[working/Evergreen.git] / Open-ILS / examples / apache / eg_vhost.conf

# ----------------------------------------------------------------------------------
# This is the global Evergreen virtual host config.  Anything you want published
# through all virtual hosts (port 80, port 443, etc.) should live in here.
# ----------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------
# Point / to the opac - if you have a custom skin or locale, point at it here
# ----------------------------------------------------------------------------------
RedirectMatch 301 ^/$ /opac/en-US/skin/default/xml/index.xml

# ----------------------------------------------------------------------------------
# Point / to the IP address redirector
# ----------------------------------------------------------------------------------
#<LocationMatch ^/$>
#    SetHandler perl-script
#    PerlHandler OpenILS::WWW::Redirect
#    Options +ExecCGI
#    PerlSendHeader On
#    #PerlSetVar OILSRedirectSkin "default"
#    # OILSRedirectDepth defaults to the depth of the branch that the OPAC was directed to
#    #PerlSetVar OILSRedirectDepth "0"
#    #PerlSetVar OILSRedirectLocale "en-US"
#    # Use the template-toolkit opac
#    #PerlSetVar OILSRedirectTpac "true"
#    allow from all
#</LocationMatch>


# ----------------------------------------------------------------------------------
# Assign a default locale to the accessible OPAC
# ----------------------------------------------------------------------------------
RedirectMatch 301 ^/opac/extras/slimpac/start.html$    /opac/en-US/extras/slimpac/start.html
RedirectMatch 301 ^/opac/extras/slimpac/advanced.html$ /opac/en-US/extras/slimpac/advanced.html

# ----------------------------------------------------------------------------------
# Configure the gateway
# ----------------------------------------------------------------------------------
OSRFGatewayConfig /openils/conf/opensrf_core.xml
# Translator memcache server.  Default is localhost
# OSRFTranslatorCacheServer 127.0.0.1:11211


# ----------------------------------------------------------------------------------
# Added content plugin
# ----------------------------------------------------------------------------------
<Location /opac/extras/ac/>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::AddedContent
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>

# Autosuggest for searches
<Location /opac/extras/autosuggest>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::AutoSuggest
    PerlSendHeader On
    Allow from All
</Location>

# ----------------------------------------------------------------------------------
# Replace broken cover images with a transparent GIF by default
# ----------------------------------------------------------------------------------
RewriteEngine ON
RewriteRule ^/opac/extras/ac/jacket/(small|medium|large)/$ \
    /opac/images/blank.png [P,L]

# ----------------------------------------------------------------------------------
# Add the row ID (RID) and date so we can make unAPI happy
# ----------------------------------------------------------------------------------
RewriteCond %{QUERY_STRING} (^r|&r)=(\d+)
RewriteRule . - [E=OILS_OPAC_RID:%2,E=OILS_TIME_YEAR:%{TIME_YEAR}]

# ----------------------------------------------------------------------------------
# Pull the locale from the URL
# ----------------------------------------------------------------------------------
RewriteCond %{REQUEST_URI} ^/opac/(.*?)/
RewriteRule . - [E=locale:%1]

# ----------------------------------------------------------------------------------
# For sanity reasons, default indexes to Off
# ----------------------------------------------------------------------------------
Options -Indexes

# ----------------------------------------------------------------------------------
# Configure the OPAC
# ----------------------------------------------------------------------------------
<LocationMatch /opac/>
    AddType application/xhtml+xml .xml
   
    # - configure mod_xmlent
    XMLEntStripPI "yes"
    XMLEntEscapeScript "no"
    XMLEntStripComments "yes"
    XMLEntContentType "text/html; charset=utf-8"
    # forces quirks mode which we want for now
    XMLEntStripDoctype "yes" 

    # - set up the include handlers
    Options +Includes
    AddOutputFilter INCLUDES .xsl
    AddOutputFilter INCLUDES;XMLENT .xml
                    
    SetEnvIf Request_URI ".*" OILS_OPAC_BASE=/opac/
    
    # This gives you the option to configure a different host to serve OPAC images from
    # Specify the hostname (without protocol) and path to the images.  Protocol will
    # be determined at runtime
    #SetEnvIf Request_URI ".*" OILS_OPAC_IMAGES_HOST=static.example.org/opac/

    # In addition to loading images from a static host, you can also load CSS and/or
    # Javascript from a static host or hosts. Protocol will be determined at runtime
    # and/or by configuration options immediately following.
    #SetEnvIf Request_URI ".*" OILS_OPAC_CSS_HOST=static.example.org/opac/
    #SetEnvIf Request_URI ".*" OILS_OPAC_JS_HOST=static.example.org/opac/

    # If you are not able to serve static content via https and 
    # wish to force http:// (and are comfortable with mixed-content
    # warnings in client browsers), set this:
    #SetEnvIf Request_URI ".*" OILS_OPAC_STATIC_PROTOCOL=http

    # If you would prefer to fall back to your non-static servers for 
    # https pages, avoiding mixed-content warnings in client browsers
    # and are willing to accept some increased server load, set this:
    #SetEnvIf Request_URI ".*" OILS_OPAC_BYPASS_STATIC_FOR_HTTPS=yes

    # Specify a ChiliFresh account to integrate their services with the OPAC
    #SetEnv OILS_CHILIFRESH_ACCOUNT
    #SetEnv OILS_CHILIFRESH_PROFILE
    #SetEnv OILS_CHILIFRESH_URL http://chilifresh.com/on-site/js/evergreen.js
    #SetEnv OILS_CHILIFRESH_HTTPS_URL https://secure.chilifresh.com/on-site/js/evergreen.js

    # Specify the initial script URL for Novelist (containing account credentials, etc.)
    #SetEnv OILS_NOVELIST_URL
    #

    # Uncomment to force SSL any time a patron is logged in.  This protects 
    # authentication tokens.  Left commented out for backwards compat for now.
    #SetEnv OILS_OPAC_FORCE_LOGIN_SSL 1

    # If set, the skin uses the combined JS file at $SKINDIR/js/combined.js
    #SetEnv OILS_OPAC_COMBINED_JS 1

</LocationMatch>

<Location /opac/>
    # ----------------------------------------------------------------------------------
    # Some mod_deflate fun
    # ----------------------------------------------------------------------------------
    <IfModule mod_deflate.c>
        SetOutputFilter DEFLATE

        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary

        <IfModule mod_headers.c>
            Header append Vary User-Agent env=!dont-vary
        </IfModule>
    </IfModule>

</Location>

<Location //opac/>
    # ----------------------------------------------------------------------------------
    # Some mod_deflate fun
    # ----------------------------------------------------------------------------------
    <IfModule mod_deflate.c>
        SetOutputFilter DEFLATE

        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary

        <IfModule mod_headers.c>
            Header append Vary User-Agent env=!dont-vary
        </IfModule>
    </IfModule>

</Location>

# ----------------------------------------------------------------------------------
# Force SSL on the OPAC's "My Account" page
# ----------------------------------------------------------------------------------
<LocationMatch .*/myopac.xml>
    SSLRequireSSL
</LocationMatch>

<LocationMatch /opac/extras/>
    # Force to en-US for now to satisfy bbags.xml
    SetEnv locale en-US
    Options +Includes
    AddOutputFilter INCLUDES .xml
    AddType application/xhtml+xml .xml
</LocationMatch>

RewriteCond %{QUERY_STRING} locale=([^&]*)
RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ /opac/%1/extras/slimpac/$1? [redirect]
<LocationMatch /opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/>
    AddOutputFilter INCLUDES;XMLENT .html
</LocationMatch>

# ----------------------------------------------------------------------------------
# Run server-side XUL and XHTML through xmlent to load the correct XML entities
# ----------------------------------------------------------------------------------
RewriteCond %{HTTP:Accept-Language} ([a-z]{2}-[A-Z]{2})
RewriteRule ^/xul/      -       [E=locale:%1]
RewriteRule ^/reports/  -       [E=locale:%1]

# Default to en-US if we haven't matched a locale of the form xx-YY 
RewriteCond %{HTTP:Accept-Language} !([a-z]{2}-[A-Z]{2})
RewriteRule ^/xul/      -       [E=locale:en-US]
RewriteRule ^/reports/  -       [E=locale:en-US]

# Default to en-US if we are just given en
RewriteCond %{ENV:locale} ^$ [OR]
RewriteCond %{ENV:locale} ^en$
RewriteRule . - [E=locale:en-US]

<LocationMatch /xul/.*\.x?html$>
    Options +Includes
    XMLEntEscapeScript "no"
    XMLEntStripComments "yes"
    XMLEntStripPI "yes"
    XMLEntStripDoctype "yes"
    XMLEntContentType "text/html; charset=utf-8"
    AddOutputFilter INCLUDES;XMLENT .xhtml
    AddOutputFilter INCLUDES;XMLENT .html
    SetEnv no-gzip
    allow from all
</LocationMatch>


<LocationMatch /xul/.*\.xul$>
    Options +Includes
    XMLEntContentType "application/vnd.mozilla.xul+xml"
    AddOutputFilter INCLUDES;XMLENT .xul
    SetEnv no-gzip
    allow from all
</LocationMatch>

# ----------------------------------------------------------------------------------
# Self-serve password interface
# ----------------------------------------------------------------------------------
<Location /opac/password>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::PasswordReset::password_reset
    Options +ExecCGI
    PerlSendHeader On
    allow from all

    # Force clients to use HTTPS
    RewriteCond %{HTTPS} !=on [NC]
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</Location>

# ----------------------------------------------------------------------------------
# Supercat feeds
# ----------------------------------------------------------------------------------
<Location /opac/extras/oisbn>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::SuperCat::oisbn
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>
<Location /opac/extras/supercat>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::SuperCat::supercat
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>
<Location /opac/extras/unapi>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::SuperCat::unapi
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>
<Location /opac/extras/feed/bookbag>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::SuperCat::bookbag_feed
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>
<Location /opac/extras/opensearch>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::SuperCat::opensearch_feed
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>
<Location /opac/extras/sru>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::SuperCat::sru_search
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>
<Location /opac/extras/sru_auth>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::SuperCat::sru_auth_search
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>
<Location /opac/extras/feed/freshmeat>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::SuperCat::changes_feed
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>
<Location /opac/extras/browse>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::SuperCat::string_browse
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>     
<Location /opac/extras/startwith>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::SuperCat::string_startwith
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>     
        
# ----------------------------------------------------------------------------------
# Module for displaying OpenSRF API documentation
# ----------------------------------------------------------------------------------
<Location /opac/extras/docgen.xsl>
    AddOutputFilter INCLUDES .xsl
</Location>

# ----------------------------------------------------------------------------------
# Module for processing staff-client offline scripts lives here
# ----------------------------------------------------------------------------------
<Directory "/openils/var/cgi-bin/offline">
    AddHandler cgi-script .pl
    AllowOverride None
    Options +ExecCGI
    allow from all
</Directory>
        
        
# ----------------------------------------------------------------------------------
# XXX Note, it's important to explicitly set the JSON encoding style 
# (OSRFGatewayLegacyJSON), since the default encoding style will likely change 
# with OpenSRF 1.0
# ----------------------------------------------------------------------------------
# OpenSRF JSON legacy gateway
# ----------------------------------------------------------------------------------
<Location /gateway>
    SetHandler osrf_json_gateway_module
    OSRFGatewayLegacyJSON "true"
    allow from all
</Location>
# ----------------------------------------------------------------------------------
# New-style OpenSRF JSON gateway
# ----------------------------------------------------------------------------------
<Location /osrf-gateway-v1>
    SetHandler osrf_json_gateway_module
    OSRFGatewayLegacyJSON "false"
    allow from all
</Location>

# ----------------------------------------------------------------------------------
# OpenSRF-over-HTTP translator
# (http://open-ils.org/dokuwiki/doku.php?id=opensrf_over_http)
# ----------------------------------------------------------------------------------
<Location /osrf-http-translator>
    SetHandler osrf_http_translator_module
    allow from all
</Location>

# ----------------------------------------------------------------------------------
# The exporter lives here
# ----------------------------------------------------------------------------------
<Location /exporter>
    SetHandler perl-script
    AuthType Basic
    AuthName "Exporter Login"
    PerlOptions +GlobalRequest
    PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
    PerlAuthenHandler OpenILS::WWW::Proxy::Authen
    require valid-user
    PerlHandler OpenILS::WWW::Exporter
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>

<Location /opac/extras/merge_template>
    SetHandler perl-script
    AuthType Basic
    AuthName "Batch Update Login"
    PerlOptions +GlobalRequest
    PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
    PerlAuthenHandler OpenILS::WWW::Proxy::Authen
    require valid-user
    PerlHandler OpenILS::WWW::TemplateBatchBibUpdate
    PerlSendHeader On
    Options +ExecCGI
    allow from all
</Location>

<Location /opac/extras/circ>
    AuthType Basic
    AuthName "Circ Extras Login"
    PerlOptions +GlobalRequest
    PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
    PerlAuthenHandler OpenILS::WWW::Proxy::Authen
    require valid-user
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>

# ----------------------------------------------------------------------------------
# Reporting output lives here
# ----------------------------------------------------------------------------------
<Location /reporter/>
    AuthType Basic
    AuthName "Report Login"
    PerlOptions +GlobalRequest
    PerlSetVar OILSProxyPermissions "VIEW_REPORT_OUTPUT"
    PerlAuthenHandler OpenILS::WWW::Proxy::Authen
    require valid-user
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>

# ----------------------------------------------------------------------------------
# Selfcheck interface
# ----------------------------------------------------------------------------------
<LocationMatch .*/selfcheck.xml>
    AuthType Basic
    AuthName "Self-check Login"
    PerlOptions +GlobalRequest
    PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
    PerlAuthenHandler OpenILS::WWW::Proxy::Authen
    require valid-user
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</LocationMatch>


# ----------------------------------------------------------------------------------
# Reports GUI
# ----------------------------------------------------------------------------------
<LocationMatch /reports>
    Options +Includes
    AddOutputFilter INCLUDES;XMLENT .xhtml
</LocationMatch>

<LocationMatch /reports/fm_IDL.xml>
    IDLChunkStripPI "yes"
    IDLChunkEscapeScript "no"
    IDLChunkStripComments "yes"
    IDLChunkStripDoctype "yes"
    IDLChunkContentType "application/xml; charset=utf-8"
    AddOutputFilter INCLUDES;IDLCHUNK .xml
</LocationMatch>

# ----------------------------------------------------------------------------------
# EDI Message viewer
# ----------------------------------------------------------------------------------
<Location /edi>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::EDI
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>     

# ----------------------------------------------------------------------------------
# XML-RPC gateway
# ----------------------------------------------------------------------------------
<Location /xml-rpc>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::XMLRPCGateway
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>

# ----------------------------------------------------------------------------------
# Conify - next-generation Evergreen administration interface
# ----------------------------------------------------------------------------------
RewriteRule ^/conify/([a-z]{2}-[A-Z]{2})/global/(.*)$ /conify/global/$2 [E=locale:$1,L]
<Location /conify>
    Options +Includes
    XMLEntStripPI "yes"
    XMLEntEscapeScript "no"
    XMLEntStripComments "no"
    XMLEntContentType "text/html; charset=utf-8"
    AddOutputFilter INCLUDES;XMLENT .html
 
    AuthType Basic
    AuthName "Dojo Admin Login"
    PerlOptions +GlobalRequest
    PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
    PerlAuthenHandler OpenILS::WWW::Proxy::Authen
    require valid-user
    Options +ExecCGI
    PerlSendHeader On
    allow from all
</Location>

<Location /vandelay-upload>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::Vandelay::spool_marc
    Options +ExecCGI
    allow from all
</Location>

# OpenURL 0.1 searching based on OpenSearch
RewriteMap openurl prg:/openils/bin/openurl_map.pl
RewriteCond %{QUERY_STRING} (^.*$)
RewriteRule ^/openurl$ ${openurl:%1} [NE,PT]



# General Evergreen web template processor
<Location /eg>
    SetHandler perl-script
    PerlHandler OpenILS::WWW::EGWeb
    Options +ExecCGI
    PerlSendHeader On
    allow from all

    PerlSetVar OILSWebBasePath "/eg"
    PerlSetVar OILSWebWebDir "/openils/var/web"
    PerlSetVar OILSWebDefaultTemplateExtension "tt2"

    # Enable Template-Toolkit error debugging messages (apache error log)
    PerlSetVar OILSWebDebugTemplate "true"

    # -------------------------------------------------------
    # Media Prefix.  In the 3rd example, the protocol (http) is enforced
    #PerlSetVar OILSWebMediaPrefix "/media"
    #PerlSetVar OILSWebMediaPrefix "static.example.com/media"
    #PerlSetVar OILSWebMediaPrefix "http://static.example.com/media"

    # Locale messages files
    #PerlAddVar OILSWebLocale "en"
    #PerlAddVar OILSWebLocale "/openils/var/data/locale/messages.en.po"
    #PerlAddVar OILSWebLocale "en_ca"
    #PerlAddVar OILSWebLocale "/openils/var/data/locale/messages.en_ca.po"
    #PerlAddVar OILSWebLocale "fr_ca"
    #PerlAddVar OILSWebLocale "/openils/var/data/locale/messages.fr_ca.po"

    # Templates will be loaded from the following paths in reverse order.
    PerlAddVar OILSWebTemplatePath "/openils/var/templates"
    #PerlAddVar OILSWebTemplatePath "/openils/var/templates_localskin"

    <IfModule mod_deflate.c>
        SetOutputFilter DEFLATE
        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
        <IfModule mod_headers.c>
            Header append Cache-Control "public"
            Header append Vary User-Agent env=!dont-vary
        </IfModule>
    </IfModule>
</Location>
<LocationMatch ^/(images|css|js)/>
    # should pick up the default expire time from eg.conf...
    <IfModule mod_deflate.c>
        SetOutputFilter DEFLATE
        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
        <IfModule mod_headers.c>
            Header append Cache-Control "public"
            Header append Vary User-Agent env=!dont-vary
        </IfModule>
    </IfModule>
</LocationMatch>
<Location /eg/opac>
    PerlSetVar OILSWebContextLoader "OpenILS::WWW::EGCatLoader"
    # Expire the HTML quickly since we're loading dynamic data for each page
    ExpiresActive On
    ExpiresByType text/html "access plus 5 seconds"
    
    # For use with embedded Content Cafe content
    #SetEnv OILS_CONTENT_CAFE_USER 123
    #SetEnv OILS_CONTENT_CAFE_PASS 456
    # Consider copying/moving other added content configs 
    # (e.g. NOVELIST) into here or to an outer container shared by
    # both /opac and /eg/opac since some are used in both places
</Location>


# Note: the template processor will decline handling anything it does not
# have an explicit configuration for, which means it will fall back to 
# Apache to serve the file.  However, in the interest of speed, go ahead 
# and tell Apache to avoid asking OpenILS::WWW::EGWeb for static content.
# Add more exemptions as needed.
<LocationMatch ^/eg/.*(\.js|\.css|\.html|\.xhtml|\.xml|\.jpg|\.png|\.gif)$>
    SetHandler None
</LocationMatch>

# ----------------------------------------------------------------------------------
# Some mod_deflate logging setup
# ----------------------------------------------------------------------------------
<IfModule mod_deflate.c>
    DeflateFilterNote Input instream
    DeflateFilterNote Output outstream
    DeflateFilterNote Ratio ratio

    LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
    CustomLog /var/log/apache2/deflate_log deflate

    # There are problems with XMLENT and mod_deflate - so lets disable it
    # This is where we don't have a pre-existing LocationMatch directive earlier
    <LocationMatch /opac/.*\.xml$>
        SetEnv no-gzip
    </LocationMatch>
    <LocationMatch /opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/.*\.html$>
        SetEnv no-gzip
    </LocationMatch>
    <LocationMatch /reports/.*\.xhtml$>
        SetEnv no-gzip
    </LocationMatch>
    <LocationMatch /conify/.*\.html$>
        SetEnv no-gzip
    </LocationMatch>
</IfModule>


<Location /IDL2js>

    SetHandler perl-script
    PerlHandler OpenILS::WWW::IDL2js
    Options +ExecCGI
    PerlSendHeader On
    allow from all

    <IfModule mod_headers.c>
        Header append Cache-Control "public"
    </IFModule>

    <IfModule mod_deflate.c>
        SetOutputFilter DEFLATE
        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
        <IfModule mod_headers.c>
            Header append Vary User-Agent env=!dont-vary
        </IfModule>
    </IfModule>
</Location>

# Uncomment the following to force SSL for everything. Note that this defeats caching
# and you will suffer a performance hit.
#RewriteCond %{HTTPS} off
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]