With Kirby comes a great htaccess file. There is often no need to change it that much, but there are some things missing.
Do you miss more things? Add an issue or a pull request.
# protect this .htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>
# directory browsing disabled
Options All -Indexes
# keep header control
<IfModule mod_headers.c>
Header set Connection keep-alive
Header append Cache-Control "public"
</IfModule>
# allow .htpasswd in sub-dirs
ErrorDocument 401 default
# disable auto-indexing of my (C.V.) pdf file
<Files ~ "\.pdf$">
Header set X-Robots-Tag "noindex, nofollow"
</Files>
That’s my .htaccess (along with Kirbys and your code).
i am using this in addition to kirbys htaccess code. etags, gzip, deflate.
# BEGIN EXPIRE AND ETAGS
FileETag MTime Size
<ifmodule mod_expires.c>
<filesmatch "\.(jpg|gif|png|css|js)$">
ExpiresActive on
ExpiresDefault "access plus 1 year"
</filesmatch>
</ifmodule>
Header unset ETag
FileETag None
# END EXPIRE AND ETAGS
# BEGIN GZIP
# mod_gzip compression (legacy, Apache 1.3)
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|xml|txt|css|js)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
# END GZIP
# DEFLATE compression
<IfModule mod_deflate.c>
# Set compression for: html,txt,xml,js,css
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/vnd.ms-fontobject
# Deactivate compression for buggy browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
# Set header information for proxies
Header append Vary User-Agent
</IfModule>
# END DEFLATEKirby comes with basic rules, because everybody wants something else.
If you’re going to pimp your htaccess, please look at something decent like the h5bp boilerplate htaccess.
That was exactly what I was looking for. Thanks for submitting these, @jenstornell .
I’m looking at all my repos and try to improve them.
I wonder if Kirby Htaccess Rules should be merged with Kirby Secrets or continue to be standalone. What do you think?
0 voters
Most of you that voted want me to merge Kirby Htaccess Rules into Kirby Secrets and I agree. Now I’ve copied 3/4 rules to Kirby Secrets.
Htaccess-browser-cache
Htaccess-gzip-compression
Htaccess-redirect-to-https-non-www
I removed one rule that are already in the official docs:
https://getkirby.com/docs/developer-guide/security#prevent-directory-listings
I will shut down Kirby Htaccess Rules in about a month, give you some time to adapt.
Thanks for your votes! 
Just a quick note that @jenstornell has completed the move of Kirby Htaccess Rules over to the Kirby Secrets wiki.
Now the repo has been deleted and you can find all the information here instead: https://github.com/jenstornell/kirby-secrets/blob/master/docs/htaccess.md