Override, X-Forwarded-For, Remote-Address, X-Real-IP, X-Forwarded-Proto, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Server"
</ifModule>
After a little more testing:
What i am finding is if i goto:
imadeitviral.com/
The site loads
As soon as i go into:
imadeitviral.com/wp-admin
after a short while the site times out to a 404 with the message:
"Not Found
The requested URL /wp-admin/plugins.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."
I'm trying to move my wordpress blog to https, however I tried many things but all of them give me a redirect loop error.
This is my current htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
<IfModule mod_deflate.c>
#The following line is enough for .js and .css
AddOutputFilter DEFLATE js css
AddOutputFilterByType DEFLATE text/plain text/xml application/xhtml+xml text/css application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php application/x-httpd-fastphp text/html
#The following lines are to avoid bugs with some browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>
# BEGIN EXPIRES
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 10 days"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/plain "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType application/x-icon "access plus 1 year"
</IfModule>
# END EXPIRES
<IfModule mod_headers.c>
<FilesMatch "\.(js|css|xml|gz)$">
Header append Vary Accept-Encoding
</FilesMatch>
<FilesMatch "\.(ico|jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
<FilesMatch "\.(css)$">
Header set Cache-Control "public"
</FilesMatch>
<FilesMatch "\.(js)$">
Header set Cache-Control "private"
</FilesMatch>
<FilesMatch "\.(x?html?|php)$">
Header set Cache-Control "private, must-revalidate"
</FilesMatch>
</IfModule>
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
And i added this to wp-config.php:
/* SSL Settings */
define('FORCE_SSL_ADMIN', true);
/* Turn HTTPS 'on' if HTTP_X_FORWARDED_PROTO matches 'https' */
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
$_SERVER['HTTPS'] = 'on';
This are the different variants I tried to redirect to https:
Variant 1:
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Variant 2
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://example.com/$1 [R,L]
Variant 3
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]
All of them give me a redirect loop, any idea how I can fix this?
Thanks
Just fixed it with Really Simple SSL plugin for wordpress, If anyone is having this problem I recommend you try it.
You shouldn't need to use a plugin nor touch the .htaccess of your WordPress installation to get it to work on HTTPS. Change the Site and WordPress URLs in the admin area within Settings > General.
Here is a useful guide on how to change the site URLs.
You can also just force it within the admin area only by putting the following in your config.php file (in the WordPress root), although having it everywhere is best.
define('FORCE_SSL_ADMIN', true);
Generally though, I'd avoid using a plugin for something like this which can be done natively and easily too.
I have just downloaded my Magento website from its online server (where it works fine) to a local MAMP installation (MAMP/htdocs/My Site/). For some reason, whatever page I try to access on my local site, I land on my (custom) 404 Error page.
This does not happen with the other local sites I manage with MAMP.
After looking around for a solution, I have checked that mod_rewrite is correctly loaded and enabled: MAMP/conf/apache/httpd.conf does include LoadModule rewrite_module modules/mod_rewrite.so and here is the content of my .htaccess:
############################################
## uncomment these lines for CGI mode
## make sure to specify the correct cgi php binary file name
## it might be /cgi-bin/php-cgi
# Action php5-cgi /cgi-bin/php5-cgi
# AddHandler php5-cgi .php
############################################
## GoDaddy specific options
# Options -MultiViews
## you might also need to add this line to php.ini
## cgi.fix_pathinfo = 1
## if it still doesn't work, rename php.ini to php5.ini
############################################
## this line is specific for 1and1 hosting
#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php
############################################
## default index file
DirectoryIndex index.php
<IfModule mod_php5.c>
############################################
## adjust memory limit
# php_value memory_limit 64M
php_value memory_limit 256M
php_value max_execution_time 18000
############################################
## disable magic quotes for php request vars
php_flag magic_quotes_gpc off
############################################
## disable automatic session start
## before autoload was initialized
php_flag session.auto_start off
############################################
## enable resulting html compression
php_flag zlib.output_compression on
###########################################
# disable user agent verification to not break multiple image upload
php_flag suhosin.session.cryptua off
###########################################
# turn off compatibility with PHP4 when dealing with objects
php_flag zend.ze1_compatibility_mode Off
</IfModule>
<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
<IfModule mod_deflate.c>
############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip
# Insert filter on all content
###SetOutputFilter DEFLATE
# Insert filter on selected content types only
#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
# Netscape 4.x has some problems...
#BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
#BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
#BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don't compress images
#SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
#Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_ssl.c>
############################################
## make HTTPS env vars available for CGI mode
SSLOptions StdEnvVars
</IfModule>
<IfModule mod_rewrite.c>
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
#RewriteBase /magento/
############################################
## uncomment next line to enable light API calls processing
# RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]
############################################
## rewrite API2 calls to api.php (by now it is REST only)
RewriteRule ^api/rest api.php?type=rest [QSA,L]
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
############################################
## redirect for mobile user agents
#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
#RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
#RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead
AddDefaultCharset Off
#AddDefaultCharset UTF-8
############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires
<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Default directive
ExpiresDefault "access plus 1 month"
# My favicon
ExpiresByType image/x-icon "access plus 1 year?
# Images
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
# CSS
ExpiresByType text/css "access 1 month?
# Javascript
ExpiresByType application/javascript "access plus 1 year"
</IfModule>
############################################
## By default allow all access
Order allow,deny
Allow from all
###########################################
## Deny access to release notes to prevent disclosure of the installed Magento version
<Files RELEASE_NOTES.txt>
order allow,deny
deny from all
</Files>
############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags
#FileETag none
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
</IfModule>
I have also tried replacing my .htacess with Magento's default one, but it did not help. And of course, in MySQL, in core_config_data, I have set both web/unsecure/base_url and web/secure/base_url to http://localhost/My Site/.
Would someone have an idea about what I might be doing wrong?
Many thanks in advance!
Try with http://127.0.0.1/MySite/
In Magento local, http://localhost don't work