Skip to content

Instantly share code, notes, and snippets.

@azinkey

azinkey/.htaccess Quick Intro & Examples

Created September 21, 2018 13:21
Show Gist options
  • Save azinkey/ca07c9e6e19bbdc33d80cf6c756c1a68 to your computer and use it in GitHub Desktop.
Save azinkey/ca07c9e6e19bbdc33d80cf6c756c1a68 to your computer and use it in GitHub Desktop.
Download ZIP
A quick intorduction of .htaccess
Raw
.htaccess Quick Intro & Examples
What is .htaccess?
The .htaccess file is a configuration file that affects how a webserver responds to various requests.
------------------------
Why is it called .htaccess?
(Hyper Text + Access) These files were first used to control user access on a per-directory basis.
------------------------
Where is the .htaccess file?
every folder (directory) on your server could have one
------------------------
Why can't I find my .htaccess file?
On most file systems, file names that begin with a dot ( . ) are hidden files. This means they are not typically visible by default.
------------------------
Request Status
200 OK
300- Redirect
400- Client
500- Server
Client Request Errors
400 — Bad Request
401 — Authorization Required
402 — Payment Required (not used yet)
403 — Forbidden
404 — Not Found
405 — Method Not Allowed
406 — Not Acceptable (encoding)
407 — Proxy Authentication Required
408 — Request Timed Out
409 — Conflicting Request
410 — Gone
411 — Content Length Required
412 — Precondition Failed
413 — Request Entity Too Long
414 — Request URI Too Long
415 — Unsupported Media Type.
Server Errors
500 — Internal Server Error
501 — Not Implemented
502 — Bad Gateway
503 — Service Unavailable
504 — Gateway Timeout
505 — HTTP Version Not Supported.
------------------------
URL Redirects and URL Rewriting
301 vs. 302
301 means "Permanently Moved"
302 means "Moved Temporarily"
Redirect vs. Rewrite
#Redirect
#Basic Page Redirect
Redirect 301 /relative-url.html http://example.com/full-url.html
#Redirecting a large section
Redirect 301 /old-directory http://example.com/new-directory
#Redirecting an entire site
Redirect 301 / http://newurl.com
#Rewrite
#Redirecting www to non-www
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.org/$1 [R=301,NC]
#Redirecting to www
RewriteEngine On
RewriteCond %{http_host} ^example.com [NC
RewriteRule ^(.*) http://www.website.com/$1 [R=301,NC]
------------------------
Hiding Your .htaccess File
<Files .htaccess>
order allow,deny
deny from all
</Files>
## Magick things happend with .htaccess
_______________________________________
1. Stopping hot linking of images:
<IfModule mod_rewrite.c>
#Block hotlinking
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|css)$ - [NC,F,L]
</IfModule>
---------------------------------
2. Block bad crawlers
#To block an IP address
RewriteCond %{REMOTE_HOST} 208.96.122.142 [OR]
#To block user-agents
RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
RewriteRule ^.* - [F,L]
#or Blacklisting by IP
order allow,deny
deny from 111.22.3.4
deny from 789.56.4.
allow from all
#or Whitelisting by IP
order deny,allow
deny from all
allow from 111.22.3.4
allow from 789.56.4.7
#or Domain names instead of IP addresses
order allow,deny
deny from example.com
allow from all
---------------------------------
3. Optimize the performance of your site
#Gzip:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
</IfModule>
#Max-age expires:
# If you don't use filenames to version, lower the CSS and JS to something like
<IfModule mod_expires.c>
ExpiresActive on
# Perhaps better to whitelist expires rules? Perhaps.
ExpiresDefault "access plus 1 month"
# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
ExpiresByType text/cache-manifest "access plus 0 seconds"
# Your document html
ExpiresByType text/html "access plus 0 seconds"
# Data
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"
# Feed
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/atom+xml "access plus 1 hour"
# Favicon (cannot be renamed)
ExpiresByType image/x-icon "access plus 1 week"
# Media: images, video, audio
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
# Webfonts
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
# CSS and JavaScript
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
</IfModule>
---------------------------------
4. Fix broken links, preserve SEO
Redirect /pdf_press /products/pdf-press
---------------------------------
5. Custom error pages
ErrorDocument 404 /error/error404.htm
ErrorDocument 500 /error/error500.htm
---------------------------------
6. Require SSL
# require SSL
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "domain.tld"
ErrorDocument 403 https://domain.tld
# require SSL without mod_ssl
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
---------------------------------
7. Setting Environment Variables
SetEnv SPECIAL_PATH /foo/bin
---------------------------------
8. Password Protection With .htpasswd
#Usernames and passwords for the .htaccess system are stored in a file name .htpasswd
#These are stored each on a single line, in the form:
username:encryptedpassword
AuthUserFile /usr/local/etc/.htpasswd
AuthName "Name of Secure Area"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
You can also put users into groups and allow access based on group. This is done by adding another file which specifies the groups.
The group file, which could be named (for example) .htgroups looks like this:
admin: johnsmith janedoe
staff: jackdoe cindysmith
Then you can specify it in your .htaccess file:
AuthUserFile /usr/local/etc/.htpasswd
AuthGroupFile /usr/local/etc/.htgroup
AuthName "Admin Area"
AuthType Basic
<Limit GET POST>
require group admin
</Limit>
---------------------------------
9. Block Users by Referrer
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*example\.com [NC,OR]
RewriteRule .* - [F]
---------------------------------
10. Specifying a Default File for a Directory
DirectoryIndex home.html
---------------------------------
11. Force Download by MIME Type
AddType application/octet-stream pdf doc docx rtf
---------------------------------
12. Disable or Enable Index
#Disabling Indexes
Options -Indexes
#Enabling Indexes
Options +Indexes
#Hiding some files from the Index
IndexIgnore *.gif *.jpg
IndexIgnore secret-image.jpg
---------------------------------
13. Scripts as Source Code
RemoveHandler cgi-script .php .py
AddType text/plain .php .py
---------------------------------
14. Configuring PHP Settings
php_value upload_max_filesize 10M
more coming soon...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment