# # @copyright Copyright 2003-2013 Zen Cart Development Team # @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0 # @version GIT: $Id: Author: DrByte Sat Dec 21 17:00:00 2013 -0500 Modified in v1.5.3 $ # # This is used with Apache WebServers # # The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions # It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled. # Will also prevent people from seeing what is in the dir. and any sub-directories # # For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file. # Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified. # Example: # # AllowOverride Limit Options Indexes # ############################### DirectoryIndex index.php # deny *everything* Order Allow,Deny Deny from all # but now allow just *certain* necessary files: Order Allow,Deny Allow from all IndexIgnore */* order deny,allow deny from All ## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS): # OPTIONS -Indexes -ExecCGI ################## ## Optional caching improvements ## Requires mod_header and mod_deflate to be enabled within Apache ################## Header unset Pragma FileETag None Header unset ETag #Header set Cache-Control "no-transform" Header set Cache-control "max-age=864000, public, must-revalidate" Header unset Last-Modified Header set Cache-control "max-age=7200, must-revalidate" SetOutputFilter DEFLATE ################## ## Optional improvements ## Requires mod_expires to be enabled within Apache ################## ExpiresActive On ExpiresDefault A300 ExpiresByType application/x-javascript A3600 ExpiresByType text/css A3600 ExpiresByType image/gif A604800 ExpiresByType video/x-flv A604800 ExpiresByType application/pdf A604800 ExpiresByType text/html A300 ExpiresByType image/x-icon A86400 ExpiresByType image/jpeg A2592000 ExpiresByType image/png A2592000 ExpiresByType text/cache-manifest "access plus 0 seconds" #turn off X-PHP-Originating-Script header when sending emails from admin #uncomment to activate: # php_flag mail.add_x_header Off