diff --git a/htdocs/.htaccess b/htdocs/.htaccess
index 67e0c7e90..96b1dd2d4 100644
--- a/htdocs/.htaccess
+++ b/htdocs/.htaccess
@@ -1,30 +1,114 @@
-# Add mime type for *.ico files...
-AddType image/vnd.microsoft.icon .ico
+# Apache configuration file
+# httpd.apache.org/docs/2.2/mod/quickreference.html
-# Redirect "democlient.html" to the new place...
-Redirect permanent /democlient.html http://cppcheck.sourceforge.net/demo/
+# Note .htaccess files are an overhead, this logic should be in your Apache
+# config if possible: httpd.apache.org/docs/2.2/howto/htaccess.html
-# Redirect "devinfo.html" to the new place...
-Redirect permanent /devinfo.html http://cppcheck.sourceforge.net/devinfo/
+# Techniques in here adapted from all over, including:
+# Kroc Camen: camendesign.com/.htaccess
+# perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
+# Sample .htaccess file of CMS MODx: modxcms.com
-# Redirect doxyoutput, coverage- and cpd report to the new place...
-Redirect permanent /doxyoutput/ http://cppcheck.sourceforge.net/devinfo/doxyoutput/
-Redirect permanent /doxygen-errors.txt http://cppcheck.sourceforge.net/devinfo/doxygen-errors.txt
-Redirect permanent /coverage_report/ http://cppcheck.sourceforge.net/devinfo/coverage_report/
-Redirect permanent /cpd.txt http://cppcheck.sourceforge.net/devinfo/cpd.txt
# ----------------------------------------------------------------------
-# ETag removal
+# Better website experience for IE users
# ----------------------------------------------------------------------
-# FileETag None is not enough for every server.
+# Force the latest IE version, in various cases when it may fall back to IE7 mode
+# github.com/rails/rails/commit/123eb25#commitcomment-118920
+# Use ChromeFrame if it's installed for a better experience for the poor IE folk
+
- Header unset ETag
+ Header set X-UA-Compatible "IE=Edge,chrome=1"
+ # mod_headers can't match by content-type, but we don't want to send this header on *everything*...
+
+ Header unset X-UA-Compatible
+
-# Since we're sending far-future expires, we don't need ETags for static content.
-# developer.yahoo.com/performance/rules.html#etags
-FileETag None
+
+# ----------------------------------------------------------------------
+# CORS-enabled images (@crossorigin)
+# ----------------------------------------------------------------------
+
+# Send CORS headers if browsers request them; enabled by default for images.
+# developer.mozilla.org/en/CORS_Enabled_Image
+# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
+# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
+# wiki.mozilla.org/Security/Reviews/crossoriginAttribute
+
+
+
+ # mod_headers, y u no match by Content-Type?!
+
+ SetEnvIf Origin ":" IS_CORS
+ Header set Access-Control-Allow-Origin "*" env=IS_CORS
+
+
+
+
+
+# ----------------------------------------------------------------------
+# Webfont access
+# ----------------------------------------------------------------------
+
+# Allow access from all domains for webfonts.
+# Alternatively you could only whitelist your
+# subdomains like "subdomain.example.com".
+
+
+
+ Header set Access-Control-Allow-Origin "*"
+
+
+
+
+# ----------------------------------------------------------------------
+# Proper MIME type for all files
+# ----------------------------------------------------------------------
+
+# JavaScript
+# Normalize to standard type (it's sniffed in IE anyways)
+# tools.ietf.org/html/rfc4329#section-7.2
+AddType application/javascript js jsonp
+AddType application/json json
+
+# Audio
+AddType audio/mp4 m4a f4a f4b
+AddType audio/ogg oga ogg
+
+# Video
+AddType video/mp4 mp4 m4v f4v f4p
+AddType video/ogg ogv
+AddType video/webm webm
+AddType video/x-flv flv
+
+# SVG
+# Required for svg webfonts on iPad
+# twitter.com/FontSquirrel/status/14855840545
+AddType image/svg+xml svg svgz
+AddEncoding gzip svgz
+
+# Webfonts
+AddType application/vnd.ms-fontobject eot
+AddType application/x-font-ttf ttf ttc
+AddType application/x-font-woff woff
+AddType font/opentype otf
+
+# Assorted types
+AddType application/octet-stream safariextz
+AddType application/x-chrome-extension crx
+AddType application/x-opera-extension oex
+AddType application/x-shockwave-flash swf
+AddType application/x-web-app-manifest+json webapp
+AddType application/x-xpinstall xpi
+AddType application/xml rss atom xml rdf
+AddType image/webp webp
+AddType image/x-icon ico
+AddType text/cache-manifest appcache manifest
+AddType text/vtt vtt
+AddType text/x-component htc
+AddType text/x-vcard vcf
# ----------------------------------------------------------------------
@@ -41,55 +125,32 @@ FileETag None
- # HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
-
- FilterDeclare COMPRESS
- FilterProvider COMPRESS DEFLATE resp=Content-Type $application/atom+xml
- FilterProvider COMPRESS DEFLATE resp=Content-Type $application/javascript
- FilterProvider COMPRESS DEFLATE resp=Content-Type $application/json
- FilterProvider COMPRESS DEFLATE resp=Content-Type $application/rss+xml
- FilterProvider COMPRESS DEFLATE resp=Content-Type $application/vnd.ms-fontobject
- FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-font-ttf
- FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xhtml+xml
- FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-javascript
- FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xml
- FilterProvider COMPRESS DEFLATE resp=Content-Type $font/opentype
- FilterProvider COMPRESS DEFLATE resp=Content-Type $image/svg+xml
- FilterProvider COMPRESS DEFLATE resp=Content-Type $image/vnd.microsoft.icon
- FilterProvider COMPRESS DEFLATE resp=Content-Type $image/x-icon
- FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css
- FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html
- FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain
- FilterProvider COMPRESS DEFLATE resp=Content-Type $text/x-component
- FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml
- FilterChain COMPRESS
- FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
-
-
-
- # Legacy versions of Apache
- AddOutputFilterByType DEFLATE application/atom+xml
- AddOutputFilterByType DEFLATE application/javascript
- AddOutputFilterByType DEFLATE application/json
- AddOutputFilterByType DEFLATE application/rss+xml
- AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
- AddOutputFilterByType DEFLATE application/x-font-ttf
- AddOutputFilterByType DEFLATE application/xhtml+xml
- AddOutputFilterByType DEFLATE application/x-javascript
- AddOutputFilterByType DEFLATE application/xml
- AddOutputFilterByType DEFLATE font/opentype
- AddOutputFilterByType DEFLATE image/svg+xml
- AddOutputFilterByType DEFLATE image/x-icon
- AddOutputFilterByType DEFLATE image/vnd.microsoft.icon
- AddOutputFilterByType DEFLATE text/css
- AddOutputFilterByType DEFLATE text/html
- AddOutputFilterByType DEFLATE text/plain
- AddOutputFilterByType DEFLATE text/x-component
- AddOutputFilterByType DEFLATE text/xml
-
+ # Compress all output labeled with one of the following MIME-types
+ # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
+ # and can remove the `` and `` lines as
+ # `AddOutputFilterByType` is still in the core directives)
+#
+ AddOutputFilterByType DEFLATE application/atom+xml \
+ application/javascript \
+ application/json \
+ application/rss+xml \
+ application/vnd.ms-fontobject \
+ application/x-font-ttf \
+ application/xhtml+xml \
+ application/xml \
+ font/opentype \
+ image/svg+xml \
+ image/x-icon \
+ text/css \
+ text/html \
+ text/plain \
+ text/x-component \
+ text/xml
+#
+
# ----------------------------------------------------------------------
# Expires headers (for better cache control)
# ----------------------------------------------------------------------
@@ -100,55 +161,211 @@ FileETag None
# www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
# If you don't use filenames to version, lower the CSS and JS to something like
-# "access plus 1 week" or so.
+# "access plus 1 week".
ExpiresActive on
- # Perhaps better to whitelist expires rules? Perhaps.
+# Perhaps better to whitelist expires rules? Perhaps.
ExpiresDefault "access plus 1 month"
- # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
+# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
ExpiresByType text/cache-manifest "access plus 0 seconds"
- # Your document html
+# Your document html
ExpiresByType text/html "access plus 0 seconds"
- # Data
- ExpiresByType text/xml "access plus 0 seconds"
- ExpiresByType application/xml "access plus 0 seconds"
+# Data
ExpiresByType application/json "access plus 0 seconds"
+ ExpiresByType application/xml "access plus 0 seconds"
+ ExpiresByType text/xml "access plus 0 seconds"
- # Feed
- ExpiresByType application/rss+xml "access plus 1 hour"
+# Feed
ExpiresByType application/atom+xml "access plus 1 hour"
+ ExpiresByType application/rss+xml "access plus 1 hour"
- # Favicon (cannot be renamed)
+# Favicon (cannot be renamed)
ExpiresByType image/x-icon "access plus 1 week"
- ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
- # Media: images, video, audio
- ExpiresByType image/gif "access plus 1 month"
- ExpiresByType image/png "access plus 1 month"
- ExpiresByType image/jpeg "access plus 1 month"
- ExpiresByType video/ogg "access plus 1 month"
+# Media: images, video, audio
ExpiresByType audio/ogg "access plus 1 month"
+ ExpiresByType image/gif "access plus 1 month"
+ ExpiresByType image/jpeg "access plus 1 month"
+ ExpiresByType image/png "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
+ ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
- # HTC files (css3pie)
+# HTC files (css3pie)
ExpiresByType text/x-component "access plus 1 month"
- # Webfonts
- ExpiresByType application/x-font-ttf "access plus 1 month"
- ExpiresByType font/opentype "access plus 1 month"
- ExpiresByType application/x-font-woff "access plus 1 month"
- ExpiresByType image/svg+xml "access plus 1 month"
+# Webfonts
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
+ ExpiresByType application/x-font-ttf "access plus 1 month"
+ ExpiresByType application/x-font-woff "access plus 1 month"
+ ExpiresByType font/opentype "access plus 1 month"
+ ExpiresByType image/svg+xml "access plus 1 month"
- # CSS and JavaScript
- ExpiresByType text/css "access plus 1 week"
+# CSS and JavaScript
ExpiresByType application/javascript "access plus 1 week"
- ExpiresByType application/x-javascript "access plus 1 week"
+ ExpiresByType text/css "access plus 1 week"
+
+
+# ----------------------------------------------------------------------
+# ETag removal
+# ----------------------------------------------------------------------
+
+# FileETag None is not enough for every server.
+
+ Header unset ETag
+
+
+# Since we're sending far-future expires, we don't need ETags for
+# static content.
+# developer.yahoo.com/performance/rules.html#etags
+FileETag None
+
+
+# ----------------------------------------------------------------------
+# Start rewrite engine
+# ----------------------------------------------------------------------
+
+# Turning on the rewrite engine is necessary for the following rules and
+# features. FollowSymLinks must be enabled for this to work.
+
+# Some cloud hosting services require RewriteBase to be set: goo.gl/HOcPN
+# If using the h5bp in a subdirectory, use `RewriteBase /foo` instead where
+# 'foo' is your directory.
+
+# If your web host doesn't allow the FollowSymlinks option, you may need to
+# comment it out and use `Options +SymLinksIfOwnerMatch`, but be aware of the
+# performance impact: http://goo.gl/Mluzd
+
+
+ Options +FollowSymlinks
+# Options +SymLinksIfOwnerMatch
+ RewriteEngine On
+
+ # Redirect "democlient.html" to the new place...
+ Redirect permanent /democlient.html http://cppcheck.sourceforge.net/demo/
+
+ # Redirect "devinfo.html" to the new place...
+ Redirect permanent /devinfo.html http://cppcheck.sourceforge.net/devinfo/
+
+ # Redirect doxyoutput, coverage- and cpd report to the new place...
+ Redirect permanent /doxyoutput/ http://cppcheck.sourceforge.net/devinfo/doxyoutput/
+ Redirect permanent /doxygen-errors.txt http://cppcheck.sourceforge.net/devinfo/doxygen-errors.txt
+ Redirect permanent /coverage_report/ http://cppcheck.sourceforge.net/devinfo/coverage_report/
+ Redirect permanent /cpd.txt http://cppcheck.sourceforge.net/devinfo/cpd.txt
+
+
+
+# ----------------------------------------------------------------------
+# Suppress or force the "www." at the beginning of URLs
+# ----------------------------------------------------------------------
+
+# The same content should never be available under two different URLs -
+# especially not with and without "www." at the beginning, since this can cause
+# SEO problems (duplicate content). That's why you should choose one of the
+# alternatives and redirect the other one.
+
+# By default option 1 (no "www.") is activated.
+# no-www.org/faq.php?q=class_b
+
+# If you'd prefer to use option 2, just comment out all option 1 lines
+# and uncomment option 2.
+
+# IMPORTANT: NEVER USE BOTH RULES AT THE SAME TIME!
+
+# ----------------------------------------------------------------------
+
+# Option 1:
+# Rewrite "www.example.com -> example.com".
+
+
+ RewriteCond %{HTTPS} !=on
+ RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
+ RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
+
+
+# ----------------------------------------------------------------------
+
+# Option 2:
+# Rewrite "example.com -> www.example.com".
+# Be aware that the following rule might not be a good idea if you use "real"
+# subdomains for certain parts of your website.
+
+#
+# RewriteCond %{HTTPS} !=on
+# RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
+# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+#
+
+
+# ----------------------------------------------------------------------
+# Prevent 404 errors for non-existing redirected folders
+# ----------------------------------------------------------------------
+
+# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the
+# same name does not exist.
+# webmasterworld.com/apache/3808792.htm
+
+Options -MultiViews
+
+
+# ----------------------------------------------------------------------
+# Custom 404 page
+# ----------------------------------------------------------------------
+
+# You can add custom pages to handle 500 or 403 pretty easily, if you like.
+# If you are hosting your site in subdirectory, adjust this accordingly
+# e.g. ErrorDocument 404 /subdir/404.html
+#ErrorDocument 404 /404.html
+
+
+# ----------------------------------------------------------------------
+# UTF-8 encoding
+# ----------------------------------------------------------------------
+
+# Use UTF-8 encoding for anything served text/plain or text/html
+AddDefaultCharset utf-8
+
+# Force UTF-8 for a number of file formats
+AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
+
+
+# ----------------------------------------------------------------------
+# A little more security
+# ----------------------------------------------------------------------
+
+# To avoid displaying the exact version number of Apache being used, add the
+# following to httpd.conf (it will not work in .htaccess):
+# ServerTokens Prod
+
+# "-Indexes" will have Apache block users from browsing folders without a
+# default document Usually you should leave this activated, because you
+# shouldn't allow everybody to surf through every folder on your server (which
+# includes rather private places like CMS system folders).
+
+ Options -Indexes
+
+
+# Block access to "hidden" directories or files whose names begin with a
+# period. This includes directories used by version control systems such as
+# Subversion or Git.
+
+ RewriteCond %{SCRIPT_FILENAME} -d [OR]
+ RewriteCond %{SCRIPT_FILENAME} -f
+ RewriteRule "(^|/)\." - [F]
+
+
+# Block access to backup and source files. These files may be left by some
+# text/html editors and pose a great security danger, when anyone can access
+# them.
+
+ Order allow,deny
+ Deny from all
+ Satisfy All
+