A Micro Micro CMS

The .htaccess file

For Apache web server only.

Default
ErrorDocument 404 /inc/404.php
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME}\.php -f
  RewriteRule ^(.*)$ $1.php
</IfModule>
Extended

Edit manually.

ErrorDocument 404 /inc/404.php

# (1) Deny direct browser access to .txt files
RewriteCond %{HTTP_REFERER} !^https://yoursite [NC]
RewriteCond %{HTTP_REFERER} !^https://yoursite.*$ [NC]
RewriteRule \.txt /noaccess [L]
# Create new page titled: 'noaccess'

<IfModule mod_rewrite.c>
  RewriteEngine on
  # (2) Force https
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  # Default rules
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME}\.php -f
  RewriteRule ^(.*)$ $1.php
</IfModule>
# (3) Deny directory listing
Options -Indexes

# (4) Set the cache-control max-age
# Images and stylesheets 2 DAYS (adjust as required)
<FilesMatch ".(jpg|jpeg|png|gif|js|css|ico)$">
Header set Cache-Control "max-age=172800, public"
</FilesMatch>
# Text files 4 HOURS (adjust as required)
<FilesMatch ".(txt)$">
Header set Cache-Control "max-age=14400, public, must-revalidate"
</FilesMatch>
# HTML 4 HOURS (adjust as required)
<FilesMatch ".(html|htm)$">
Header set Cache-Control "max-age=14400, must-revalidate"
</FilesMatch>

# (5) GZIP compress text, html, css
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/css
Note

Password-protected pages can't be viewed in a web browser as HTML without the password but the associated text files can (as .txt) if someone happens to know they are stored in the /pages/ folder, as follows:

yourwebsite.com/pages/password-protected.txt (view this page's text file)

Rule # (1) above denies access and keeps the text.txt files private. There are no password-protected pages on this website.

Cache-control and GZIP compression just make the website faster.

Page last modified: 16 February, 2020