.htaccess File (tips)
What is a .htaccess file
From apache.org
.htaccess files (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.
More information on .htaccess files
An htaccess file is a simple ASCII file, such as you would create through a text editor like NotePad or vi
.htaccess files must be uploaded as ASCII mode, not BINARY. You may need to CHMOD the htaccess file to 644 or (RW-R–R–). This makes the file usable by the server, b
Most commands in htaccess are meant to be placed on one line only, so if you use a text editor that uses word-wrap, make sure it is disabled or it might throw in a few characters that annoy Apache to no end, although Apache is typically very forgiving of malformed content in an htaccess file.
htaccess files affect the directory they are placed in and all sub-directories, that is an htaccess file located in your root directory (yoursite.com) would affect yoursite.com/content, yoursite.com/content/contents, etc. It is important to note that this can be prevented (if, for example, you did not want certain htaccess commands to affect a specific directory) by placing a new htaccess file within the directory you don’t want affected with certain changes, and removing the specific command(s) from the new htaccess file that you do not want affecting this directory. In short, the nearest htaccess file to the current directory is treated as the htaccess file. If the nearest htaccess file is your global htaccess located in your root, then it affects every single directory in your entire site.
Options
Change your default directory page
Adding DirectoryIndex into your .htaccess file will allow you to change the default page i.e.:
DirectoryIndex filename.html index.cgi index.pl default.htm
More Info: http://www.javascriptkit.com/howto/htaccess6.shtml
Automatic Redirection from HTTP to HTTPS
Add the .htaccess file to the root of your web directory with the following lines:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Automatic Redirection
Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*) http://www.newdomain.com/$1 [R=301,L]
Please REPLACE www.newdomain.com in the above code with your actual domain name.
Automatic Redirection to www
Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^domain.com [nc]
rewriterule ^(.*)$ http://www.domain.com/$1 [r=301,nc]
Enable Directory Browsing / Listing
Options +Indexes
block a few types of files from showing
IndexIgnore *.wmv *.mp4 *.avi
Disable Directory Browsing
Options All -Indexes
Customize Error Messages
For a list of error codes please see LINK
ErrorDocument 400 /errors/badrequest.html
ErrorDocument 500 /cgi-bin/500.html
ErrorDocument 500 “Sorry, our script crashed.”
ErrorDocument 500 http://www.yourdomain.com/
ErrorDocument 404 /error/not_found.html
Block Users from accessing the site
<limit GET POST PUT>
order deny,allow
deny from 202.54.122.33
deny from 8.70.44.53
deny from .spammers.com
allow from all
</limit>
Redirect Visitors to New Page/Directory
Redirect oldpage.html http://www.domainname.com/newpage.html
Redirect /olddir http://www.domainname.com/newdir/
Block site from specific referrers
RewriteEngine on
RewriteCond %{HTTP_REFERER} site-to-block\.com [NC]
RewriteCond %{HTTP_REFERER} site-to-block-2\.com [NC]
RewriteRule .* – [F]
Block Hot Linking/Bandwidth hogging
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ – [F]
Want to show a Stealing is Bad message too?
Add this below the Hot Link Blocking code:
RewriteRule \.(gif|jpg)$ http://www.mydomain.com/dontsteal.gif [R,L]
Stop .htaccess (or any other file) from being viewed
<files file-name>
order allow,deny
deny from all
</files>
Avoid the 500 Error by passing charset
AddDefaultCharset utf-8
Grant CGI Access in a directory
Options +ExecCGI
AddHandler cgi-script cgi pl
To enable all scripts in a directory use the following:
SetHandler cgi-script
Password Protecting Directories
http://www.thejackol.com/scripts/htpasswdgen.php
Change Script Extensions
AddType application/x-httpd-php .gne
gne will now be treated as PHP files! Similarly, x-httpd-cgi for CGI files, etc.
Use MD5 Digests
Performance may take a hit but if that’s not a problem, this is a nice option to turn on.
ContentDigest On
The CheckSpelling Directive
CheckSpelling corrects simple spelling errors (for example, if someone forgets a letter or if any character is just wrong). Just add CheckSpelling On to your htaccess file.
Enable Gzip Save Bandwidth
# BEGIN GZIP
<ifmodule mod_deflate.c>
# Combine the below two lines – I’ve split it up for presentation
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css
application/x-javascript application/javascript
</ifmodule>
# END GZIP
Turn off magic_quotes_gpc
# Only if you use PHP
<ifmodule mod_php4.c>
php_flag magic_quotes_gpc off
</ifmodule>
Set an Expires header and enable Cache-Control
<ifmodule mod_expires.c>
ExpiresActive On
ExpiresDefault “access plus 1 seconds”
ExpiresByType text/html “access plus 7200 seconds”
ExpiresByType image/gif “access plus 518400 seconds”
ExpiresByType image/jpeg “access plus 518400 seconds”
ExpiresByType image/png “access plus 518400 seconds”
ExpiresByType text/css “access plus 518400 seconds”
ExpiresByType text/javascript “access plus 216000 seconds”
ExpiresByType application/x-javascript “access plus 216000 seconds”
</ifmodule>
<ifmodule mod_headers.c>
# Cache specified files for 6 days
<filesmatch “\.(ico|flv|jpg|jpeg|png|gif|css|swf)$”>
Header set Cache-Control “max-age=518400, public”
</filesmatch>
# Cache HTML files for a couple hours
</filesmatch “\.(html|htm)$”>
Header set Cache-Control “max-age=7200, private, must-revalidate”
</filesmatch>
# Cache PDFs for a day
<filesmatch “\.(pdf)$”>
Header set Cache-Control “max-age=86400, public”
</filesmatch>
# Cache Javascripts for 2.5 days
<filesmatch “\.(js)$”>
Header set Cache-Control “max-age=216000, private”
</filesmatch>
</ifmodule>
cgi from outside cgi-bin
Plesk only allows .cgi files to be executed from cgi-bin but allows .pl files to be executed from anywhere. To allow .cgi to be executed from httpdocs add line to .htaccess:
AddHandler cgi-script .cgi
Add MIME type
AddType application/x-shockwave-flash swf
Password Protection
AuthUserFile /usr/local/you/safedir/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user wsabstract
Then create file .htpasswd
Related Posts
| Print article | This entry was posted by PB on December 22, 2009 at 03:10, and is filed under Web Server. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
about 2 years ago
Since .Htaccess files are read on every request, changes made in these files take immediate effect. Presley Http_Referer