# [This line is used to check that this configuration file is up
#  to date. Do not edit this line and leave it as the first line.]
#
# These are suggested configuration directives for use with Tiki.
# They enhance security and permit clean URLs.
# In your Tiki instance, visit tiki-admin.php?page=sefurl to make Tiki use clean URLs in generated links.
#
# The .htaccess file may be enabled in number of different ways (in order of the most to the least recommended):
# Option 1: Let the installer handle it.
# Option 2: Create a symbolic link from .htaccess to _htaccess. This will keep the configuration up-to-date.
# Option 3: Copy _htaccess to .htaccess. Note : Do not move (rename) _htaccess, it is required (used internally) by some Tiki features (like SEFURL).
# Option 4: Add the content of this file to your httpd.conf.
# The last two options should be repeated when the reference _htaccess file changes (when upgrading Tiki).
#
# DEVELOPERS: 
# This is the sample configuration file for Apache. Must be linked to .htaccess to be active.
# This configuration must be kept synchronized with the configuration for other Web servers.
# See http://dev.tiki.org/Operating+System+independence#Keep_web.config_and_.htaccess_synchronized

# -- Prevent Browsing of Certain File Extensions -- #
<FilesMatch "\.(bak|inc|lib|sh|tpl|sql|shtml|asp|xml\.dist)$">
    <IfModule mod_authz_core.c>
       Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        order deny,allow
        deny from all
    </IfModule>
</FilesMatch>
# -- Prevent Browsing of Certain File Names -- #
<FilesMatch "(changelog\.txt|_htaccess|README|INSTALL|web_config|copyright\.txt|composer\..*)$">
    <IfModule mod_authz_core.c>
       Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        order deny,allow
        deny from all
    </IfModule>
</FilesMatch>

# -- Prevent browsing of .git and node_modules content -- #
RedirectMatch 403 /(?:\.git|node_modules)/.*$

<IfModule mod_dir.c>
    # -- Home Page Feature -- #
    # Option 1: (recommended) Not using home page feature.
    DirectoryIndex index.php

    # Option 2: If using home page feature you may avoid the home page name being appended to the url by using this option.
    #DirectoryIndex tiki-index.php index.php
</IfModule>

# -- Ensure Caching Proxy Sends Content to Correct Client -- #
# In some distributions of Apache (e.g. Wampserver 2.5) you may also need to enable mod_filter as well for this to work.
#<IfModule mod_filter.c>
<IfModule mod_deflate.c>
    <IfModule mod_headers.c>
        # Make sure proxies don't deliver the wrong content.
        Header append Vary User-Agent env=!dont-vary
    </IfModule>
    AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json
    <IfModule mod_mime.c>
        # DEFLATE by extension.
        AddOutputFilter DEFLATE js css htm html xml svg
    </IfModule>
</IfModule>
#</IfModule>

# -- Client Cache Method -- #
# Google wants either Last-Modified or ETag. Using ETags will improve the YSlow scores.
# Option 1: recommended
FileETag none

<IfModule mod_headers.c>
    # -- httpoxy mitigation -- #
    RequestHeader unset Proxy early

    # Option 2:
    #Header unset ETag

    # -- Client Cache Expiration -- #
    # Google suggests to use Expires in favour of Cache-Control.
    # Option 1: (recommended)
    Header unset Cache-Control

    #Option 2:
    #Header unset Expires

    # -- Persistent Connections -- #
    # Allow multiple requests to be sent over the same TCP connection. Enable if you serve a lot of static content
    # but, be aware of the possible disadvantages!
    # Read more: http://httpd.apache.org/docs/current/en/mod/core.html#keepalive
    #Header set Connection Keep-Alive

    # -- CORS-enabled Images (@crossorigin) --
    # Send CORS headers if browsers request them; enabled by default for images.
    # Read more: developer.mozilla.org/en/CORS_Enabled_Image
    # Read more: blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
    # Read more: hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
    # Read more: wiki.mozilla.org/Security/Reviews/crossoriginAttribute
    <IfModule mod_setenvif.c>
    # Mod_headers, y u no match by Content-Type?!
        <FilesMatch "(?i)\.(gif|png|jpe?g|svgz?|ico)$">
            SetEnvIf Origin ":" IS_CORS
            Header set Access-Control-Allow-Origin "*" env=IS_CORS
        </FilesMatch>
    </IfModule>

    # -- Webfont Access -- #
    # Allow access from all domains for webfonts.
    # Alternatively you could whitelist your subdomains like "subdomain.example.com".
    <FilesMatch "(?i)\.(ttf|ttc|otf|eot|woff2?)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>

    # -- Enable video/audio seek -- #
    Header set Accept-Ranges bytes

</IfModule>

# -- Expires Headers -- #
# If the site is in active development, you may want to comment out this section.
<IfModule mod_expires.c>
    <FilesMatch "(?i)\.(gif|png|jpe?g|svgz?|ico)$">
        ExpiresActive on
        ExpiresDefault "access plus 1 month"
    </FilesMatch>
    <FilesMatch "(?i)\.(js|css)$">
        ExpiresActive on
        ExpiresDefault "access plus 1 month"
    </FilesMatch>
    <FilesMatch "(?i)\.(woff|woff2)$">
        ExpiresActive on
        ExpiresDefault "access plus 1 month"
    </FilesMatch>
</IfModule>

<IfModule mod_rewrite.c>

    # More information: http://doc.tiki.org/Rewrite+Rules
    RewriteEngine On

    # -- Tiki Root -- #
    # You need to customize the RewriteBase value below if Tiki is installed in a subdirectory of your web root.
    # The value needs to match the subdirectory name that Tiki is installed in.
    # You will get errors otherwise. e.g. "The requested URL /absolutepath/tiki-index.php was not found on this server"
    #RewriteBase   /tiki

    # -- Redirect Missing Directories To Homepage -- #
    # Prevent broken pages and slow upload times. e.g., try yourdomain.com/bogus/ or yourdomain.com/tiki/bogus/
    # The below may not work in all configurations depending on redirects already in place.

    # If directories containing other programs are legitimate (e.g. when Tiki is installed in a subdirectory), then modify and enable the following line.
    #RewriteCond %{REQUEST_URI} !(^/otherokaydirectory/)

    # If Tiki is installed in the web root and your home page is named HomePage, then enable this.
    #RewriteRule ^(.+[^/])/$  /HomePage [R=301,L]

    # If Tiki is installed in a subdirectory of the web root, then customize and enable it below.
    #RewriteRule ^(.+[^/])/$  /tiki/HomePage [R=301,L]

    # -- Legacy Template Image Locations -- #
    # Since Tiki9, image locations have changed. If your custom template links to these images enabling these
    # options may fix your broken images.
    # The preferred solution is to change the directory paths in your custom template.
    # Read more: http://dev.tiki.org/ImgDirectoryRevamp
    #RewriteRule ^img/icons2/(.*)$ img/icons/$1
    #RewriteRule ^pics/large/(.*)$ img/icons/large/$1
    #RewriteRule ^img/mytiki/(.*)$ img/icons/large/$1
    #RewriteRule ^pics/(.*)$ img/$1
    #RewriteRule ^images/(.*)$ img/icons/$1

    # Redirect drawio requests to the correct path
    RewriteRule ^img/lib/(.*)$ vendor/tikiwiki/diagram/img/lib/$1 [NC,L]

    # -- Apache Authorization Header -- #
    # Rewrite rules for passing authorization with Apache running in CGI or FastCGI mode
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

    # -- Set these headers for Last-Modified and Etag in wiki pages -- #
    RewriteCond %{HTTP:If-Modified-Since} ^(.*)
    RewriteRule ^(.*) - [E=HTTP_IF_MODIFIED_SINCE:%1]

    RewriteCond %{HTTP:If-None-Match} ^(.*)
    RewriteRule ^(.*) - [E=HTTP_IF_NONE_MATCH:%1]

    # -- Prevent HTTP TRACE method -- #
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]

    # -- Disallow access to hidden files (apart from well-known ones) -- #
    RewriteRule "(^|/)\.(?!well-known/)" - [F,L]

    # Redirect robots.txt to dynamic tiki-robots.php file.
    RewriteRule ^robots\.txt$ route.php [L]

    # -- If the URL Points to a File Then do Nothing -- #
    RewriteCond %{REQUEST_FILENAME} -s [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule (.*) - [L]

    # -- CalDAV/CardDAV service auto-discovery -- #
    RewriteRule ^.well-known/caldav$    tiki-caldav.php [R=301,L]
    RewriteRule ^.well-known/carddav$   tiki-carddav.php [R=301,L]

    # -- Profiles Repository -- #
    # Set the parentId (here set as 1) to the Id of the category containing your profile pages.
    # Enable feature_wiki_export, feature_wiki and feature_categories in your Tiki settings.
    # Enable tiki_p_view_category and tiki_p_export_wiki in Tiki for anonymous to be a repository.
    # Read more: http://doc.tiki.org/Profiles
    #RewriteRule ^profiles$             tiki-browse_categories.php?find=&deep=on&type=wiki+page&parentId=1&sort_mode=name_asc&plain&maxRecords=1000000 [L]

    # -- Plain Text Sitemap SEO -- #
    # Makes a short link to a list of objects to export as a plain text sitemap.
    # Set the parentId (here set as 2) to the id of a category containing the objects you wish to be
    # crawled by search engines.
    #RewriteRule ^sitemap.txt$          tiki-browse_categories.php?find=&deep=on&type=wiki+page&parentId=2&sort_mode=name_asc&links&maxRecords=1000000 [L]

    # -- RSS Feeds -- #
    # Example rewrite rule to use the search as a simple RSS feed
    #RewriteRule feed-(.*)\.rss         tiki-searchindex.php?httpaccept=application\%2Frss\%2Bxml&filter~content=$1  [QSA,L]

    # If you use session_protected and want to use apache monitoring you may get "certificate verify failed" errors on https://127.0.0.1/server-status
    # If so, uncomment this line which will route these requests straight to apache and so not get forced into https
    # RewriteRule ^server-status.* - [L]

    # -- Tiki URL Rewriting -- #
    # Read more: https://dev.tiki.org/URL+Rewriting+Revamp
    RewriteRule .*                     route.php                                [L]

    # -- Tiki Username Link -- #
    # Option 1: Exact Match.
    # Access a link to any user by providing its username e.g www.yourtiki.me/u:myusername.
    #RewriteRule ^u:([A-Za-z0-9]+)       tiki-view_tracker_item.php?user=$1&view=+user           [QSA,L]

    # Option 2: String Match.
    # Adapt with your user tracker id and user selector field id
    #RewriteRule ^u:([A-Za-z0-9]+)       tiki-view_tracker.php?trackerId=1&filterfield=3&filtervalue\[3\]=$1           [QSA,L]

</IfModule>

# -- Prevent Directory Browsing -- #
# Some shared hosting environments block options, so first check if the module is enabled
<IfModule !mod_dir>
    Options -Indexes
</IfModule>

# -- Developer cTag Blocking -- #
# This prevents reading of tags file for developers who run ctags on their server.
#<Files tags>
#    <IfModule mod_authz_core.c>
#       Require all denied
#    </IfModule>
#    <IfModule !mod_authz_core.c>
#        order deny,allow
#        deny from all
#    </IfModule>
#</Files>

# -- Web Server Auth -- #
# Option 1: recommended
#AuthType Basic
#AuthName "Restricted Access"
#AuthUserFile /etc/httpd/passwords
#Require valid-user

# Option 2: Allows services that POST back to Tiki, but less secure.
#<Limit GET>
#    Require valid-user
#</Limit>

# -- Apache Error Handling -- #
# Tiki can catch some errors and deal with them by redirecting to a similar page, sending you to the
# search, etc. However, some errors do not reach Tiki and are only caught by Apache (ex.: filenameThatDoesntExist.php).
# To make Tiki handle errors caught by Apache, uncomment some of the following lines and adapt the page names.
# You must create the pages before trying to use them.
#ErrorDocument 404 /tiki-index.php?page=File+not+found
#ErrorDocument 500 /tiki-index.php?page=Server+error

# -- Permanent Redirects -- #
# This is useful if you were using another Web application or static HTML and you want to avoid broken links.
#Redirect 301 /oldpage.html /tiki-index.php?page=newpage

# -- Force PHP Version -- #
# Tiki requires PHP5.6 - PHP7. If your host doesn't run one of these by default, it's possible that it can
# be activated by trying to enable it here.  Check with your host.
# Option 1: PHP5
#AddType application/x-httpd-php5 .php
#AddHandler application/x-httpd-php5 .php

# Option 2: PHP7
#AddType application/x-httpd-php7 .php
#AddHandler application/x-httpd-php7 .php

# -- Pass User/Object Information to Server Logs -- #
#SetEnv TIKI_HEADER_REPORT_ID tikiwiki
#SetEnv TIKI_HEADER_REPORT_USER on
#SetEnv TIKI_HEADER_REPORT_OBJECT on
#SetEnv TIKI_HEADER_REPORT_EVENTS on

# -- PHP Settings -- #
# If possible, it's better to change the following settings through your php.ini file, or through your webhosting control panel.
# Some web hosts will not allow you to change these setting through the .htaccess file.

# If you are not using PHP as an apache module, the following PHP settings will likely have no effect.
# For instance, if you use PHP-FPM, you will need to create a file named .user.ini and the syntax is a little different.
# For instance, a sample line would be "memory_limit=256M" (without the quotes)

# To activate the error display, uncomment the following line.
# Read more http://php.net/manual/en/errorfunc.configuration.php#ini.display-errors
#php_flag display_errors on

# To set the error_reporting level, uncomment the following line.
# Read more: http://php.net/manual/en/errorfunc.configuration.php#ini.error-reporting
#php_value error_reporting E_ALL

# Increase memory limit (default is 128M). Use this if you are getting blank pages and/or strange errors.
# Read more: http://php.net/manual/en/ini.core.php#ini.memory-limit
#php_value memory_limit 256M

# Increase execution time.
# Default value in Apache used to be 30, and in some cases of long wiki pages with many plugins it may take longer.
# Read more: http://php.net/manual/en/info.configuration.php#ini.max-execution-time
#php_value max_execution_time 90

# This sets the maximum time in seconds a script is allowed to parse input data, like POST and GET.
#php_value max_input_time 90

# Increase the maximum file size for uploads allowed by PHP.
# Default value in Apache used to be 2M which is usually too low for PDF or documents with some images, screenshots, etc.
# Read more: http://php.net/manual/en/ini.core.php#ini.upload-max-filesize
# Read more: http://php.net/manual/en/ini.core.php#ini.post-max-size
#php_value upload_max_filesize 10M
#php_value post_max_size 11M

# In some cases you may see open_basedir warnings about Smarty accessing PHP files that it shouldn't.
# The following line (uncommented) will reset the include path to use only Tiki's files which will solve this in most cases.
#php_value include_path "."

# Set a character set
#php_value default_charset utf-8

# Timezone
# Needed for dates and times to work properly in PHP.
# Option 1: recommended
#php_value date.timezone "America/New_York"

# Option 2: Set the apache environment variable
#SetEnv TZ America/New_York

# If the packages control panel is picking up the wrong version of php (as seen in the "diagnose" tab)
# it might be because the apache PATH directive is set wrongly, so try something like this:
#SetEnv PATH /opt/local/bin:/opt/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
