{"id":361,"date":"2013-11-03T20:07:20","date_gmt":"2013-11-03T20:07:20","guid":{"rendered":"http:\/\/www.advancedwebhelp.com\/blog\/?p=361"},"modified":"2014-10-10T19:00:42","modified_gmt":"2014-10-10T19:00:42","slug":"htaccess-features-you-need-to-know","status":"publish","type":"post","link":"https:\/\/www.advancedwebhelp.com\/blog\/2013\/htaccess-features-you-need-to-know","title":{"rendered":"htaccess Features You Need to Know"},"content":{"rendered":"
\n

The following are a list for directives that can be used in htaccess files to adjust file paths, adjust site security, prevent unwanted visitors and more.<\/p>\n

In the following samples, you should replace the domain names, and file names to match your site needs. Even more, you need to remember to adjust the rewritebase to reflect the directory you are placing the htaccess file in. If it is the root directory, use “\/”, if a subdirectory, use that directory name. The subdirectory should be of the form \/dir\/ (i.e. start at the root directory and terminate the path with a slash. You may remove the “ifModule” lines if you are certain that your server supports the features and you do not plan to move the htaccess file on another machine that would need verification of available functionality.<\/p>\n

For your site security, if a index.html, index.php, index.asp is missing in a directory, you do not want people to list your directory. You can prevent listing of your directories by placing the following in the root directory htaccess file.\n<\/p>\n

<\/p>\n

\r\n  #Preventing Directory Listing\r\n  IndexIgnore *\r\n<\/pre>\n
<\/code><\/p>\n
You would like to set the name of the default home page, other than the typical index.html, default.html, etc.   You can set the default name with:\n<\/p>\n
<\/p>\n
\r\n  #Specify a default home page (index page)\r\n  DirectoryIndex home.html\r\n<\/pre>\n
<\/code><\/p>\n
In the event that you forget to include the UTF-8 designation in your web files, set the default to UTF-8. <\/p>\n
<\/p>\n
\r\n  # Default to UTF-8\r\n  \r\n    php_value default_charset utf-8\r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
To prevent search engines from seeing two different sites, mydomain.com and www.mydomain.com, you should force all requests to the site to use one or the other of these designations and force input to that.   The following will remove www from all incoming requests.<\/p>\n
<\/p>\n
\r\n  # Never use www in the domain\r\n  # Replace 'mydomain.com' with your domain name\r\n  \r\n    RewriteEngine on\r\n    RewriteBase \/dir\/\r\n    RewriteCond %{HTTP_HOST} ^www\\.(([a-z0-9_]+\\.)?mydomain\\.com)$ [NC]\r\n    RewriteRule .? http:\/\/%1%{REQUEST_URI} [R=301,L]\r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
The following will force all input to include www.<\/p>\n
<\/p>\n
\r\n  # Always use www in the domain\r\n  # Replace 'mydomain.com' with your domain name\r\n  \r\n    RewriteEngine on\r\n    RewriteBase \/dir\/\r\n    RewriteCond %{HTTP_HOST} ^([a-z.]+)?mydomain\\.com$ [NC]\r\n    RewriteCond %{HTTP_HOST} !^www\\. [NC]\r\n    RewriteRule .? http:\/\/www.%1mydomain.com%{REQUEST_URI} [R=301,L]\r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
The following will force all connections to the site to be a secure access.<\/p>\n
<\/p>\n
\r\n  # Always use https for secure connections\r\n  # Replace 'www.mydomain.com' with your domain name\r\n  # (as it appears on your SSL certificate)\r\n  \r\n    RewriteEngine On\r\n    RewriteBase \/dir\/\r\n    RewriteCond %{SERVER_PORT} 80\r\n    RewriteRule ^(.*)$ https:\/\/www.mydomain.com\/$1 [R=301,L]\r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
The following will set only selected pages of the site are secure.<\/p>\n
<\/p>\n
\r\n  # Always use https for secure connections\r\n  # Replace 'www.mydomain.com' with your domain name\r\n  # (as it appears on your SSL certificate)\r\n  \r\n    RewriteEngine On\r\n    RewriteBase \/\r\n    RewriteCond %{HTTPS} on\r\n    RewriteRule ^(about|contact|products-page|products-page\/transaction-results)\/$ \r\n                          http:\/\/%{HTTP_HOST}%{REQUEST_URI} [R=301,L]\r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
The following will block traffic to multiple sites.  Notice the use of OR <\/p>\n
<\/p>\n
\r\n  # Block traffic from multiple referrers\r\n  \r\n    RewriteEngine on\r\n    Options +FollowSymlinks\r\n    RewriteBase \/\r\n    RewriteCond %{HTTP_REFERER} badsite\\.com [NC,OR]\r\n    RewriteCond %{HTTP_REFERER} badforum\\.com [NC,OR]\r\n    RewriteCond %{HTTP_REFERER} badsearchengine\\.com [NC]\r\n    RewriteRule .* - [F]\r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
Redirect away from the root directory to a subfolder where you have placed your website.<\/p>\n
<\/p>\n
\r\n  # Set a default home directory, (this subfolder always loads)\r\n  # Replace 'folder' with your subfolder name\r\n  \r\n    RewriteEngine On\r\n    RewriteBase \/\r\n    RewriteRule ^$ \/folder\/ [R=301,L]\r\n  <\/IfModule>\r\n<\/pre>\n
<\/code><\/p>\n
Redirect your site from a previous location to a new location<\/p>\n
<\/p>\n
\r\n  \r\n    # Rename a directory and force visitors to the new name\r\n    # Replace 'old' with your old folder name\r\n    # Replace 'new' with your new folder name\r\n    RewriteEngine on\r\n    RewriteBase \/\r\n    RewriteRule ^\/?old([a-z\/.]*)$ \/new$1 [R=301,L]\r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
<\/p>\n
  \r\n  \r\n    RewriteEngine On\r\n    RewriteBase \/dir\/\r\n    RewriteRule ^index\\.html$ welcome.html \r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
Do a permanent redirect (301 redirect) of multiple domain names to one location<\/p>\n
<\/p>\n
\r\n  \r\n    # Redirect Multiple Domains to a Single Domain\r\n    RewriteEngine On\r\n    RewriteBase \/dir\/\r\n    RewriteCond %{HTTP_HOST} ^www.mydomain.net$ [NC,OR]\r\n    RewriteCond %{HTTP_HOST} ^mydomain.net$ [NC,OR]\r\n    RewriteCond %{HTTP_HOST} ^www.mydomain.net$ [NC]\r\n    RewriteRule ^(.*)$ http:\/\/mydomain.net\/$1 [R=301,L]\r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
Prevent the hijacking\/hotlinking of your images by producing a FORBIDDEN message<\/p>\n
<\/p>\n
\r\n  # Give Hotlinkers a 403 Forbidden warning.\r\n  \r\n    RewriteEngine on \r\n    RewriteBase \/dir\/\r\n    RewriteCond %{HTTP_REFERER} !^$\r\n    RewriteCond %{HTTP_REFERER} !^http:\/\/mydomain\\.net\/?.*$ [NC] \r\n    RewriteCond %{HTTP_REFERER} !^http:\/\/mydomain\\.com\/?.*$ [NC] \r\n    RewriteRule \\.(gif|jpe?g|png|bmp|js|css)$ \u2013 [F,NC] \r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
Prevent the hijacking\/hotlinking of your images by substituting an alternate image<\/p>\n
<\/p>\n
\r\n  # Redirect Hotlinkers to \"warning.png\"\r\n   \r\n    RewriteEngine on \r\n    RewriteBase \/dir\/\r\n    RewriteCond %{HTTP_REFERER} !^$\r\n    RewriteCond %{HTTP_REFERER} !^http:\/\/mydomain\\.net\/?.*$ \r\n    RewriteCond %{HTTP_REFERER} !^http:\/\/mydomain\\.com\/?.*$ [NC] \r\n    RewriteRule \\.(gif|jpe?g|png|bmp|js|css)$ http:\/\/mydomain.com\/warning.png [NC,R,L] \r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
Prevent the access to selected types of file by anyone on your site<\/p>\n
<\/p>\n
\r\n  #Do not allow these file types to be called\r\n  \r\n    RewriteEngine on\r\n    RewriteBase \/dir\/\r\n    RewriteRule .*\\.(jpg|jpe?g|gif|png|bmp|exe|swf)$ - [F,NC]\r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
Set a Default image to be returned for all missing images<\/p>\n
<\/p>\n
\r\n  # Set up a Default Image\r\n  \r\n    RewriteEngine On\r\n    RewriteBase \/dir\/\r\n    RewriteCond %{REQUEST_FILENAME} !-f\r\n    RewriteRule ^images\/.*\\.jpg$ \/images\/default.jpg [L]\r\n  <\/ifModule>\r\n<\/pre>\n
<\/code><\/p>\n
The following code can be used to turn files in a specific directory into files that can only be downloaded, not read from their current location. This can be used in a download store, where you would need a directory to hold the downloadable files.  This creates a directory that is not listable by visitors and no file in the directory can be executed.<\/p>\n
For this to work:<\/p>\n
    \n
  • you must include either ‘All’ or at least: ‘Limit’ and ‘Indexes’ parameters to the AllowOverride configuration in your apache\/conf\/httpd.conf file.<\/li>\n
  • OPTIONALLY: if “All” is not specified and you want the added protection offered by the OPTIONS directive below, you’ll need to add ‘Options’ to the AllowOverride list:\n
      \n
    • Example:<\/li>\n
    • <\/li>\n
    •     AllowOverride Limit Options Indexes<\/li>\n
    • <\/Directory><\/li>\n<\/ul>\n<\/li>\n
      <\/p>\n
      \r\n  # For security reasons, Option followsymlinks cannot be overridden.\r\n  #  Options +FollowSymLinks\r\n  Options +SymLinksIfOwnerMatch\r\n  # deny *everything*\r\n  \r\n    Order Allow,Deny\r\n    Deny from all\r\n  <\/FilesMatch>\r\n  # but now allow just *certain* necessary files:\r\n  \r\n    Order Allow,Deny\r\n    Allow from all\r\n  <\/FilesMatch>\r\n  \r\n    \r\n      # Force all downloads to automatically be treated as \"save as\" instead of launching in an application directly\r\n      ForceType application\/octet-stream\r\n      Header set Content-Disposition attachment\r\n    <\/FilesMatch>\r\n  <\/IfModule>\r\n  IndexIgnore *\/*\r\n<\/pre>\n
      <\/code><\/p>\n
      Given the state of the internet, you may decide to block access to your website from selected locations.   The following offers you a variety of ways to block traffic to your site.<\/p>\n
      Block traffic from specific websites<\/p>\n
      <\/p>\n
      \r\n  # Block traffic from multiple referrers\r\n  \r\n    RewriteEngine on\r\n    # Options +FollowSymlinks\r\n    RewriteBase \/dir\/\r\n    RewriteCond %{HTTP_REFERER} badsite\\.com [NC,OR]\r\n    RewriteCond %{HTTP_REFERER} anotherbadsite\\.com\r\n    RewriteRule .* - [F]\r\n  <\/ifModule>\r\n<\/pre>\n
      <\/code><\/p>\n
      Deny site from specific IP address with message<\/p>\n
      <\/p>\n
      \r\n  # Block a Specific IP Address\r\n  # Replace the IP address you want to block \r\n  # leave the \"\\\" before each dot, which escapes the character).\r\n  \r\n    RewriteEngine On\r\n    RewriteBase \/dir\/\r\n    RewriteCond %{REMOTE_ADDR} ^(123\\.196\\.8\\.48)$\r\n    RewriteRule ^\/* http:\/\/www.mydomain.com\/sorry.html [L]\r\n  <\/ifModule>\r\n<\/pre>\n
      <\/code><\/p>\n
      Deny site access to specific IP addresses with no comment<\/p>\n
      <\/p>\n
      \r\n  order allow,deny\r\n  deny from 123.45.6.7\r\n  deny from 012.34.5.\r\n  allow from all\r\n<\/pre>\n
      <\/code><\/p>\n
      Hide specific file.<\/p>\n
      <\/p>\n
      \r\n  # hide .htaccess\r\n  \r\n    order allow,deny\r\n    deny from all\r\n  <\/Files>\r\n<\/pre>\n
      <\/code><\/p>\n
      Re-assign .html, .htm, and .shtml pages to be processed by the php processing. <\/p>\n
      <\/p>\n
      \r\n  # Force html through php processing\r\n  AddType application\/x-httpd-php .php .html .htm .shtml\r\n  AddHandler application\/x-httpd-php .html .htm .shtml \r\n<\/pre>\n
      <\/code><\/p>\n
      Add SSI preprocessing to your .shtml files<\/p>\n
      <\/p>\n
      \r\n  # Add SSI\r\n  AddType text\/html .shtml\r\n  AddHandler server-parsed .shtml\r\n  XBitHack on\r\n<\/pre>\n
      <\/code><\/p>\n
      Define the files to be used as the result of a document error.<\/p>\n
      <\/p>\n
      \r\n  # ERROR Documents\r\n  ErrorDocument 400 \/errors\/badrequest.html\r\n  ErrorDocument 401 \/errors\/authreqd.html\r\n  ErrorDocument 403 \/errors\/forbid.html\r\n  ErrorDocument 404 \/errors\/notfound.html\r\n  ErrorDocument 500 \/errors\/serverr.html\r\n<\/pre>\n
      <\/code><\/p>\n
      <\/p>\n
      \r\n  # You can create your menu with its flags or whatever you like, and add the country code to end \r\n  # of the links... <a href=\"page.html-fr\" id=\"...\"><\/a>\r\n  <IfModule mod_rewrite.c>\r\n    RewriteRule ^(.*)-fr$ \r\n        http:\/\/www.google.com\/translate_c?hl=fr&sl=en&u=http:\/\/corz.org\/$1 [R,NC]\r\n    RewriteRule ^(.*)-de$ \r\n        http:\/\/www.google.com\/translate_c?hl=de&sl=en&u=http:\/\/corz.org\/$1 [R,NC]\r\n    RewriteRule ^(.*)-es$ \r\n        http:\/\/www.google.com\/translate_c?hl=es&sl=en&u=http:\/\/corz.org\/$1 [R,NC]\r\n    RewriteRule ^(.*)-it$ \r\n        http:\/\/www.google.com\/translate_c?hl=it&sl=en&u=http:\/\/corz.org\/$1 [R,NC]\r\n    RewriteRule ^(.*)-pt$ \r\n        http:\/\/www.google.com\/translate_c?hl=pt&sl=en&u=http:\/\/corz.org\/$1 [R,NC]\r\n  <IfModule>\r\n<\/pre>\n
      <\/code><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
      The following are a list for directives that can be used in htaccess files to adjust file paths, adjust site security, prevent unwanted visitors and more. In the following samples, you should replace the domain names, and file names to match your site needs. Even more, you need to remember to adjust the rewritebase to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-361","post","type-post","status-publish","format-standard","hentry","category-htaccess"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.advancedwebhelp.com\/blog\/wp-json\/wp\/v2\/posts\/361","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.advancedwebhelp.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.advancedwebhelp.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.advancedwebhelp.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.advancedwebhelp.com\/blog\/wp-json\/wp\/v2\/comments?post=361"}],"version-history":[{"count":2,"href":"https:\/\/www.advancedwebhelp.com\/blog\/wp-json\/wp\/v2\/posts\/361\/revisions"}],"predecessor-version":[{"id":866,"href":"https:\/\/www.advancedwebhelp.com\/blog\/wp-json\/wp\/v2\/posts\/361\/revisions\/866"}],"wp:attachment":[{"href":"https:\/\/www.advancedwebhelp.com\/blog\/wp-json\/wp\/v2\/media?parent=361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.advancedwebhelp.com\/blog\/wp-json\/wp\/v2\/categories?post=361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.advancedwebhelp.com\/blog\/wp-json\/wp\/v2\/tags?post=361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}