Alias /matomo "__matomo_web__"
<Directory "__matomo_web__">
AllowOverride All
Options FollowSymLinks
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order allow,deny
Allow from all
</IfModule>
<IfModule mod_authz_core.c>
# Apache 2.4
<Files "*">
Require host 127.0.0.1
# Require ip 128.252.135.
# Require host mydomain.com
# Require host host.mydomain.com
</Files>
<Files ~ "^matomo\.(js|php)|^piwik\.(js|php)|robots\.txt$|index\.php$">
Require all granted
</Files>
<Files "archive.php">
Require all granted
</Files>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
<Files "*">
Order deny, allow
Deny from all
Allow from 127.0.0.1
# Allow from 128.252.135.
# Allow from .mydomain.com
# Allow from host.mydomain.com
</Files>
<Files ~ "^matomo\.(js|php)|^piwik\.(js|php)|robots\.txt$|index\.php$">
Allow from all
Satisfy any
</Files>
<Files "archive.php">
Order Allow,Deny
Allow from all
</Files>
</IfModule>
<IfModule mod_mime.c>
AddType application/x-javascript .js
AddType text/css .css
</IfModule>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/plain text/xml application/javascript
<IfModule mod_setenvif.c>
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
</IfModule>
</IfModule>
Header append Vary User-Agent env=!dont-vary
<IfModule mod_php7.c>
# improved security
php_admin_value open_basedir "__matomo_web__:__matomo_conf__:__matomo_log__:/tmp:/usr/bin:/var/cache/apache2:/run/matomo_sessions"
php_admin_flag display_startup_errors Off
php_admin_flag display_errors Off
php_admin_flag file_uploads Off
php_admin_flag allow_url_fopen Off
php_admin_value upload_tmp_dir "/var/cache/apache2"
php_admin_value session.save_path "/run/matomo_sessions/"
php_admin_value disable_functions "posix_setpgid,exec,ftp_login,mysql_pconnect,apache_setenv,popen,posix_getpwuid,posix_setsid,passthru,escapeshellcmd,ini_alter,ftp_raw,ftp_nb_fput,ini_restore,shell_exec,ftp_get,proc_get_status,highlight_file,proc_close,proc_terminate,syslog,ftp_connect,posix_uname,ini_get_all,proc_open,posix_kill,escapeshellarg,ftp_rawlist,posix_setuid,openlog,php_uname,system,ftp_exec,posix_mkfifo,proc_nice,ftp_put"
php_admin_value memory_limit "1024M"
php_admin_value max_execution_time 120
</IfModule>
<IfModule mod_php8.c>
# improved security
php_admin_value open_basedir "__matomo_web__:__matomo_conf__:__matomo_log__:/tmp:/usr/bin:/var/cache/apache2:/run/matomo_sessions"
php_admin_flag display_startup_errors Off
php_admin_flag display_errors Off
php_admin_flag file_uploads Off
php_admin_flag allow_url_fopen Off
php_admin_value upload_tmp_dir "/var/cache/apache2"
php_admin_value session.save_path "/run/matomo_sessions/"
php_admin_value disable_functions "posix_setpgid,exec,ftp_login,mysql_pconnect,apache_setenv,popen,posix_getpwuid,posix_setsid,passthru,escapeshellcmd,ini_alter,ftp_raw,ftp_nb_fput,ini_restore,shell_exec,ftp_get,proc_get_status,highlight_file,proc_close,proc_terminate,syslog,ftp_connect,posix_uname,ini_get_all,proc_open,posix_kill,escapeshellarg,ftp_rawlist,posix_setuid,openlog,php_uname,system,ftp_exec,posix_mkfifo,proc_nice,ftp_put"
php_admin_value memory_limit "1024M"
php_admin_value max_execution_time 120
</IfModule>
</Directory>
<Directory "__matomo_web__/vendor/tecnickcom/tcpdf/tools">
<IfModule mod_authz_core.c>
# Apache 2.4
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order deny,allow
Deny from all
</IfModule>
</Directory>