OpenCart Community

OpenCart Community Forum - Discuss shopping cart and e-commerce solutions.
https://forum.opencart.com/

Htaccess in Opencart 3.0.3.8

https://forum.opencart.com/viewtopic.php?t=228052

Page 1 of 1

Htaccess in Opencart 3.0.3.8

Posted: Tue Apr 12, 2022 5:04 pm
by scottyboyyy
How comes this file is missing in the latest Opencart versions?

Does adding it cause caching issues?

Re: Htaccess in Opencart 3.0.3.8

Posted: Tue Apr 12, 2022 5:27 pm
by IP_CAM
Does adding it cause caching issues?

In contrary, a well-done .htaccess File will, at best, improve Performance. Get one from an older OC Version, to at least have one on board.

Re: Htaccess in Opencart 3.0.3.8

Posted: Tue Apr 12, 2022 6:03 pm
by ADD Creative
Where are you downloading OpenCart from? There is a ".htaccess.txt" in all versions I've seen.

Re: Htaccess in Opencart 3.0.3.8

Posted: Tue Apr 12, 2022 6:58 pm
by paulfeakins
scottyboyyy wrote:
Tue Apr 12, 2022 5:04 pm
 How comes this file is missing in the latest Opencart versions?
Have you got your file browser set not to show hidden files?

Re: Htaccess in Opencart 3.0.3.8

Posted: Tue Apr 12, 2022 7:39 pm
by JNeuhoff
A standard OC 3.0.3.8 includes an '.htaccess.txt' file. Rename the latter to '.htaccess', and then edit the file, especially for the 'RewriteBase'.

Re: Htaccess in Opencart 3.0.3.8

Posted: Tue Apr 12, 2022 8:17 pm
by straightlight
Also ensure that the Use SSL is enabled from your OC admin > systems > settings > edit settings > server tab.

Re: Htaccess in Opencart 3.0.3.8

Posted: Fri May 19, 2023 11:51 pm
by parkookk
Hi,
After using OC3031 for many years successfully I have just installed a fresh OC3038 and transfered all my old data to new one.
Do I still need all of these settings in my htaccess?

RewriteOptions inherit


Options +FollowSymlinks
RewriteEngine On

# Prevent Directory listing
Options -Indexes

# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|.twig|\.ini|\.log|(?<!robots)\.txt))">
Require all denied

</FilesMatch>

# SEO URL Settings
RewriteEngine On

# If your opencart installation does not run on the main web folder: "RewriteBase /" becomes "RewriteBase /ShopName/"

RewriteBase /
RewriteCond %{SERVER_PORT} xx
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^/home/xxxxx/public_html/storage/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^system/download/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

#For Leverage browser caching,
<IfModule mod_expires.c>
ExpiresActive On

# Images
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"

# Video
ExpiresByType video/mp4 "access plus 1 year"

# CSS, JavaScript
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"

# Others
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
</IfModule>


### X-Security Headers ###

# X-XSS-Protection & X-Frame-Options & X-Content-Type nosniff & Strict-Transport-Security security header

<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

<Files 403.shtml>
order allow,deny
allow from all
</Files>

#force https:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#ENABLING HSTS:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

#Force www:
RewriteCond %{HTTP_HOST} ^mediasos.co.uk [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^(.*)$ https://www.mediasos.co.uk/$1 [L,R=301,NC]


# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php7_module>
php_value default_charset "UTF-8;"
php_value memory_limit 512M
php_value max_execution_time 60
php_value upload_max_filesize 512M
php_value mysql.connect_timeout 20
php_flag session.auto_start Off
php_flag session.use_only_cookies On
php_flag session.use_cookies On
php_flag session.use_trans_sid Off
php_value session.cookie_httponly "On;"
php_value session.gc_maxlifetime 1440
php_flag display_errors Off
php_value error_reporting E_ALL & ~E_NOTICE
php_value max_input_time 90
php_value max_input_vars 1000
php_value post_max_size 512M
php_value session.save_path "/var/cpanel/php/sessions/ea-php74"
php_flag zlib.output_compression On
</IfModule>
<IfModule lsapi_module>
php_value default_charset "UTF-8;"
php_value memory_limit 512M
php_value max_execution_time 60
php_value upload_max_filesize 512M
php_value mysql.connect_timeout 20
php_flag session.auto_start Off
php_flag session.use_only_cookies On
php_flag session.use_cookies On
php_flag session.use_trans_sid Off
php_value session.cookie_httponly "On;"
php_value session.gc_maxlifetime 1440
php_flag display_errors Off
php_value error_reporting E_ALL & ~E_NOTICE
php_value max_input_time 90
php_value max_input_vars 1000
php_value post_max_size 512M
php_value session.save_path "/var/cpanel/php/sessions/ea-php74"
php_flag zlib.output_compression On
</IfModule>
# END cPanel-generated php ini directives, do not edit

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

Re: Htaccess in Opencart 3.0.3.8

Posted: Sat May 20, 2023 7:33 am
by andrey eftimov
parkookk wrote:
Fri May 19, 2023 11:51 pm
 Hi,
After using OC3031 for many years successfully I have just installed a fresh OC3038 and transfered all my old data to new one.
Do I still need all of these settings in my htaccess?

RewriteOptions inherit.....
yes, you still need these rules. Besides the rules for OpenCart core, there are also rules for hosting - php parameters

Re: Htaccess in Opencart 3.0.3.8

Posted: Sat May 20, 2023 6:45 pm
by by mona
Comments marked by ####COMMENT

Code: Select all

RewriteBase /

####COMMENT this makes no sense
RewriteCond %{SERVER_PORT} xx

####COMMENT I assume that this is inserted by your host for certification validation
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$

RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]

####COMMENT I assume that this is inserted by your host for certification validation
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$

RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]

RewriteRule ^/home/xxxxx/public_html/storage/(.*) index.php?route=error/not_found [L]

####COMMENT I assume that this is inserted by your host for certification validation
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$

RewriteRule ^system/download/(.*) index.php?route=error/not_found [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)

####COMMENT I assume that this is inserted by your host for certification validation
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

#For Leverage browser caching,
<IfModule mod_expires.c>
ExpiresActive On

####COMMENT add default no caching before the more specific definitions
ExpiresDefault A0

# Images
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"

# Video
ExpiresByType video/mp4 "access plus 1 year"

# CSS, JavaScript
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"

# Others
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
</IfModule>


### X-Security Headers ###

# X-XSS-Protection & X-Frame-Options & X-Content-Type nosniff & Strict-Transport-Security security header

<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

<Files 403.shtml>
order allow,deny
allow from all
</Files>

#force https:
####COMMENT suggest you put this at the very top
RewriteEngine On
####COMMENT suggest you put this BEFORE the SEO _ROUTE_ redirect above
RewriteCond %{HTTPS} off
####COMMENT never use HTTP_HOST for redirects unless you have multiple hosts and you are sure it contains one of YOUR hosts, use the same rule you have for non-www to www below instead
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#ENABLING HSTS:
####COMMENT you already set this above, differently
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

#Force www:
####COMMENT suggest you put this BEFORE the SEO _ROUTE_ redirect above
RewriteCond %{HTTP_HOST} ^mediasos.co.uk [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^(.*)$ https://www.mediasos.co.uk/$1 [L,R=301,NC]

Re: Htaccess in Opencart 3.0.3.8

Posted: Tue May 06, 2025 4:43 pm
by parkookk
by mona wrote:
Sat May 20, 2023 6:45 pm
 Comments marked by ####COMMENT

Code: Select all

RewriteBase /

####COMMENT this makes no sense
RewriteCond %{SERVER_PORT} xx

####COMMENT I assume that this is inserted by your host for certification validation
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$

RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]

####COMMENT I assume that this is inserted by your host for certification validation
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$

RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]

RewriteRule ^/home/xxxxx/public_html/storage/(.*) index.php?route=error/not_found [L]

####COMMENT I assume that this is inserted by your host for certification validation
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$

RewriteRule ^system/download/(.*) index.php?route=error/not_found [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)

####COMMENT I assume that this is inserted by your host for certification validation
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

#For Leverage browser caching,
<IfModule mod_expires.c>
ExpiresActive On

####COMMENT add default no caching before the more specific definitions
ExpiresDefault A0

# Images
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"

# Video
ExpiresByType video/mp4 "access plus 1 year"

# CSS, JavaScript
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"

# Others
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
</IfModule>


### X-Security Headers ###

# X-XSS-Protection & X-Frame-Options & X-Content-Type nosniff & Strict-Transport-Security security header

<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

<Files 403.shtml>
order allow,deny
allow from all
</Files>

#force https:
####COMMENT suggest you put this at the very top
RewriteEngine On
####COMMENT suggest you put this BEFORE the SEO _ROUTE_ redirect above
RewriteCond %{HTTPS} off
####COMMENT never use HTTP_HOST for redirects unless you have multiple hosts and you are sure it contains one of YOUR hosts, use the same rule you have for non-www to www below instead
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#ENABLING HSTS:
####COMMENT you already set this above, differently
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

#Force www:
####COMMENT suggest you put this BEFORE the SEO _ROUTE_ redirect above
RewriteCond %{HTTP_HOST} ^mediasos.co.uk [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^(.*)$ https://www.mediasos.co.uk/$1 [L,R=301,NC]
Thanks by Mona, great advice. :)

Re: Htaccess in Opencart 3.0.3.8

Posted: Wed May 07, 2025 2:55 am
by khnaz35
My two cents.
https://github.com/Khnaz35/OpenCart-Fortress
All times are UTC+08:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/