Cache, Protection and Re-Directs

Using WordPress you have a host and your host, no matter which one, uses either Apache or Nginx as its server software. This snippet is for those using Apache and it’s filled with functionality for cache, injection protection, file and folder protection and re-directs.

How to use
First of all, talk to your host. Is MemCache and/ or Redis activated for your PHP-version? If so, be careful as to what you add to your .htaccess file.

I recommend you copy part by part into your existing .htaccess file after the # end wordpress line. Save the file and visit your test site. Refresh the page and try in / with incognito mode. If all works fine, move on to the next part – and so on.

There are parts that are “the same” but still slightly different and because of that, try them one by one. I cannot provide or offer support on this for free as your host should be able to guide you through what you need and do not need.

# WP block - see https://wordpress.org/documentation/article/htaccess/
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a slash after /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
#END WP

# Disable folder indexing
Options All -Indexes
IndexIgnore *
<IfModule mod_autoindex.c>
	Options -Indexes
</IfModule>

ServerSignature Off

# Follow symlink
Options +FollowSymLinks

# Timezone
SetEnv TZ Europe/Bucharest

# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset UTF-8
# Force UTF-8 for a number of file formats
<IfModule mod_mime.c>
	AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml
</IfModule>

# Protect .htaccess and .htpasswds
<Files ~ "^.*\.([Hh][Tt][AaPp])">
	order allow,deny
	deny from all
	satisfy all
</Files>

# Prevent comment spamming
# https://codex.wordpress.org/Combating_Comment_Spam/Denying_Access
<IfModule mod_rewrite.c>
	RewriteCond %{REQUEST_METHOD} POST
	RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
	RewriteCond %{HTTP_REFERER} !.wesztyweb.com.* [OR]
	RewriteCond %{HTTP_USER_AGENT} ^$
        RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

# author URL protection ?author=
<IfModule mod_rewrite.c>
	RewriteCond %{QUERY_STRING} ^author=([0-9]*)
	RewriteRule .* - [F]
</IfModule>

# Prevent hotlinking by referer check
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?wesztyweb.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ https://fakeimg.pl/400x200/?text=Pas_touche_aux_images [NC,R,L]

# Redirect non-www to www
RewriteEngine On
RewriteCond %{HTTP_HOST} ^wesztyweb.com [NC]
RewriteRule ^(.*)$ https://wesztyweb.com $1 [L,R=301]

# Redirect to HTTPS 
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

# CACHE
# Browser header cache
<IfModule mod_expires.c>
	ExpiresActive on
	ExpiresDefault                              "access plus 1 month"
	# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
	ExpiresByType text/cache-manifest           "access plus 0 seconds"
	# Your document html
	ExpiresByType text/html                     "access plus 0 seconds"
	# Data
	ExpiresByType text/xml                      "access plus 0 seconds"
	ExpiresByType application/xml               "access plus 0 seconds"
	ExpiresByType application/json              "access plus 0 seconds"
	# Feed
	ExpiresByType application/rss+xml           "access plus 1 hour"
	ExpiresByType application/atom+xml          "access plus 1 hour"
	# Favicon (cannot be renamed)
	ExpiresByType image/x-icon                  "access plus 1 week"
	# Media: images, video, audio
	ExpiresByType image/gif                     "access plus 4 months"
	ExpiresByType image/png                     "access plus 4 months"
	ExpiresByType image/jpeg                    "access plus 4 months"
	ExpiresByType image/webp                    "access plus 4 months"
	ExpiresByType video/ogg                     "access plus 4 months"
	ExpiresByType audio/ogg                     "access plus 4 months"
	ExpiresByType video/mp4                     "access plus 4 months"
	ExpiresByType video/webm                    "access plus 4 months"
	# HTC files  (css3pie)
	ExpiresByType text/x-component              "access plus 1 month"
	# Webfonts
	ExpiresByType font/ttf                      "access plus 4 months"
	ExpiresByType font/otf                      "access plus 4 months"
	ExpiresByType font/woff                     "access plus 4 months"
	ExpiresByType font/woff2                    "access plus 4 months"
	ExpiresByType image/svg+xml                 "access plus 1 month"
	ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
	# CSS and JavaScript
	ExpiresByType text/css                      "access plus 1 year"
	ExpiresByType application/javascript        "access plus 1 year"
</IfModule>

# Gzip compression
<IfModule mod_deflate.c>
	# Active compression
	SetOutputFilter DEFLATE
	# Force deflate for mangled headers
	<IfModule mod_setenvif.c>
		<IfModule mod_headers.c>
		SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
		RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
		# Don’t compress images and other uncompressible content
		SetEnvIfNoCase Request_URI \
		\.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary
		</IfModule>
	</IfModule>

# Compress all output labeled with one of the following MIME-types
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/atom+xml \
		                          application/javascript \
		                          application/json \
		                          application/rss+xml \
		                          application/vnd.ms-fontobject \
		                          application/x-font-ttf \
		                          application/xhtml+xml \
		                          application/xml \
		                          font/opentype \
		                          image/svg+xml \
		                          image/x-icon \
		                          text/css \
		                          text/html \
		                          text/plain \
		                          text/x-component \
		                          text/xml
</IfModule>
<IfModule mod_headers.c>
Header append Vary: Accept-Encoding
</IfModule>
</IfModule>

# Add mime type
<IfModule mod_mime.c>
AddType text/html .html_gzip
AddEncoding gzip .html_gzip
</IfModule>
<IfModule mod_setenvif.c>
SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
</IfModule>

# Headers
Header unset ETag
FileETag None

# FileETag None is not enough for every server.
<IfModule mod_headers.c>
Header unset ETag
</IfModule>

<ifModule mod_headers.c>  
<filesMatch "\.(ico|jpe?g|png|gif|swf)$">  
    Header set Cache-Control "public"  
</filesMatch>  
<filesMatch "\.(css)$">  
    Header set Cache-Control "public"  
</filesMatch>  
<filesMatch "\.(js)$">  
    Header set Cache-Control "private"  
</filesMatch>  
<filesMatch "\.(x?html?|php)$">  
    Header set Cache-Control "private, must-revalidate"
</filesMatch>
</ifModule>

<IfModule mod_alias.c>
<FilesMatch "\.(css|htc|js|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$">
<IfModule mod_headers.c>
Header unset Pragma
Header append Cache-Control "public"
</IfModule>
</FilesMatch>
</IfModule>
# END CACHE 

# Static compression
<IfModule mod_deflate.c> 
    AddOutputFilterByType DEFLATE text/xhtml text/html text/plain text/xml text/javascript application/x-javascript text/css 
    BrowserMatch ^Mozilla/4 gzip-only-text/html 
    BrowserMatch ^Mozilla/4\.0[678] no-gzip 
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html 
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary 
    Header append Vary User-Agent env=!dont-vary 
</IfModule>  

AddOutputFilterByType DEFLATE text/html  
AddOutputFilterByType DEFLATE text/plain  
AddOutputFilterByType DEFLATE text/xml  
AddOutputFilterByType DEFLATE text/css  
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/json  

# Block few scripts
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

# Injection protection
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]

# CPS (XSS, clickjacking & MIME-Type sniffing)
<ifModule mod_headers.c>
    Header set X-Frame-Options "sameorigin"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Content-Type-Options "nosniff"
    Header set Strict-Transport-Security "max-age=31536000; preload"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
    Header set X-DNS-Prefetch-Control "on"
    Header set Permissions-Policy "autoplay=*, fullscreen=* vertical-scroll=*"
</ifModule>

# PROTECT install.php
# Uncomment or change to 'Allow from all' for install of WordPress
<Files install.php>
	Order Allow,Deny
	Deny from all
	Satisfy all
</Files>

# Prevent wp-config.php access
<files wp-config.php>
	order allow,deny
	deny from all
</files>

# Protect XMLRPC (needed for Apps, Offline-Blogging-Tools, Pingback, etc.)
# If you use that, these tools will not work anymore
<Files xmlrpc.php>
	Order Deny,Allow
	Deny from all
</Files>

# Prevent browser and search engines to request .log (e.g. WP DEBUG LOG) and .txt (e.g. plugins readme) files. 
# Must be placed in /wp-content/.htaccess
<FilesMatch "\.(log|txt)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Hide WordPress, system & sensitive files
<FilesMatch "(^\.|wp-config(-sample)*\.php)">
    Order Deny,Allow
    Deny from all
</FilesMatch>

# Protect some other files
<FilesMatch "(liesmich.html|readme.html|license.txt|(.*)\.bak)">
  Order Deny,Allow
  Deny from all
</FilesMatch>

# Block the include-only files.
# Do not use in Multisite without reading the note in Codex!
# See: https://wordpress.org/support/article/hardening-wordpress/#securing-wp-includes
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /
  RewriteRule ^wp-admin/includes/ - [F,L]
  RewriteRule !^wp-includes/ - [S=3]
  # If you run multisite, comment the next line out (see note above)
  RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
  RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
  RewriteRule ^wp-includes/theme-compat/ - [F,L]
  
	RewriteRule ^wp-admin/install\.php$ - [F]
	RewriteCond %{REQUEST_FILENAME} -f
	RewriteRule (^|.*/)\.(git|svn)/.* - [F]

	# Disable PHP in Uploads
	RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

	# Disable PHP in Plugins
	RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

	# Disable PHP in themes
	RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
</IfModule>

# Force secure cookies (uncomment if you use HTTP://, which you should NOT, use HTTPS with letsencrypt at least)
<IfModule mod_headers.c>
  Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</IfModule>

# Unset headers revealing versions strings
<IfModule mod_headers.c>
  Header unset X-Powered-By
  Header unset X-Pingback
  Header unset SERVER
</IfModule>

# Filter Request Methods
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
  RewriteRule ^(.*)$ - [F,L]
</IfModule>

# Block suspicious request methods
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F,L]

# Block WP timthumb hack
RewriteCond %{REQUEST_URI} (timthumb.php|phpthumb.php|thumb.php|thumbs.php) [NC]
RewriteRule . - [S=1]

RewriteCond %{REQUEST_METHOD} GET [NC] 
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=https?:// [NC,OR] 
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(..//?)+ [NC,OR] 
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC] 
RewriteRule .* - [F]

RewriteCond %{QUERY_STRING} (eval() [NC,OR] 
RewriteCond %{QUERY_STRING} (javascript:)(.)(;) [NC,OR] 
RewriteCond %{QUERY_STRING} (base64_encode)(.)(() [NC,OR] 
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|[|%) [NC,OR] 
RewriteCond %{QUERY_STRING} (<|%3C)(.)script(.)(>|%3) [NC,OR] 
RewriteCond %{QUERY_STRING} (\|...|../|~|`|<|>||) [NC,OR] 
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,22}(=|%3D) [NC,OR] 
RewriteCond %{QUERY_STRING} (boot.ini|etc/passwd|self/environ) [NC,OR] 
RewriteCond %{QUERY_STRING} (\'|\")(.)(drop|exec|insert|md5|select|union) [NC] 
RewriteRule . - [F]

# Block suspicious user agents and requests
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]

RewriteCond %{HTTP_USER_AGENT} (;|<|>|’|”|)|(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]

Block MySQL injections, RFI, base64, etc.

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http%3A%2F%2F [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(..//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} =PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (../|..) [OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} =|w| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.)/self/(.)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.)cPath=http://(.)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).script.(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]s)+cript.(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).iframe.(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]i)+frame.(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.(.) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]([^)]) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.([|]|(|)|<|>). [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (./|../|…/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127.0.0.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^(]( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]a)+ll([^s]s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|’|”|)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

# PHP-CGI Vulnerability
RewriteCond %{QUERY_STRING} ^(%2d|-)[^=]+$ [NC,OR]

# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR]

RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F,L]

You need to edit these to match your own URL!

# redirect empty tag requests to homepage
RedirectMatch 301 ^/tag/?$ https://example.com/

# redirect empty page requests to homepage
RedirectMatch 301 ^/page/?$ https://example.com/

# redirect empty search requests to homepage
RedirectMatch 301 ^/search/?$ https://example.com/

# redirect empty category requests to homepage
RedirectMatch 301 ^/category/?$ https://example.com/

# redirect subdirectory to homepage
RedirectMatch 301 /wp/?$ https://example.com/

# redirect favicon requests to the actual favicon
RedirectMatch 301 ^/favicon.(?!ico) https://example.com/favicon.ico
RedirectMatch 301 (?<!(^/))favicon. https://example.com/favicon.ico

# redirect apple-icon requests to the actual icon
RedirectMatch 301 /apple-touch-icon(.*)?.png https://example.com/apple.png

# redirect requests for humans.txt and robots.txt to the actual file
RedirectMatch 301 (?<!(^/))(humans|robots).txt https://example.com/$2.txt

# redirect requests for xmlrpc.php to the actual file
RedirectMatch 301 (?<!(^(/wp/)))(xmlrpc).php https://example.com/wp/xmlrpc.php

# redirect requests for the wp-login.php file to the login page
RedirectMatch 301 (?

order allow,deny deny from all

order allow,deny deny from all

order allow,deny deny from all satisfy all

Order Allow,Deny Deny from all

Order Allow,Deny Deny from all

Order Allow,Deny Deny from all

FileETag None

Header set Cache-Control "public" 
Header set Cache-Control "public" 
Header set Cache-Control "private" 
Header set Cache-Control "private, must-revalidate"

ExpiresActive on
ExpiresDefault "access plus 1 month"
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType text/html "access plus 0 seconds"
ExpiresByType text/plain "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType text/x-component "access plus 1 hour"
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpe "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/jp2 "access plus 1 month"
ExpiresByType image/pipeg "access plus 1 month"
ExpiresByType image/bmp "access plus 1 month"
ExpiresByType image/tiff "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType image/vnd.microsoft.icon "access plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/icon "access plus 1 month"
ExpiresByType text/ico "access plus 1 month"
ExpiresByType image/x-ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType application/ico "access plus 1 month"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType audio/basic "access plus 1 month"
ExpiresByType audio/mid "access plus 1 month"
ExpiresByType audio/midi "access plus 1 month"
ExpiresByType audio/mpeg "access plus 1 month"
ExpiresByType audio/x-aiff "access plus 1 month"
ExpiresByType audio/x-mpegurl "access plus 1 month"
ExpiresByType audio/x-pn-realaudio "access plus 1 month"
ExpiresByType audio/x-wav "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
ExpiresByType video/x-msvideo "access plus 1 month"
ExpiresByType video/mpeg "access plus 1 month"
ExpiresByType video/quicktime "access plus 1 month"
ExpiresByType video/x-la-asf "access plus 1 month"
ExpiresByType video/x-ms-asf "access plus 1 month"
ExpiresByType x-world/x-vrml "access plus 1 month"
ExpiresByType font/truetype "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType video/x-flv "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType image/vnd.wap.wbmp "access plus 1 month"
ExpiresByType application/vnd.wap.wbxml "access plus 1 month"
ExpiresByType application/smil "access plus 1 month"

# Header append Cache-Control "public"
ExpiresActive On
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/svg "access 1 year"
ExpiresByType image/x-icon "access 1 year"
ExpiresByType application/pdf "access 1 month"
ExpiresByType application/xhtml-xml "access 1 month"
ExpiresByType application/javascript "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresDefault "access 1 month"

# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml

# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent

# re-directs http to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]