Well-Known Member
Jul 20, 2016
cPanel Access Level
Website Owner
HI, i use e-commerce website (Opencart) with WHM / Cpanel on a VPS.
In order to optimize the speed of the site, I tried the module mod_pagespeed, but I have less good performance, so I uninstalled.

I activated the compression of all the content of the site via cpanel (Compress all content) + 1 CDN (OVH) + in Opencart minify HTML / .JF / .CSS + Opencart cache and this .htaccess code:

# 1.To use URL Alias you need to be running apache with mod_rewrite enabled.

# 2. In your opencart directory rename htaccess.txt to .htaccess.

# For any support issues please visit:

# Specify a Default Charset
AddDefaultCharset utf-8

Options +FollowSymlinks

# Prevent Directoy listing
Options -Indexes

# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)\.txt))">
Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all

# SEO URL Settings
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/

RewriteBase /
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^download/(.*) index.php?route=error/not_found [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
    RewriteCond %{HTTP_HOST} ^$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^(.*)$1 [QSA,L,R=301]
    RewriteCond %{QUERY_STRING} ^(.*)common/home(.*)$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^index\.php$ [L,R=301]

# Le cache control
<IfModule mod_headers.c>
  # Mise en cache des images et autres fichier statiques pour un mois
  <FilesMatch ".(ico|jpe?g|png|gif|swf|flv|css|js|gz|pdf|svg+xml|svg)$">
   Header set Cache-Control "max-age=2592000"

  # Mise en cache du html et xml pour 12 heures
  <filesMatch ".(html|htm|xml)$">
   Header set Cache-Control "max-age=43200"

  # Désactive la mise en cache pour les fichier PHP et CGI
  <FilesMatch ".(php|cgi)$">
   Header unset Cache-Control

# Les expires headers
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 7200 seconds"
  AddType image/x-icon .ico
  AddType application/x-font-woff .woff
  AddType application/x-font-woff2 .woff2
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/ico "access plus 1 year"
  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/icon "access plus 1 year"
  ExpiresByType image/x-icon "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType text/css "access plus 1 year"
  ExpiresByType text/html "access plus 7200 seconds"
  ExpiresByType text/javascript "access plus 1 year"
  ExpiresByType application/xhtml+xml "access plus 7200 seconds"
  ExpiresByType application/x-javascript "access plus 1 year"
  ExpiresByType application/x-shockwave-flash "access plus 1 year"
  ExpiresByType application/x-font-woff "access plus 1 year"
  ExpiresByType application/x-font-woff2 "access plus 1 year"

# Disable server signature (Security)
ServerSignature Off
Header unset Etag
FileETag none

# Increase cookie security (Security)
<IfModule php5_module>
    php_value session.cookie_httponly true

# HTTP Response Headers
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection 1;mode=block
Header set X-Content-Type-Options nosniff

# Webfont access
<IfModule mod_headers.c>
    <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
        Header set Access-Control-Allow-Origin "*"

# Force latest IE rendering engine
<IfModule mod_headers.c>
    Header set X-UA-Compatible "IE=Edge,chrome=1"
        # mod_headers can't match by content-type, but we don't want to this header on everything
        <FilesMatch "\.(js|css|gif|png|jpeg|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >
            Header unset X-UA-Compatible

# Instructs the proxies to cache two versions of the resource: one compressed, and one uncompressed.
<IfModule mod_headers.c>
  <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary: Accept-Encoding

# CORS-enabled images (@crossorigin)
<IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
        <FilesMatch "\.(gif|png|jpeg|svg|svgz|ico|webp)$">
            SetEnvIf Origin ":" IS_CORS
            Header set Access-Control-Allow-Origin "*" env=IS_CORS

<Files 403.shtml>
order allow,deny
allow from all

Header unset ETag
FileETag none

### Additional Settings that may need to be enabled for some servers
### Uncomment the commands by removing the # sign in front of it.
### If you get an "Internal Server Error 500" after enabling any of the following settings, restore the # as this means your host doesn't allow that.

# 1. If your cart only allows you to add one item at a time, it is possible register_globals is on. This may work to disable it:
# php_flag register_globals off

# 2. If your cart has magic quotes enabled, This may work to disable it:
# php_flag magic_quotes_gpc Off

# 3. Set max upload file size. Most hosts will limit this and not allow it to be overridden but you can try
# php_value upload_max_filesize 999M

# 4. set max post size. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value post_max_size 999M

# 5. set max time script can take. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_execution_time 200

# 6. set max time for input to be recieved. Uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_input_time 200

# 7. disable open_basedir limitations
# php_admin_value open_basedir none
Is my .htaccess code good? Is there anything else to add? Or maybe to remove because unnecessary on a server managed by Cpanel?

+ How can I improve my server's first bite with WHM / Cpanel? My server is a Cloud VPS
4 vCores
3.1 GHz
100 GB

Thanks for your advices.


Staff member
Apr 11, 2011

I've moved this thread to our Optimization forum for open discussion from other users. I recommend testing the initial changes from your .htaccess file first and determining if you notice any performance issues.

Thank you.