framework/bedrock
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

much cleaner way of including h5bp's htaccess by utilizing the WordPress

Browse Source 
Filesystem API and grabbing the contents from a separate file
This commit is contained in:
Ben Word
2011-06-30 23:55:32 -06:00
parent 6e55fd25c2
commit 12dd0fae09
2 changed files with 298 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

284
inc/h5bp-.htaccess Normal file
View File

@@ -0,0 +1,284 @@
# ----------------------------------------------------------------------
# Better website experience for IE users
# ----------------------------------------------------------------------
# Force the latest IE version, in various cases when it may fall back to IE7 mode
# github.com/rails/rails/commit/123eb25#commitcomment-118920
# Use ChromeFrame if it's installed for a better experience for the poor IE folk
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
BrowserMatch MSIE ie
Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
</IfModule>
</IfModule>
<IfModule mod_headers.c>
# Because X-UA-Compatible isn't sent to non-IE (to save header bytes),
# We need to inform proxies that content changes based on UA
Header append Vary User-Agent
# Cache control is set only if mod_headers is enabled, so that's unncessary to declare
</IfModule>
# ----------------------------------------------------------------------
# Cross-domain AJAX requests
# ----------------------------------------------------------------------
# Serve cross-domain ajax requests, disabled.
# enable-cors.org
# code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
# <IfModule mod_headers.c>
# Header set Access-Control-Allow-Origin "*"
# </IfModule>
# ----------------------------------------------------------------------
# Webfont access
# ----------------------------------------------------------------------
# Allow access from all domains for webfonts.
# Alternatively you could only whitelist your
# subdomains like "sub.domain.com".
<FilesMatch "\.(ttf|otf|eot|woff|font.css)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
# ----------------------------------------------------------------------
# Proper MIME type for all files
# ----------------------------------------------------------------------
# Audio
AddType audio/ogg oga ogg
AddType audio/mp4 m4a
# Video
AddType video/ogg ogv
AddType video/mp4 mp4 m4v
AddType video/webm webm
# Proper svg serving. Required for svg webfonts on iPad
# twitter.com/FontSquirrel/status/14855840545
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
# Webfonts
AddType application/vnd.ms-fontobject eot
AddType application/x-font-ttf ttf ttc
AddType font/opentype otf
AddType application/x-font-woff woff
# Assorted types
AddType image/x-icon ico
AddType image/webp webp
AddType text/cache-manifest appcache manifest
AddType text/x-component htc
AddType application/x-chrome-extension crx
AddType application/x-xpinstall xpi
AddType application/octet-stream safariextz
AddType text/x-vcard vcf
# ----------------------------------------------------------------------
# Gzip compression
# ----------------------------------------------------------------------
<IfModule mod_deflate.c>
# Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s,?\s(gzip|deflate)?|X{4,13}|~{4,13}|-{4,13})$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
# HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
<IfModule filter_module>
FilterDeclare COMPRESS
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/javascript
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/x-component
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/javascript
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/json
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xml
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-javascript
FilterChain COMPRESS
FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
</IfModule>
<IfModule !mod_filter.c>
# Legacy versions of Apache
AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript
AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
</IfModule>
# Webfonts and SVG:
<FilesMatch "\.(ttf|otf|eot|svg)$" >
SetOutputFilter DEFLATE
</FilesMatch>
</IfModule>
# ----------------------------------------------------------------------
# Stop screen flicker in IE on CSS rollovers
# ----------------------------------------------------------------------
# The following directives stop screen flicker in IE on CSS rollovers - in
# combination with the "ExpiresByType" rules for images (see above). If
# needed, un-comment the following rules.
# BrowserMatch "MSIE" brokenvary=1
# BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
# BrowserMatch "Opera" !brokenvary
# SetEnvIf brokenvary 1 force-no-vary
# ----------------------------------------------------------------------
# Cookie setting from iframes
# ----------------------------------------------------------------------
# Allow cookies to be set from iframes (for IE only)
# If needed, uncomment and specify a path or regex in the Location directive
# <IfModule mod_headers.c>
# <Location />
# Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
# </Location>
# </IfModule>
# ----------------------------------------------------------------------
# Prevent SSL cert warnings
# ----------------------------------------------------------------------
# Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent
# https://www.domain.com when your cert only allows https://secure.domain.com
# Uncomment the following lines to use this feature.
# <IfModule mod_rewrite.c>
# RewriteCond %{SERVER_PORT} !^443
# RewriteRule (.*) https://example-domain-please-change-me.com/$1 [R=301,L]
# </IfModule>
# ----------------------------------------------------------------------
# Prevent 404 errors for non-existing redirected folders
# ----------------------------------------------------------------------
# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist
# e.g. /blog/hello : webmasterworld.com/apache/3808792.htm
Options -MultiViews
# ----------------------------------------------------------------------
# UTF-8 encoding
# ----------------------------------------------------------------------
# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8
# Force UTF-8 for a number of file formats
AddCharset utf-8 .html .css .js .xml .json .rss
# ----------------------------------------------------------------------
# A little more security
# ----------------------------------------------------------------------
# Do we want to advertise the exact version number of Apache we're running?
# Probably not.
## This can only be enabled if used in httpd.conf - It will not work in .htaccess
# ServerTokens Prod
# "-Indexes" will have Apache block users from browsing folders without a default document
# Usually you should leave this activated, because you shouldn't allow everybody to surf through
# every folder on your server (which includes rather private places like CMS system folders).
Options -Indexes
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or Git.
<IfModule mod_rewrite.c>
RewriteRule "(^|/)\." - [F]
</IfModule>
# If your server is not already configured as such, the following directive
# should be uncommented in order to set PHP's register_globals option to OFF.
# This closes a major security hole that is abused by most XSS (cross-site
# scripting) attacks. For more information: http://php.net/register_globals
#
# IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :
#
# Your server does not allow PHP directives to be set via .htaccess. In that
# case you must make this change in your php.ini file instead. If you are
# using a commercial web host, contact the administrators for assistance in
# doing this. Not all servers allow local php.ini files, and they should
# include all PHP configurations (not just this one), or you will effectively
# reset everything to PHP defaults. Consult www.php.net for more detailed
# information about setting PHP directives.
# php_flag register_globals Off
# Rename session cookie to something else, than PHPSESSID
# php_value session.name sid
# Do not show you are using php
# php_flag expose_php Off
# Level of log detail - log all errors
# php_value error_reporting -1
# Write errors to log file
# php_flag log_errors On
# Do not display errors in browser (production - Off, development - On)
# php_flag display_errors Off
# Do not display startup errors (production - Off, development - On)
# php_flag display_startup_errors Off
# Format errors in plain text
# php_flag html_errors Off
# Show multiple occurrence of error
# php_flag ignore_repeated_errors Off
# Show same errors from different sources
# php_flag ignore_repeated_source Off
# Size limit for error messages
# php_value log_errors_max_len 1024
# Don't precede error with string (doesn't accept empty string, use whitespace if you need)
# php_value error_prepend_string " "
# Don't prepend to error (doesn't accept empty string, use whitespace if you need)
# php_value error_append_string " "
# Increase cookie security
<IfModule php5_module>
php_value session.cookie_httponly true
</IfModule>

278
inc/roots-htaccess.php
View File

@@ -8,273 +8,23 @@ function roots_htaccess_writable() {
add_action('admin_init', 'roots_htaccess_writable');
// thanks to Scott Walkinshaw (scottwalkinshaw.com)
function roots_add_h5bp_htaccess($rules) {
global $wp_filesystem;
function roots_add_htaccess($rules) {
if (!defined('FS_METHOD')) define('FS_METHOD', 'direct');
if (is_null($wp_filesystem)) WP_Filesystem(array(), ABSPATH);
if (!defined('WP_CONTENT_DIR'))
define('WP_CONTENT_DIR', ABSPATH . 'wp-content');
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n# Better website experience for IE users";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n";
$rules .= "\n# Force the latest IE version, in various cases when it may fall back to IE7 mode";
$rules .= "\n# github.com/rails/rails/commit/123eb25#commitcomment-118920";
$rules .= "\n# Use ChromeFrame if it's installed for a better experience for the poor IE folk";
$rules .= "\n";
$rules .= "\n<IfModule mod_setenvif.c>";
$rules .= "\n <IfModule mod_headers.c>";
$rules .= "\n BrowserMatch MSIE ie";
$rules .= "\n Header set X-UA-Compatible \"IE=Edge,chrome=1\" env=ie";
$rules .= "\n </IfModule>";
$rules .= "\n</IfModule>";
$rules .= "\n";
$rules .= "\n<IfModule mod_headers.c>";
$rules .= "\n# Because X-UA-Compatible isn't sent to non-IE (to save header bytes),";
$rules .= "\n# We need to inform proxies that content changes based on UA";
$rules .= "\n Header append Vary User-Agent";
$rules .= "\n# Cache control is set only if mod_headers is enabled, so that's unncessary to declare";
$rules .= "\n</IfModule>";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n# Cross-domain AJAX requests";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n";
$rules .= "\n# Serve cross-domain ajax requests, disabled. ";
$rules .= "\n# enable-cors.org";
$rules .= "\n# code.google.com/p/html5security/wiki/CrossOriginRequestSecurity";
$rules .= "\n";
$rules .= "\n# <IfModule mod_headers.c>";
$rules .= "\n# Header set Access-Control-Allow-Origin "*"";
$rules .= "\n# </IfModule>";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n# Webfont access";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n";
$rules .= "\n# allow access from all domains for webfonts";
$rules .= "\n# alternatively you could only whitelist";
$rules .= "\n# your subdomains like \"sub.domain.com\"";
$rules .= "\n";
$rules .= "\n<FilesMatch \"\.(ttf|otf|eot|woff|font.css)$\">";
$rules .= "\n <IfModule mod_headers.c>";
$rules .= "\n Header set Access-Control-Allow-Origin "*"";
$rules .= "\n </IfModule>";
$rules .= "\n</FilesMatch>";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n# Proper MIME type for all files";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n";
$rules .= "\n# audio";
$rules .= "\nAddType audio/ogg oga ogg";
$rules .= "\n";
$rules .= "\n# video";
$rules .= "\nAddType video/ogg ogv";
$rules .= "\nAddType video/mp4 mp4";
$rules .= "\nAddType video/webm webm";
$rules .= "\n";
$rules .= "\n# Proper svg serving. Required for svg webfonts on iPad";
$rules .= "\n# twitter.com/FontSquirrel/status/14855840545";
$rules .= "\nAddType image/svg+xml svg svgz ";
$rules .= "\nAddEncoding gzip svgz";
$rules .= "\n ";
$rules .= "\n# webfonts ";
$rules .= "\nAddType application/vnd.ms-fontobject eot";
$rules .= "\nAddType font/truetype ttf";
$rules .= "\nAddType font/opentype otf";
$rules .= "\nAddType application/x-font-woff woff";
$rules .= "\n";
$rules .= "\n# assorted types ";
$rules .= "\nAddType image/x-icon ico";
$rules .= "\nAddType image/webp webp";
$rules .= "\nAddType text/cache-manifest appcache manifest";
$rules .= "\nAddType text/x-component htc";
$rules .= "\nAddType application/x-chrome-extension crx";
$rules .= "\nAddType application/x-xpinstall xpi";
$rules .= "\nAddType application/octet-stream safariextz";
$rules .= "\nAddType text/x-vcard vcf";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n# gzip compression";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n";
$rules .= "\n<IfModule mod_deflate.c>";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/";
$rules .= "\n<IfModule mod_setenvif.c>";
$rules .= "\n <IfModule mod_headers.c>";
$rules .= "\n SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s,?\s(gzip|deflate)?|X{4,13}|~{4,13}|-{4,13})$ HAVE_Accept-Encoding";
$rules .= "\n RequestHeader append Accept-Encoding \"gzip,deflate\" env=HAVE_Accept-Encoding";
$rules .= "\n </IfModule>";
$rules .= "\n</IfModule>";
$rules .= "\n# html, txt, css, js, json, xml, htc:";
$rules .= "\n<IfModule filter_module>";
$rules .= "\n FilterDeclare COMPRESS";
$rules .= "\n FilterProvider COMPRESS DEFLATE resp=Content-Type /text/(html|css|javascript|plain|x(ml|-component))/";
$rules .= "\n FilterProvider COMPRESS DEFLATE resp=Content-Type /application/(javascript|json|xml|x-javascript)/";
$rules .= "\n FilterChain COMPRESS";
$rules .= "\n FilterProtocol COMPRESS change=yes;byteranges=no";
$rules .= "\n</IfModule>";
$rules .= "\n";
$rules .= "\n<IfModule !mod_filter.c>";
$rules .= "\n # Legacy versions of Apache";
$rules .= "\n AddOutputFilterByType DEFLATE text/html text/plain text/css application/json";
$rules .= "\n AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript ";
$rules .= "\n AddOutputFilterByType DEFLATE text/xml application/xml text/x-component";
$rules .= "\n</IfModule>";
$rules .= "\n";
$rules .= "\n# webfonts and svg:";
$rules .= "\n <FilesMatch \"\.(ttf|otf|eot|svg)$\" >";
$rules .= "\n SetOutputFilter DEFLATE";
$rules .= "\n </FilesMatch>";
$rules .= "\n</IfModule>";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n# Stop screen flicker in IE on CSS rollovers";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n";
$rules .= "\n# The following directives stop screen flicker in IE on CSS rollovers - in";
$rules .= "\n# combination with the \"ExpiresByType\" rules for images (see above). If";
$rules .= "\n# needed, un-comment the following rules.";
$rules .= "\n";
$rules .= "\n# BrowserMatch \"MSIE\" brokenvary=1";
$rules .= "\n# BrowserMatch \"Mozilla/4.[0-9]{2}\" brokenvary=1";
$rules .= "\n# BrowserMatch \"Opera\" !brokenvary";
$rules .= "\n# SetEnvIf brokenvary 1 force-no-vary";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n# Prevent SSL cert warnings";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n";
$rules .= "\n# Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent ";
$rules .= "\n# https://www.domain.com when your cert only allows https://secure.domain.com";
$rules .= "\n# Uncomment the following lines to use this feature.";
$rules .= "\n";
$rules .= "\n# <IfModule mod_rewrite.c>";
$rules .= "\n# RewriteCond %{SERVER_PORT} !^443";
$rules .= "\n# RewriteRule (.*) https://example-domain-please-change-me.com/$1 [R=301,L]";
$rules .= "\n# </IfModule>";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n# Prevent 404 errors for non-existing redirected folders";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n";
$rules .= "\n# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist ";
$rules .= "\n# e.g. /blog/hello : webmasterworld.com/apache/3808792.htm";
$rules .= "\n";
$rules .= "\nOptions -MultiViews ";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n# UTF-8 encoding";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n";
$rules .= "\n# use utf-8 encoding for anything served text/plain or text/html";
$rules .= "\nAddDefaultCharset utf-8";
$rules .= "\n";
$rules .= "\n# force utf-8 for a number of file formats";
$rules .= "\nAddCharset utf-8 .html .css .js .xml .json .rss";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n# A little more security";
$rules .= "\n# ----------------------------------------------------------------------";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# Do we want to advertise the exact version number of Apache we're running?";
$rules .= "\n# Probably not.";
$rules .= "\n## This can only be enabled if used in httpd.conf - It will not work in .htaccess";
$rules .= "\n# ServerTokens Prod";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# \"-Indexes\" will have Apache block users from browsing folders without a default document";
$rules .= "\n# Usually you should leave this activated, because you shouldn't allow everybody to surf through";
$rules .= "\n# every folder on your server (which includes rather private places like CMS system folders).";
$rules .= "\nOptions -Indexes";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# Block access to \"hidden\" directories whose names begin with a period. This";
$rules .= "\n# includes directories used by version control systems such as Subversion or Git.";
$rules .= "\n<IfModule mod_rewrite.c>";
$rules .= "\n RewriteRule \"(^|/)\.\" - [F]";
$rules .= "\n</IfModule>";
$rules .= "\n";
$rules .= "\n";
$rules .= "\n# If your server is not already configured as such, the following directive";
$rules .= "\n# should be uncommented in order to set PHP's register_globals option to OFF.";
$rules .= "\n# This closes a major security hole that is abused by most XSS (cross-site";
$rules .= "\n# scripting) attacks. For more information: http://php.net/register_globals";
$rules .= "\n#";
$rules .= "\n# IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :";
$rules .= "\n#";
$rules .= "\n# Your server does not allow PHP directives to be set via .htaccess. In that";
$rules .= "\n# case you must make this change in your php.ini file instead. If you are";
$rules .= "\n# using a commercial web host, contact the administrators for assistance in";
$rules .= "\n# doing this. Not all servers allow local php.ini files, and they should";
$rules .= "\n# include all PHP configurations (not just this one), or you will effectively";
$rules .= "\n# reset everything to PHP defaults. Consult www.php.net for more detailed";
$rules .= "\n# information about setting PHP directives.";
$rules .= "\n";
$rules .= "\n# php_flag register_globals Off";
$rules .= "\n";
$rules .= "\n# rename session cookie to something else, than PHPSESSID";
$rules .= "\n# php_value session.name sid";
$rules .= "\n";
$rules .= "\n# do not show you are using php";
$rules .= "\n# php_flag expose_php Off";
$rules .= "\n";
$rules .= "\n# level of log detail - log all errors";
$rules .= "\n# php_value error_reporting -1";
$rules .= "\n";
$rules .= "\n# write errors to log file";
$rules .= "\n# php_flag log_errors On";
$rules .= "\n";
$rules .= "\n# do not display errors in browser (production - Off, development - On)";
$rules .= "\n# php_flag display_errors Off";
$rules .= "\n";
$rules .= "\n# do not display startup errors (production - Off, development - On)";
$rules .= "\n# php_flag display_startup_errors Off";
$rules .= "\n";
$rules .= "\n# format errors in plain text";
$rules .= "\n# php_flag html_errors Off";
$rules .= "\n";
$rules .= "\n# show multiple occurrence of error";
$rules .= "\n# php_flag ignore_repeated_errors Off";
$rules .= "\n";
$rules .= "\n# show same errors from different sources";
$rules .= "\n# php_flag ignore_repeated_source Off";
$rules .= "\n";
$rules .= "\n# size limit for error messages";
$rules .= "\n# php_value log_errors_max_len 1024";
$rules .= "\n";
$rules .= "\n# don't precede error with string (doesn't accept empty string, use whitespace if you need)";
$rules .= "\n# php_value error_prepend_string \" \"";
$rules .= "\n";
$rules .= "\n# don't prepend to error (doesn't accept empty string, use whitespace if you need)";
$rules .= "\n# php_value error_append_string \" \"";
$rules .= "\n";
$rules .= "\n# Increase cookie security";
$rules .= "\n<IfModule php5_module>";
$rules .= "\n php_value session.cookie_httponly true";
$rules .= "\n</IfModule>";
$theme_name = next(explode('/themes/', get_template_directory()));
$filename = WP_CONTENT_DIR . '/themes/' . $theme_name . '/inc/h5bp-.htaccess';
$rules .= $wp_filesystem->get_contents($filename);
return $rules;
}
add_action('mod_rewrite_rules', 'roots_add_htaccess');
?>
add_action('mod_rewrite_rules', 'roots_add_h5bp_htaccess');
?>