Magento 2 performance-optimised .htaccess

Magento's default .htaccess files are designed to make the application work within a variety of challenging hosting environments. The file includes and sets a lot of functions that are already pre-set on our managed cPanel, CWP and DirectAdmin servers, and by removing the bulk of these rules we can improve Magento's application performance.

Please note, these are only suitable for use on our managed cPanel, CWP and DirectAdmin servers. If you plan to use them on an unmanaged server or a different stack, you must consult your system administrator and development engineer first. Additionally, these optimised files assume many defaults for standard installs but your development engineers may require further customisations. If in doubt, speak to your support consultant.

Primary .htaccess file (eg public_html/.htaccess)

DirectoryIndex index.php

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on

#RewriteBase /magento/

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l

RewriteRule .* index.php [L]
</IfModule>

RedirectMatch 403 /\.git

<Files composer.json>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files composer.lock>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files .gitignore>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files .htaccess.sample>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files .php_cs.dist>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files .travis.yml>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files CHANGELOG.md>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files COPYING.txt>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files Gruntfile.js>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files LICENSE.txt>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files LICENSE_AFL.txt>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files nginx.conf.sample>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files package.json>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files php.ini.sample>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files README.md>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files magento_umask>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files auth.json>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>

ErrorDocument 404 /pub/errors/404.php
ErrorDocument 403 /pub/errors/404.php

 

Pub .htaccess file (eg public_html/pub/.htaccess)

DirectoryIndex index.php

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on

#RewriteBase /magento/

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l

RewriteRule .* index.php [L]
</IfModule>

ErrorDocument 404 /errors/404.php
ErrorDocument 403 /errors/404.php

<Files RELEASE_NOTES.txt>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files cron.php>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>

  • magento 2, htaccess, security, speed, performance, fast
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Exception: Notice: Use of undefined constant ICONV_IMPL

Exception: Notice: Use of undefined constant ICONV_IMPLAre you experiencing this error when...

How to re-index from PHP command line using SSH

As your Magento store grows in size with more products, orders and customers, you may experience...

How to upgrade Magento 1 using SSH CLI

This is an easy and quick upgrade guide for updating Magento 1.7, 1.8 and 1.9 to Magento 1.9.x....

Efficient Magento 1 cron on CloudLinux systems

It's no secret that CloudLinux, with its CageFS and PHP selectors, cause problems running the...

How to Install RabbitMQ Server on CentOS 7

RabbitMQ is an open-source message broker, which can be used to greatly enhance the speed of...