htaccess Features You Need to Know

The following are a list for directives that can be used in htaccess files to adjust file paths, adjust site security, prevent unwanted visitors and more.

In the following samples, you should replace the domain names, and file names to match your site needs. Even more, you need to remember to adjust the rewritebase to reflect the directory you are placing the htaccess file in. If it is the root directory, use “/”, if a subdirectory, use that directory name. The subdirectory should be of the form /dir/ (i.e. start at the root directory and terminate the path with a slash. You may remove the “ifModule” lines if you are certain that your server supports the features and you do not plan to move the htaccess file on another machine that would need verification of available functionality.

For your site security, if a index.html, index.php, index.asp is missing in a directory, you do not want people to list your directory. You can prevent listing of your directories by placing the following in the root directory htaccess file.

  #Preventing Directory Listing
  IndexIgnore *

You would like to set the name of the default home page, other than the typical index.html, default.html, etc. You can set the default name with:

  #Specify a default home page (index page)
  DirectoryIndex home.html

In the event that you forget to include the UTF-8 designation in your web files, set the default to UTF-8.

  # Default to UTF-8
  
    php_value default_charset utf-8
  

To prevent search engines from seeing two different sites, mydomain.com and www.mydomain.com, you should force all requests to the site to use one or the other of these designations and force input to that. The following will remove www from all incoming requests.

  # Never use www in the domain
  # Replace 'mydomain.com' with your domain name
  
    RewriteEngine on
    RewriteBase /dir/
    RewriteCond %{HTTP_HOST} ^www\.(([a-z0-9_]+\.)?mydomain\.com)$ [NC]
    RewriteRule .? http://%1%{REQUEST_URI} [R=301,L]
  

The following will force all input to include www.

  # Always use www in the domain
  # Replace 'mydomain.com' with your domain name
  
    RewriteEngine on
    RewriteBase /dir/
    RewriteCond %{HTTP_HOST} ^([a-z.]+)?mydomain\.com$ [NC]
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule .? http://www.%1mydomain.com%{REQUEST_URI} [R=301,L]
  

The following will force all connections to the site to be a secure access.

  # Always use https for secure connections
  # Replace 'www.mydomain.com' with your domain name
  # (as it appears on your SSL certificate)
  
    RewriteEngine On
    RewriteBase /dir/
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]
  

The following will set only selected pages of the site are secure.

  # Always use https for secure connections
  # Replace 'www.mydomain.com' with your domain name
  # (as it appears on your SSL certificate)
  
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} on
    RewriteRule ^(about|contact|products-page|products-page/transaction-results)/$ 
                          http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
  

The following will block traffic to multiple sites. Notice the use of OR

  # Block traffic from multiple referrers
  
    RewriteEngine on
    Options +FollowSymlinks
    RewriteBase /
    RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} badforum\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} badsearchengine\.com [NC]
    RewriteRule .* - [F]
  

Redirect away from the root directory to a subfolder where you have placed your website.

  # Set a default home directory, (this subfolder always loads)
  # Replace 'folder' with your subfolder name
  
    RewriteEngine On
    RewriteBase /
    RewriteRule ^$ /folder/ [R=301,L]
  

Redirect your site from a previous location to a new location

  
    # Rename a directory and force visitors to the new name
    # Replace 'old' with your old folder name
    # Replace 'new' with your new folder name
    RewriteEngine on
    RewriteBase /
    RewriteRule ^/?old([a-z/.]*)$ /new$1 [R=301,L]
  

  
  
    RewriteEngine On
    RewriteBase /dir/
    RewriteRule ^index\.html$ welcome.html 
  

Do a permanent redirect (301 redirect) of multiple domain names to one location

  
    # Redirect Multiple Domains to a Single Domain
    RewriteEngine On
    RewriteBase /dir/
    RewriteCond %{HTTP_HOST} ^www.mydomain.net$ [NC,OR]
    RewriteCond %{HTTP_HOST} ^mydomain.net$ [NC,OR]
    RewriteCond %{HTTP_HOST} ^www.mydomain.net$ [NC]
    RewriteRule ^(.*)$ http://mydomain.net/$1 [R=301,L]
  

Prevent the hijacking/hotlinking of your images by producing a FORBIDDEN message

  # Give Hotlinkers a 403 Forbidden warning.
  
    RewriteEngine on 
    RewriteBase /dir/
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://mydomain\.net/?.*$ [NC] 
    RewriteCond %{HTTP_REFERER} !^http://mydomain\.com/?.*$ [NC] 
    RewriteRule \.(gif|jpe?g|png|bmp|js|css)$ – [F,NC] 
  

Prevent the hijacking/hotlinking of your images by substituting an alternate image

  # Redirect Hotlinkers to "warning.png"
   
    RewriteEngine on 
    RewriteBase /dir/
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://mydomain\.net/?.*$ 
    RewriteCond %{HTTP_REFERER} !^http://mydomain\.com/?.*$ [NC] 
    RewriteRule \.(gif|jpe?g|png|bmp|js|css)$ http://mydomain.com/warning.png [NC,R,L] 
  

Prevent the access to selected types of file by anyone on your site

  #Do not allow these file types to be called
  
    RewriteEngine on
    RewriteBase /dir/
    RewriteRule .*\.(jpg|jpe?g|gif|png|bmp|exe|swf)$ - [F,NC]
  

Set a Default image to be returned for all missing images

  # Set up a Default Image
  
    RewriteEngine On
    RewriteBase /dir/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^images/.*\.jpg$ /images/default.jpg [L]
  

The following code can be used to turn files in a specific directory into files that can only be downloaded, not read from their current location. This can be used in a download store, where you would need a directory to hold the downloadable files. This creates a directory that is not listable by visitors and no file in the directory can be executed.

For this to work:

  • you must include either ‘All’ or at least: ‘Limit’ and ‘Indexes’ parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
  • OPTIONALLY: if “All” is not specified and you want the added protection offered by the OPTIONS directive below, you’ll need to add ‘Options’ to the AllowOverride list:
    • Example:
    •     AllowOverride Limit Options Indexes
  •   # For security reasons, Option followsymlinks cannot be overridden.
      #  Options +FollowSymLinks
      Options +SymLinksIfOwnerMatch
      # deny *everything*
      
        Order Allow,Deny
        Deny from all
      
      # but now allow just *certain* necessary files:
      
        Order Allow,Deny
        Allow from all
      
      
        
          # Force all downloads to automatically be treated as "save as" instead of launching in an application directly
          ForceType application/octet-stream
          Header set Content-Disposition attachment
        
      
      IndexIgnore */*
    

    Given the state of the internet, you may decide to block access to your website from selected locations. The following offers you a variety of ways to block traffic to your site.

    Block traffic from specific websites

      # Block traffic from multiple referrers
      
        RewriteEngine on
        # Options +FollowSymlinks
        RewriteBase /dir/
        RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
        RewriteCond %{HTTP_REFERER} anotherbadsite\.com
        RewriteRule .* - [F]
      
    

    Deny site from specific IP address with message

      # Block a Specific IP Address
      # Replace the IP address you want to block 
      # leave the "\" before each dot, which escapes the character).
      
        RewriteEngine On
        RewriteBase /dir/
        RewriteCond %{REMOTE_ADDR} ^(123\.196\.8\.48)$
        RewriteRule ^/* http://www.mydomain.com/sorry.html [L]
      
    

    Deny site access to specific IP addresses with no comment

      order allow,deny
      deny from 123.45.6.7
      deny from 012.34.5.
      allow from all
    

    Hide specific file.

      # hide .htaccess
      
        order allow,deny
        deny from all
      
    

    Re-assign .html, .htm, and .shtml pages to be processed by the php processing.

      # Force html through php processing
      AddType application/x-httpd-php .php .html .htm .shtml
      AddHandler application/x-httpd-php .html .htm .shtml 
    

    Add SSI preprocessing to your .shtml files

      # Add SSI
      AddType text/html .shtml
      AddHandler server-parsed .shtml
      XBitHack on
    

    Define the files to be used as the result of a document error.

      # ERROR Documents
      ErrorDocument 400 /errors/badrequest.html
      ErrorDocument 401 /errors/authreqd.html
      ErrorDocument 403 /errors/forbid.html
      ErrorDocument 404 /errors/notfound.html
      ErrorDocument 500 /errors/serverr.html
    

      # You can create your menu with its flags or whatever you like, and add the country code to end 
      # of the links... <a href="page.html-fr" id="..."></a>
      <IfModule mod_rewrite.c>
        RewriteRule ^(.*)-fr$ 
            http://www.google.com/translate_c?hl=fr&sl=en&u=http://corz.org/$1 [R,NC]
        RewriteRule ^(.*)-de$ 
            http://www.google.com/translate_c?hl=de&sl=en&u=http://corz.org/$1 [R,NC]
        RewriteRule ^(.*)-es$ 
            http://www.google.com/translate_c?hl=es&sl=en&u=http://corz.org/$1 [R,NC]
        RewriteRule ^(.*)-it$ 
            http://www.google.com/translate_c?hl=it&sl=en&u=http://corz.org/$1 [R,NC]
        RewriteRule ^(.*)-pt$ 
            http://www.google.com/translate_c?hl=pt&sl=en&u=http://corz.org/$1 [R,NC]
      <IfModule>
    

Leave a Reply