Loading Image

Almost there...

Loading Image

Loading...

Cookies are used to give you the best online experience. By using this website you agree to the use of cookies in accordance with our cookie policy.
Learn more here

Useful htaccess Code Snippets

.htaccess is a file that the web server uses to control how your website will react to different actions performed by your visitor. Below I have listed a few .htaccess snippets that I find quite useful.
Michael Jacobsen
4 January 2017 - 10:00
Category: Security
Useful htaccess Code Snippets
Overview

.htaccess is a file that the web server uses to control how your website will react to different actions performed by your visitor. Below I have listed a few .htaccess snippets that I find quite useful.

The snippets below will have to pasted into your .htaccess file, which has to be located on the root of your website.

Warning: Always make sure that you have a working backup of your website before editing / testing your .htaccess file.

Prevent directory browsing

Should a directoy not have an index file, Apache will automatically create a list of all the files in that directory. To prevent this add the following to your .htaccess file:

Options All -Indexes
Custom Error Pages

Don't want the same old looking error page supplied by Apache? Just create an HTML / PHP file with the look that you wanr and upload it to the server and add the following to your .htaccess file:

ErrorDocument 400 /400.php
ErrorDocument 401 /401.php
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php
Changing a Default Index Page

If you want your default index page to be something different instead of the normal "index.html, index.php, index.htm", etc. simply add the following to your .htaccess file:

DirectoryIndex home.html
Blocking Visitors Referred from a Particular Domain

Should you have any visitors from a domain that you don't welcome you can simply ban them from your website and redirect them to a 403 error page. Simply add the following to your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} bannedurl1.com [NC,OR]
RewriteCond %{HTTP_REFERER} bannedurl2.com [NC,OR]
RewriteRule .* - [F]
</ifModule>
Compress files (Gzip Compression)

You can compress your website files / data and send it to your visitor. The browser will then decompress this information. This will help you save bandwidth and reduce the loading time of your website. Simply add the following to your .htaccess file:

AddOutputFilterByType DEFLATE text/css text/html text/plain application/javascript text/xml application/xml application/xhtml+xml application/rss+xml application/x-javascript
Caching Files

Another wat to reduce the load time of your website is by caching files. Simply add the following to your .htaccess file:

<FilesMatch “.(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$”>
Header set Cache-Control “max-age=2592000”
</FilesMatch>
Automatically add UTF-8 Charset to files

To avoid andy encoding problems you can force the encoding type directly in your .htaccess files. This will ensure that all your files are rendered correctly. Simply add the following to your .htaccess file:

AddDefaultCharset utf-8
Turn off Server Signature

If you wish to turn off your Server Signature, add the following to your .htaccess file:

ServerSignature Off
Set Default Language

If you wish to set your Default Language, add the following to your .htaccess file:

DefaultLanguage en
Force HTTPS

In order to force your website always load with HTTPS add the following to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Force the www

In order to force the www at the beginning of your domain, add the following to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Deny except from specific IPs

If you want to deny everyone access to a certain directory with a few exception. You will have to get the IP Address for those who you will allow access and add them to the following in your .htaccss file:

Order deny,allow
Deny from All
Allow from xxx.xxx.xxx.xxx
Allow from xxx.xxx.xxx.xxy
Allow except from specific IPs

If you want to allow everyone access to a certain directory with a few exception. You will have to get the IP Address for those who you will deny access and add them to the following in your .htaccss file:

Order deny,allow
Allow from All
Deny from xxx.xxx.xxx.xxx
Deny from xxx.xxx.xxx.xxy
Turn off PHP Errors

To turn off the displaying of PHP errors on your website, which is a very important feature to prevent hackers from understanding your code and to find a vulnerability to exploid, add the following to your .htaccess file:

php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
Useful Resources

The above are only a few .htaccess snippets that are available. Here is a list of webpages that offer a few more snippets that you might find useful.

https://github.com/phanan/htaccess
https://speckyboy.com/useful-htaccess-snippets-and-hacks/
https://speckyboy.com/what-is-htaccess/
https://css-tricks.com/snippets/htaccess/
http://www.catswhocode.com/blog/10-htaccess-snippets-to-optimize-your-website
http://www.catswhocode.com/blog/10-useful-htaccess-snippets-to-have-in-your-toolbox

Latest Articles
Latest Resources
About Me
Portfolio
Contact Me
FacebookTwitterLinkedInGithub
© Copyright 2017 - 2024 Michael Jacobsen | Cookie Policy