.htaccess tips & tricks

.htaccess tips & tricks

If your .htaccess does not work. Open your apache configuration and find the block

<Directory "/var/www/">

Add the following line to activate htaccess

AllowOverride All

Its good to turn on rewrite engine in apache

RewriteEngine on

secure your .htaccess file

<Files .htaccess>
 order allow,deny
 deny from all

Don’t list files in index pages

IndexIgnore *

You can specify the rewrite base directory of your application

RewriteBase /abc/xyz/now_your_application/

Redirect non www domain to www domain

RewriteCond %{HTTP_HOST} !^www\.domain_name\.com$ [NC]
RewriteRule ^(.*)$ http://www.domain_name.com/$1 [L,R=301]

Expiry based on file types

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"

Compress files based on extensions

<IfModule mod_deflate.c>
<FilesMatch "\.(js|css|jpg|jpeg|png|gif)$">
SetOutputFilter DEFLATE

Compress based on extension headers

<ifmodule mod_deflate.c>
 AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css ap plication/x-javascript application/javascript text/javascript

Expiry dates based on file extensions

<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
 Header set Cache-Control "max-age=86400, public"
 Header set Expires "Thu, 26 Nov 2020 20:00:00 GMT"
 Header unset Last-Modified

Disable directory browsing

Options ExecCGI Includes IncludesNOEXEC SymLinksIfOwnerMatch -Indexes

Enable directory browsing

Options All +Indexes

Create custom error pages.
Custom error documents are configured using the ErrorDocument directive, which may be used in global, virtualhost, or directory context. It may be used in .htaccess files if AllowOverride is set to FileInfo.

ErrorDocument 500 "Sorry, our script crashed. Oh dear"
ErrorDocument 500 /cgi-bin/crash-recover
ErrorDocument 500 http://error.example.com/server_error.html
ErrorDocument 404 /errors/not_found.html
ErrorDocument 401 /subscription/how_to_subscribe.html

Redirect from a specific file to a new file

Redirect /redirect_from.html http://www.newsite.com/folder/redirect_to.html

WildCard Redirect / Redirecting from one folder to a new folder

Redirect /redirect_from http://www.newsite.com/redirect_to

Password protection to a directory

AuthType Basic
AuthName "restricted area"
AuthUserFile /usr/local/var/www/html/.htpasses
require valid-user

Install apache utilities to generate password

sudo apt-get install apache2-utils
htpasswd -c /var/www/.htpasses zainalam

You can find an online tool to make htaccess password and skip the above steps
Password Protect single file

<Files login.php>
AuthName "Prompt"
AuthType Basic
AuthUserFile /web/askapache.com/.htpasswd
Require valid-user

Password Protect multiple files

<FilesMatch "^(private|phpinfo).*$">
AuthName "Development"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
Force File Download
<FilesMatch "\.(mov|mp3|jpg|pdf)$">
ForceType application/octet-stream
Header set Content-Disposition attachment

Remove Comments from pagespeed

<IfModule pagespeed_module>
ModPagespeed on
ModPagespeedEnableFilters remove_comments

Stop hotlinking

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain_name\.com/.*$ [NC]
RewriteRule \.(gif|jpg|swf|flv|png)$ http://www.domain_name.com/feed.gif [R=302,L]

Disable the server signature

ServerSignature Off

Set server timezone

SetEnv TZ America/Washington

Set the default character set

AddDefaultCharset UTF-8

Disguise Script Extensions. Serve foo files as php files

AddType application/x-httpd-php .foo

Secure Directories by IP Address and/or Domain
In the following example, all IP addresses are allowed access except for 12.345.67.890 and domain.com:

order allow,deny
allow from all
deny from 12.345.67.890
deny from .*domain\.com.*

In the following example, all IP addresses are denied access except for 12.345.67.890 and domain.com:

order deny,allow
deny from all
allow from 12.345.67.890
allow from .*domain\.com.*

Deny access to evil robots site rippers offline browsers and other nasty scum

RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]
RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]
RewriteCond %{HTTP_USER_AGENT} ^attach [OR]
RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]

CHMOD Various File Types

chmod .htpasswd files 640
chmod .htaccess files 644
chmod php files 600

Automatically correct simple spelling errors

<IfModule mod_speling.c>
CheckSpelling On

Download multimedia files rather than display them to browser

AddType application/octet-stream .mp3

Redirect an entire site via 301

redirect 301 / http://www.domain.com/

Redirect an entire site via permanent redirect

Redirect permanent / http://www.domain.com/

You can get more information at http://perishablepress.com/stupid-htaccess-tricks/

Share this post