Optimized Apache 2.4 httpd.conf

Created on 2014-Jun-13

Updated on 2014-Jun-13

Here is my optimized Apache 2.4.x httpd.conf:

Credits: gregrickaby/The-Perfect-Apache-Configuration: https://github.com/gregrickaby/The-Perfect-Apache-Configuration

NOTICE: Adjusted the <ifmodule filter_module=""> portion, to be compatible with Apache 2.4.

Before:

FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html

After:

FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/html'"

#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See  for detailed information.
# In particular, see 
# 
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used.  If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the 
# directive.
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80


#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache


#LoadModule dummy_module /usr/lib/apache/mod_dummy.so
#LoadModule ruid2_module       /usr/lib/apache/mod_ruid2.so
#LoadModule php5_module        /usr/lib/apache/libphp5.so
Include	/etc/httpd/conf/extra/httpd-phpmodules.conf

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. [email protected]
#
ServerAdmin admin@localhost
DocumentRoot "/var/www/html"

# Options and AllowOverrides
Include conf/extra/httpd-directories.conf


    DirectoryIndex index.html index.htm index.shtml index.php index.php5 index.php4 index.php3 index.phtml index.cgi


#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#

    Require all denied


#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a 
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a 
# container, that host's errors will be logged there and not here.
#
ErrorLog /var/log/httpd/error_log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn


    #replace %b with %O for more accurate logging
    
      LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
      LogFormat "%a %l %u %t \"%r\" %>s %O" common
      LogFormat "%O %I" bytes

      LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    

    CustomLog /var/log/httpd/access_log common



    # Include some DirectAdmin alias
    Include conf/extra/httpd-alias.conf


#DefaultType text/plain
# kzn replaced at bottom
#
#    TypesConfig conf/mime.types
#    AddType application/x-gzip .tgz
#    AddEncoding x-compress .Z
#    AddEncoding x-gzip .gz .tgz
#    AddType application/x-compress .Z
#    AddType application/x-gzip .gz .tgz
#    AddHandler cgi-script .cgi
#    AddHandler type-map var
#    AddType text/html .shtml
#    AddOutputFilter INCLUDES .shtml
#	AddType video/x-ms-asf .avi
#	AddType video/mpeg .mpg
#	AddType video/mpeg .mpeg
#	AddType video/quicktime .mov
#	AddType video/x-ms-wmv .wmv
#

#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited

#
# EnableMMAP and EnableSendfile: On systems that support it, 
# memory-mapping or the sendfile syscall may be used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted 
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile off

#######################################################################################
# For user configurations not maintained by DirectAdmin. Empty by default.
#######################################################################################

Include conf/extra/httpd-includes.conf


#######################################################################################
# Supplemental configuration
#######################################################################################

# Nginx reverse proxy configuration
Include conf/extra/httpd-nginx.conf

# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf

# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
Include conf/extra/httpd-autoindex.conf

# Language settings
Include conf/extra/httpd-languages.conf

# User home directories
#Include conf/extra/httpd-userdir.conf

# Real-time info on requests and configuration
Include conf/extra/httpd-info.conf

# Suphp
Include conf/extra/httpd-suphp.conf

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
Include conf/extra/httpd-dav.conf

# Various default settings
Include conf/extra/httpd-default.conf

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

# Deflate module settings
Include conf/extra/httpd-deflate.conf

#######################################################################################
# Do not change anything in files below, because they are rewritten by DirectAdmin    #
#######################################################################################

# This is needed for PHP
Include conf/extra/httpd-php-handlers.conf

# All the DirectAdmin vhosts
Include conf/extra/directadmin-vhosts.conf

#######################################################################################
# End of included files that are rewritten by DirectAdmin                             #
#######################################################################################


SSLRandomSeed startup builtin
SSLRandomSeed connect builtin




# KZN https://github.com/gregrickaby/The-Perfect-Apache-Configuration/blob/master/http.conf

# ----------------------------------------------------------------------
# Apache configuration file
# This file is best used in /apache2/httpd.conf, but works (slower) in .htaccess
#
# I've spent quite a bit of time compiling what I find to be optimial to me
# and my server. This file is based on:
# - HTML5BoilerPlate: https://github.com/h5bp/html5-boilerplate/
# - W3 Edge: http://www.w3-edge.com/
# - Yahoo! Best Practices: http://developer.yahoo.com/performance/rules.html
# - Caching Tutorial: http://www.mnot.net/cache_docs/
# - Personal experience
#
# v1.2 / 2013.07.01 / Greg Rickaby
# ----------------------------------------------------------------------

# Specify a Default Charset
AddDefaultCharset utf-8

# ----------------------------------------------------------------------
# Cache Control via HTTP Headers + Expires
# Generation of Expires and Cache-Control HTTP headers according to user-specified criteria
# http://httpd.apache.org/docs/2.0/mod/mod_headers.html
# ----------------------------------------------------------------------

# Expires Defaults

    ExpiresActive On
    # Set default expires to 2 days
    ExpiresDefault A172800
    ExpiresByType text/css A31536000
    ExpiresByType application/x-javascript A31536000
    ExpiresByType text/x-component A31536000
    ExpiresByType text/html A3600
    ExpiresByType text/richtext A3600
    ExpiresByType image/svg+xml A3600
    ExpiresByType text/plain A3600
    ExpiresByType text/xsd A3600
    ExpiresByType text/xsl A3600
    ExpiresByType text/xml A3600
    ExpiresByType video/asf A31536000
    ExpiresByType video/avi A31536000
    ExpiresByType image/bmp A31536000
    ExpiresByType application/java A31536000
    ExpiresByType video/divx A31536000
    ExpiresByType application/msword A31536000
    ExpiresByType application/vnd.ms-fontobject A31536000
    ExpiresByType application/x-msdownload A31536000
    ExpiresByType image/gif A31536000
    ExpiresByType application/x-gzip A31536000
    ExpiresByType image/x-icon A31536000
    ExpiresByType image/jpeg A31536000
    ExpiresByType application/vnd.ms-access A31536000
    ExpiresByType audio/midi A31536000
    ExpiresByType video/quicktime A31536000
    ExpiresByType audio/mpeg A31536000
    ExpiresByType video/mp4 A31536000
    ExpiresByType video/mpeg A31536000
    ExpiresByType application/vnd.ms-project A31536000
    ExpiresByType application/x-font-otf A31536000
    ExpiresByType application/vnd.oasis.opendocument.database A31536000
    ExpiresByType application/vnd.oasis.opendocument.chart A31536000
    ExpiresByType application/vnd.oasis.opendocument.formula A31536000
    ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
    ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
    ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
    ExpiresByType application/vnd.oasis.opendocument.text A31536000
    ExpiresByType audio/ogg A31536000
    ExpiresByType application/pdf A31536000
    ExpiresByType image/png A31536000
    ExpiresByType application/vnd.ms-powerpoint A31536000
    ExpiresByType audio/x-realaudio A31536000
    ExpiresByType image/svg+xml A31536000
    ExpiresByType application/x-shockwave-flash A31536000
    ExpiresByType application/x-tar A31536000
    ExpiresByType image/tiff A31536000
    ExpiresByType application/x-font-ttf A31536000
    ExpiresByType audio/wav A31536000
    ExpiresByType audio/wma A31536000
    ExpiresByType application/vnd.ms-write A31536000
    ExpiresByType application/vnd.ms-excel A31536000
    ExpiresByType application/zip A31536000


# No caching for dynamic files

    ExpiresDefault A0
    Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
    Header set Pragma "no-cache"


# 1 MIN

    ExpiresDefault A60
    Header set Cache-Control "max-age=60, must-revalidate"


# 2 DAYS

    ExpiresDefault A172800
    Header set Cache-Control "max-age=172800, must-revalidate"


# 1 WEEK

    ExpiresDefault A604800
    Header set Cache-Control "max-age=604800, must-revalidate"


# 1 MONTH

    ExpiresDefault A2419200
    Header set Cache-Control "max-age=2419200, must-revalidate"


# ----------------------------------------------------------------------
# Mime Types
# Mime Associates the requested filename's extensions with the file's behavior and content
# http://httpd.apache.org/docs/2.0/mod/mod_mime.html
# ----------------------------------------------------------------------


    AddType text/css .css
    AddType application/x-javascript .js
    AddType text/x-component .htc
    AddType text/html .html .htm
    AddType text/richtext .rtf .rtx
    AddType image/svg+xml .svg .svgz
    AddType text/plain .txt
    AddType text/xsd .xsd
    AddType text/xsl .xsl
    AddType text/xml .xml
    AddType video/asf .asf .asx .wax .wmv .wmx
    AddType video/avi .avi
    AddType image/bmp .bmp
    AddType application/java .class
    AddType video/divx .divx
    AddType application/msword .doc .docx
    AddType application/vnd.ms-fontobject .eot
    AddType application/x-msdownload .exe
    AddType image/gif .gif
    AddType application/x-gzip .gz .gzip
    AddType image/x-icon .ico
    AddType image/jpeg .jpg .jpeg .jpe
    AddType application/vnd.ms-access .mdb
    AddType audio/midi .mid .midi
    AddType video/quicktime .mov .qt
    AddType audio/mpeg .mp3 .m4a
    AddType video/mp4 .mp4 .m4v
    AddType video/mpeg .mpeg .mpg .mpe
    AddType application/vnd.ms-project .mpp
    AddType application/x-font-otf .otf
    AddType application/vnd.oasis.opendocument.database .odb
    AddType application/vnd.oasis.opendocument.chart .odc
    AddType application/vnd.oasis.opendocument.formula .odf
    AddType application/vnd.oasis.opendocument.graphics .odg
    AddType application/vnd.oasis.opendocument.presentation .odp
    AddType application/vnd.oasis.opendocument.spreadsheet .ods
    AddType application/vnd.oasis.opendocument.text .odt
    AddType audio/ogg .ogg
    AddType application/pdf .pdf
    AddType image/png .png
    AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
    AddType audio/x-realaudio .ra .ram
    AddType application/x-shockwave-flash .swf
    AddType application/x-tar .tar
    AddType image/tiff .tif .tiff
    AddType application/x-font-ttf .ttf .ttc
    AddType audio/wav .wav
    AddType audio/wma .wma
    AddType application/vnd.ms-write .wri
    AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
    AddType application/zip .zip


# ----------------------------------------------------------------------
# Gzip compression
# Compress content before it is delivered to the client
# http://httpd.apache.org/docs/2.0/mod/mod_deflate.html
# ----------------------------------------------------------------------


    # Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
    
        
            SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
            RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
        
    

    
        # HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
        FilterDeclare   COMPRESS
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/html'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/css'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/plain'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$text/x-component'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/javascript'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/json'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/xhtml+xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/rss+xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/atom+xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/vnd.ms-fontobject'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$image/svg+xml'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$image/x-icon'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$application/x-font-ttf'"
        FilterProvider  COMPRESS  DEFLATE "%{CONTENT_TYPE} = '$font/opentype'"
        FilterChain     COMPRESS
        FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no
    

    
        # Legacy versions of Apache
        AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
        AddOutputFilterByType DEFLATE application/javascript
        AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
        AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
        AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
    



# ----------------------------------------------------------------------
# Start rewrite engine
# Provides a rule-based rewriting engine to rewrite requested URLs on the fly
# http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
# ----------------------------------------------------------------------

# FollowSymLinks must be enabled for this to work

    Options +FollowSymlinks
    RewriteEngine On


# Block access to "hidden" directories whose names begin with a period

    RewriteCond %{SCRIPT_FILENAME} -d
    RewriteCond %{SCRIPT_FILENAME} -f
    RewriteRule "(^|/)\." - [F]


# ----------------------------------------------------------------------
# Disable server signature (Security)
# Configures the Server HTTP response header
# http://httpd.apache.org/docs/2.2/mod/core.html#serversignature
# ----------------------------------------------------------------------

ServerSignature Off
ServerTokens Prod

# ----------------------------------------------------------------------
# Disable directory browsing (Security)
# Generates directory indexes, automatically, similar to the Unix ls command or the Win32 dir shell command
# http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html
# ----------------------------------------------------------------------


    Options -Indexes


# ----------------------------------------------------------------------
# Block access to backup and source files (Security)
# This files may be left by some text/html editors and pose a great security danger
# ----------------------------------------------------------------------


    Order allow,deny
    Deny from all
    Satisfy All


# ----------------------------------------------------------------------
# Increase cookie security (Security)
# This files may be left by some text/html editors and pose a great security danger
# ----------------------------------------------------------------------

    php_value session.cookie_httponly true


# ----------------------------------------------------------------------
# Webfont access
# Allow access from all domains for webfonts.
# ----------------------------------------------------------------------


    
        Header set Access-Control-Allow-Origin "*"
    


# ----------------------------------------------------------------------
# Force latest IE rendering engine
# ----------------------------------------------------------------------


    Header set X-UA-Compatible "IE=Edge,chrome=1"
        # mod_headers can't match by content-type, but we don't want to this header on everything
        
            Header unset X-UA-Compatible
        


# ----------------------------------------------------------------------
# Instructs the proxies to cache two versions of the resource: one compressed, and one uncompressed. 
# https://developers.google.com/speed/docs/best-practices/caching#LeverageProxyCaching
# ----------------------------------------------------------------------

  
    Header append Vary: Accept-Encoding
  


# ----------------------------------------------------------------------
# CORS-enabled images (@crossorigin)
# Send CORS headers if browsers request them; enabled by default for images.
# http://developer.mozilla.org/en/CORS_Enabled_Image
# http://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
# http://hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
# http://wiki.mozilla.org/Security/Reviews/crossoriginAttribute
# ----------------------------------------------------------------------


    
        
            SetEnvIf Origin ":" IS_CORS
            Header set Access-Control-Allow-Origin "*" env=IS_CORS

Tags: apache Linux apache 2.4 admin