“A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration„. (FromWikipedia) The .htaccess method will only effect the folder in which the .htaccess file resides, and all the folders inside. The .htaccess file is very useful and allows you to do a lot of things… Here’s my list of the most popular htaccess code snippets that can be added to your .htaccess file. I hope you find them as useful as I do.
.Htaccess Code Snippets, Examples, Tips And Tricks
01. Protect WordPress Blog From Script Injections
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
Source: http://wptidbits.com/tutorials/21-mo...for-wordpress/
02. Prevent Hotlinking
RewriteEngine On
#Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your "don't hotlink" image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
03. Configure Your Website For HTML5 Videos
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
AddType video/ogg .ogv
AddType video/ogg .ogg
AddType video/mp4 .mp4
AddType video/webm .webm
AddType application/x-shockwave-flash swf
Source: http://snipplr.com/view.php?codeview&id=53437
04. Use Browser Caching To Improve Blog Speed
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"
Source: http://www.onextrapixel.com/2011/11/...for-wordpress/
05. Blacklist Undesired Users And Bots Ip Address
order allow,deny
allow from all
deny from 123.456.789
deny from 93.121.788
deny from 223.956.789
deny from 128.456.780
Source: http://www.smashingmagazine.com/2010...curity-tweaks/
06. Redirect Hotlinkers
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(subdomain\.)?domain.tld/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ http://google.com [R]
Source: http://www.askapache.com/htaccess/ul...le-sample.html
07. Force Trailing Slash
RewriteCond %{REQUEST_URI} /+[^\.]+$
RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]
Source: http://perishablepress.com/code-snippets/
08. Remove File Extensions From Urls
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html
# Replace html with your file extension, eg: php, htm, asp
Source: http://eisabainyo.net/weblog/2007/08...n-via-htaccess
09. If You Want To Cover Both Http And Https
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_HOST}//s%{HTTPS} ^www.(.*)//((s)on|s.*)$ [NC]
RewriteRule ^ http%3://%1%{REQUEST_URI} [L,R=301]
Source: http://www.askapache.com/htaccess/co...-examples.html
10. Create Custom Error Pages
ErrorDocument 400 /errors/badrequest.html
ErrorDocument 401 /errors/authreqd.html
ErrorDocument 403 /errors/forbid.html
ErrorDocument 404 /errors/notfound.html
ErrorDocument 500 /errors/serverr.html
Source: http://css-tricks.com/snippets/htacc...m-error-pages/
11. Log PHP Errors
# display no errs to user
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
# log to file
php_flag log_errors on
php_value error_log /location/to/php_error.log
Source: http://css-tricks.com/snippets/htacc...error-logging/
12. Redirect WordPress Feeds To FeedBurner
# temp redirect wordpress content feeds to feedburner
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC]
RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/webanddesigners [R=302,NC,L]
Source: http://perishablepress.com/press/200...taccess-redux/
13. Force Download Of Specific Files
ForceType application/octet-stream
Header set Content-Disposition attachment
ForceType application/octet-stream
Header set Content-Disposition attachment
Source: http://www.givegoodweb.com/post/30/f...e-and-htaccess
14. Require Password For 1 File
AuthName "Prompt"
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Require valid-user
15. Protect Multiple Files
AuthName "Development"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
Source: http://www.angelmonticelli.com.ar/20...code-snippets/
16. Compress Text Files
SetOutputFilter DEFLATE
17. Expire Headers
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType image/x-icon "access plus 2592000 seconds"
ExpiresByType image/jpeg "access plus 2592000 seconds"
ExpiresByType image/png "access plus 2592000 seconds"
ExpiresByType image/gif "access plus 2592000 seconds"
ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
ExpiresByType text/css "access plus 604800 seconds"
ExpiresByType text/javascript "access plus 216000 seconds"
ExpiresByType application/javascript "access plus 216000 seconds"
ExpiresByType application/x-javascript "access plus 216000 seconds"
ExpiresByType text/html "access plus 600 seconds"
ExpiresByType application/xhtml+xml "access plus 600 seconds"
18. Cache-Control Headers
Header set Cache-Control "max-age=2592000, public"
Header set Cache-Control "max-age=604800, public"
Header set Cache-Control "max-age=216000, private"
Header set Cache-Control "max-age=600, private, must-revalidate"
19. Turn ETags Off
Header unset ETag
FileETag None
20. Remove Last-Modified Header
Header unset Last-Modified
Source: http://www.samaxes.com/2009/01/more-...with-htaccess/
21. Banning A WordPress Spammer With .Htaccess
order allow,deny
deny from 200.49.176.139
allow from all
Source: The easiest way to ban a WordPress spammer
22. How To: Deny Comment Posting To No Referrer Requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
23. Redirect Www To Non Www Or Vice Versa
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.yourblogname.com [NC]
RewriteRule ^(.*)$ http://yourblogname.com/$1 [L,R=301]
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^yourblogname.com [NC]
RewriteRule ^(.*)$ http://www.yourblogname.com/$1 [L,R=301]
Source: http://www.webanddesigners.com/20-ht...-from-hacking/
24. Block Referring Domains
#block referring domains
RewriteEngine on
RewriteCond %{HTTP_REFERER} digg\.com [NC]
RewriteRule .* – [F]
25. Redirect Visitors To A Maintenance Page
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]
Source: Comment faire une page d’accueil pour les internautes
26. Allow Only Your IP Adress On The Wp-Admin Directory
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Example Access Control"
AuthType Basic
order allow, deny
deny from all
allow from xx.xx.xx.xx
Source: Protecting the WordPress wp-admin folder
27. Password-Protect Single File
AuthType Basic
AuthName "Prompt"
AuthUserFile /home/path/.htpasswd
Require valid-user
28. Password-Protect Multiple Files
AuthType basic
AuthName "Development"
AuthUserFile /home/path/.htpasswd
Require valid-user
29. Redirect Any Request For Anything From Spamsite To Differentspamsite
RewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$ [NC]
RewriteRule .* http://www.differentspamsite.com [R]
Redirect All Requests From Spamsite To An Image Of Something At Differentspamsite
RewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$ [NC]
RewriteRule .* http://www.differentspamsite/something.jpg [R]
Redirect Traffic From A Certain Address Or Range Of Addresses To Another Site
RewriteCond %{REMOTE_ADDR} 192.168.10.*
RewriteRule .* http://www.differentspamsite.com/index.html [R]
Source: http://perishablepress.com/press/200...access-tricks/
30. Speed Up Your Site With .Htaccess Caching
# 1 YEAR
Header set Cache-Control "max-age=29030400, public"
# 1 WEEK
Header set Cache-Control "max-age=604800, public"
# 2 DAYS
Header set Cache-Control "max-age=172800, proxy-revalidate"
# 1 MIN
Header set Cache-Control "max-age=60, private, proxy-revalidate"
Source: http://www.askapache.com/htaccess/sp...s-caching.html
31. Redirect All WordPress Feeds To Feedburner
RedirectMatch 301 /feed/(atom|rdf|rss|rss2)/?$ http://feedburner.com/yourfeed/
RedirectMatch 301 /comments/feed/(atom|rdf|rss|rss2)/?$ http://feedburner.com/yourfeed/
Source: http://www.wprecipes.com/how-to-redi...-with-htaccess
32. Stop Spam On Your WordPress Blog
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomainname.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
Source: http://www.wprecipes.com/reduce-spam...using-htaccess
33. Deny Access To Your Wp-Config.Php File
# protect wpconfig.php
order allow,deny
deny from all
34. Securing The .Htaccess
order allow,deny
deny from all
satisfy all
Source: http://www.onextrapixel.com/2011/11/...for-wordpress/
Warning: .htaccess files can do more harm than good if used incorrectly. You should always be careful when modifying your htaccess file: even a minor typographical error can make your site unusable!
So, be sure to keep the original working .htaccess as backup just in case you need to revert to original settings.View more threads in the same category:
- Prevent an array filter warning while adding products
- Best Development Practices in Magento 2
- How to Secure Magento Against SQL Injections
- How To Backup And Rollback In Magento 2
- Implement Your Custom API In Magento Backend
- How to Create Simple Twitter Feed Module in Magento 2
- How To Secure cron.php In Magento 2
- How To Create & Configure Multi Store In Magento 2
- Create Your Own Widget In Magento
- Third Part of Magento Theme Development
Bookmarks