Skip to main content
Version: 2023.2

Apache Configuration

.htaccess

All the necessary rewrite rules, which are needed for Pimcore to work, must be defined in the .htaccess file on path public/.htaccess, as below:

# Use the front controller as index file. It serves as a fallback solution when
# every other rewrite/redirect fails (e.g. in an aliased environment without
# mod_rewrite). Additionally, this reduces the matching process for the
# start page (path "/") because otherwise Apache will apply the rewriting rules
# to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
DirectoryIndex index.php

# By default, Apache does not evaluate symbolic links if you did not enable this
# feature in your server configuration. Uncomment the following line if you
# install assets as symlinks or if you experience problems related to symlinks
# when compiling LESS/Sass/CoffeScript assets.
# Options FollowSymlinks

# Disabling MultiViews prevents unwanted negotiation, e.g. "/index" should not resolve
# to the front controller "/index.php" but be rewritten to "/index.php/index".
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>

# mime types
AddType video/mp4 .mp4
AddType video/webm .webm
AddType image/webp .webp
AddType image/jpeg .pjpeg

Options +SymLinksIfOwnerMatch

# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8

RewriteEngine On

<IfModule mod_headers.c>
<FilesMatch "\.(jpe?g|png)$">
Header always unset X-Content-Type-Options
</FilesMatch>
</IfModule>

# Determine the RewriteBase automatically and set it as environment variable.
# If you are using Apache aliases to do mass virtual hosting or installed the
# project in a subdirectory, the base path will be prepended to allow proper
# resolution of the index.php file and to redirect to the correct URI. It will
# work in environments without path prefix as well, providing a safe, one-size
# fits all solution. But as you do not need it in this case, you can comment
# the following 2 lines to eliminate the overhead.
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]

# Sets the HTTP_AUTHORIZATION header removed by Apache
RewriteCond %{HTTP:Authorization} .
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Redirect to URI without front controller to prevent duplicate content
# (with and without `/index.php`). Only do this redirect on the initial
# rewrite by Apache and not on subsequent cycles. Otherwise we would get an
# endless redirect loop (request -> rewrite to front controller ->
# redirect -> request -> ...).
# So in case you get a "too many redirects" error or you always get redirected
# to the start page because your Apache does not expose the REDIRECT_STATUS
# environment variable, you have 2 choices:
# - disable this feature by commenting the following 2 lines or
# - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
# following RewriteCond (best solution)
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]

<IfModule mod_status.c>
RewriteCond %{REQUEST_URI} ^/(fpm|server)-(info|status|ping)
RewriteRule . - [L]
</IfModule>

# restrict access to dotfiles
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule /\.|^\.(?!well-known/) - [F,L]

# ASSETS: check if request method is GET (because of WebDAV) and if the requested file (asset) exists on the filesystem, if both match, deliver the asset directly
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)
RewriteCond %{DOCUMENT_ROOT}/var/assets%{REQUEST_URI} -f
RewriteRule ^(.*)$ /var/assets%{REQUEST_URI} [PT,L]

# Thumbnails
RewriteCond %{REQUEST_URI} .*/(image|video)-thumb__[\d]+__.*
RewriteCond %{DOCUMENT_ROOT}/var/tmp/thumbnails%{REQUEST_URI} -f
RewriteRule ^(.*)$ /var/tmp/thumbnails%{REQUEST_URI} [PT,L]

# static pages
SetEnvIf Request_URI ^(.*)$ STATIC_PAGE_URI=$1
SetEnvIf Request_URI / STATIC_PAGE_URI=/%home

RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)
RewriteCond %{QUERY_STRING} !(pimcore_editmode=true|pimcore_preview|pimcore_version)
RewriteCond %{DOCUMENT_ROOT}/var/tmp/pages%{STATIC_PAGE_URI}.html -f
RewriteRule ^(.*)$ /var/tmp/pages%{STATIC_PAGE_URI}.html [PT,L]

# cache-buster rule for scripts & stylesheets embedded using view helpers
RewriteRule ^cache-buster\-[\d]+/(.*) $1 [PT,L]

# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]

# Rewrite all other queries to the front controller.
RewriteRule ^ %{ENV:BASE}/index.php [L]




##########################################
### OPTIONAL PERFORMANCE OPTIMIZATIONS ###
##########################################

<IfModule mod_deflate.c>
# Force compression for mangled headers.
# http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>

# Compress all output labeled with one of the following MIME-types
# (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
# and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
# as `AddOutputFilterByType` is still in the core directives).
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/atom+xml application/javascript application/json \
application/vnd.ms-fontobject application/x-font-ttf application/rss+xml \
application/x-web-app-manifest+json application/xhtml+xml \
application/xml font/opentype image/svg+xml image/x-icon \
text/css text/html text/plain text/x-component text/xml text/javascript
</IfModule>
</IfModule>

<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 31536000 seconds"

# specific overrides
#ExpiresByType text/css "access plus 1 year"
</IfModule>

<IfModule pagespeed_module>
# pimcore mod_pagespeed integration
# pimcore automatically disables mod_pagespeed in the following situations: debug-mode on, /admin, preview, editmode, ...
# if you want to disable pagespeed for specific actions in pimcore you can use $this->disableBrowserCache() in your action
RewriteCond %{REQUEST_URI} ^/(mod_)?pagespeed_(statistics|message|console|beacon|admin|global_admin)
RewriteRule . - [L]

ModPagespeed Off
AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html
ModPagespeedModifyCachingHeaders off
ModPagespeedRewriteLevel PassThrough
# low risk filters
ModPagespeedEnableFilters remove_comments,recompress_images
# low and moderate filters, recommended filters, but can cause problems
ModPagespeedEnableFilters lazyload_images,extend_cache_images,inline_preview_images,sprite_images
ModPagespeedEnableFilters combine_css,rewrite_css,move_css_to_head,flatten_css_imports,extend_cache_css,prioritize_critical_css
ModPagespeedEnableFilters extend_cache_scripts,combine_javascript,canonicalize_javascript_libraries,rewrite_javascript
# high risk
#ModPagespeedEnableFilters defer_javascript,local_storage_cache
</IfModule>

Virtual Hosts

Make sure Allowoverride All is set for the DocumentRoot, which enables .htaccess support.

Example

<VirtualHost *:443>
ServerName YOUPROJECT.local
DocumentRoot /var/www/public

<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/pimcore.sock|fcgi://localhost"
</FilesMatch>

<Directory /var/www/public>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>

SSLEngine on
# NEEDS TO BE CHANGED
SSLCertificateFile /etc/getssl/YOUPROJECT.local/YOUPROJECT.local.crt
SSLCertificateKeyFile /etc/getssl/YOUPROJECT.local/YOUPROJECT.local.key
SSLCertificateChainFile /etc/getssl/YOUPROJECT.local/chain.crt

RewriteEngine On

# THE FOLLOWING NEEDS TO BE THE VERY LAST REWRITE RULE IN THIS VHOST
# this is needed to pass the auth header correctly - fastcgi environment
RewriteRule ".*" "-" [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

ErrorLog ${APACHE_LOG_DIR}/YOUPROJECT.local_443_error.log
CustomLog ${APACHE_LOG_DIR}/YOUPROJECT.local_443_access.log combined
</VirtualHost>