Skip to page content or Skip to Accesskey List.

Work

Main Page Content

Ultimate Htaccess Examples

Posted on 02 Feb 2007

in Backend

by AskApache (apachehtaccess)

Rated 3.89 (Ratings: 0)

Want more?

 
Picture of apachehtaccess

AskApache

Member info

User since: 08 Jan 2007

Articles written: 1

Here's my list of the ultimate htaccess code snippets and examples that I use all the time. I tried to keep them extremely minimalistic.

Don't miss checking out my example htaccess file, its very comprehensive

Hey jason I'm glad someone finally noticed the "development" htaccess at the bottom of my file! Thats honestly the piece of code I am most glad to have.

Heres the actual code that I use when I'm developing sites for clients

This lets google crawl the page, lets me access the whole site (24.205.23.222) without a password, and lets my client access the page WITH a password. It also allows for XHTML and CSS validation! (w3.org)

# ELITE HTACCESS FOR WEBDEVELOPERS

##############################################

AuthName "SiteName Administration"

AuthUserFile /home/sitename.com/.htpasswd

AuthType basic

Require valid-user

Order deny,allow

Deny from all

Allow from 24\.205\.23\.222

Allow from w3.org htmlhelp.com

Allow from googlebot.com

Satisfy Any

Each code snippet has been copied from htaccesselite. Additional and detailed info on each htaccess code snippet can be found at askapache.com

NOTE: Most of these snippets can be used with a Files or Filesmatch directive to only apply to certain files.

NOTE: Any htaccess rewrite examples should always begin with:

Options +FollowSymLinks

RewriteEngine On

RewriteBase /

Apache Documentation: 1.3 2.0 2.2 Current

Make any file be a certain filetype (regardless of name or extension)

#Makes image.gif, blah.html, index.cgi all act as php

ForceType application/x-httpd-php

Redirect non-https requests to https server fixing double-login problem and ensuring that htpasswd authorization can only be entered using HTTPS

Additional https/ssl information and Apache SSL in htaccess examples

SSLOptions +StrictRequire

SSLRequireSSL

SSLRequire %{HTTP_HOST} eq "google.com"

ErrorDocument 403 https://google.com

SEO Friendly redirects for bad/old links and moved links

For single moved file

Redirect 301 /d/file.html http://www.htaccesselite.com/r/file.html

For multiple files like a blog/this.php?gh

RedirectMatch 301 /blog(.*) http://www.askapache.com/$1

different domain name

Redirect 301 / http://www.newdomain.com

Require the www

Options +FollowSymLinks

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_URI} !^/robots\.txt$

RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]

RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

Require the www without hardcoding

Options +FollowSymLinks

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_URI} !^/robots\.txt$ [NC]

RewriteCond %{HTTP_HOST} !^www\.[a-z-]+\.[a-z]{2,6} [NC]

RewriteCond %{HTTP_HOST} ([a-z-]+\.[a-z]{2,6})$ [NC]

RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]

Require no subdomain

Options +FollowSymLinks

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_URI} !^/robots\.txt$

RewriteCond %{HTTP_HOST} \.([a-z-]+\.[a-z]{2,6})$ [NC]

RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]

Require no subdomain

Options +FollowSymLinks

RewriteEngine On

RewriteBase /

RewriteCond %{HTTP_HOST} \.([^\.]+\.[^\.0-9]+)$

RewriteCond %{REQUEST_URI} !^/robots\.txt$ [NC]

RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

Redirect everyone to different site except 1 IP address (useful for web-development)

ErrorDocument 403 http://www.someothersite.com

Order deny,allow

Deny from all

Allow from 24.33.65.6

CHMOD your files

chmod .htpasswd files 640

chmod .htaccess files 644

chmod php files 600

chmod files that you really dont want people to see as 400

NEVER chmod 777, if something requires write access use 766

Variable (mod_env) Magic

Set the Timezone of the server:

SetEnv TZ America/Indianapolis

Set the Server Administrator Email:

SetEnv SERVER_ADMIN webmaste@htaccesselite.com

Turn off the ServerSignature

ServerSignature Off

Add a "en-US" language tag and "text/html; UTF-8" headers without meta tags

Article: Setting Charset in htaccess

Article: Using FilesMatch and Files in htaccess

AddDefaultCharset UTF-8

# Or AddType 'text/html; charset=UTF-8' html

DefaultLanguage en-US

Using the Files Directive

AddDefaultCharset UTF-8

DefaultLanguage en-US

Using the FilesMatch Directive (preferred)

AddDefaultCharset UTF-8

DefaultLanguage en-US

Use a custom php.ini with mod_php or php as a cgi

Article: Custom PHP.ini tips and tricks

When php run as Apache Module (mod_php)

in root .htaccess

SetEnv PHPRC /location/todir/containing/phpinifile

When php run as CGI

Place your php.ini file in the dir of your cgi’d php, in this case /cgi-bin/

htaccess might look something like this

AddHandler php-cgi .php .htm Action php-cgi /cgi-bin/php5.cgi

When cgi’d php is run with wrapper (for FastCGI)

You will have a shell wrapper script something like this:

#!/bin/sh

export PHP_FCGI_CHILDREN=3

exec /user3/x.com/htdocs/cgi-bin/php5.cgi

Change To

#!/bin/sh

export PHP_FCGI_CHILDREN=3

exec /x.com/cgi-bin/php.cgi -c /abs/path/to/php.ini

Securing directories: Remove the ability to execute scripts

Heres a couple different ways I do it

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi

Options -ExecCGI

This is cool, you are basically categorizing all those files that end in those extensions so that they fall under the jurisdiction of the -ExecCGI command, which also means -FollowSymLinks (and the opposite is also true, +ExecCGI also turns on +FollowSymLinks)

Only allow GET and PUT request methods to your server.

Options -ExecCGI -Indexes -All +FollowSymLinks

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_METHOD} !^(GET PUT)

RewriteRule .* - [F]

Processing All gif files to be processed through a cgi script

Action image/gif /cgi-bin/filter.cgi

Process request/file depending on the request method

Script PUT /cgi-bin/upload.cgi

Force Files to download, not be displayed in browser

AddType application/octet-stream .avi

AddType application/octet-stream .mpg

Then in your HTML you could just link directly to the file..

Download Movie1

And then you will get a pop-up box asking whether you want to save the file or open it.

Show the source code of dynamic files

If you'd rather have .pl, .py, or .cgi files displayed in the browser as source rather than be executed as scripts, simply create a .htaccess file in the relevant directory with the following:

RemoveHandler cgi-script .pl .py .cgi

Dramatically Speed up your site by implementing Caching!

Article: Speed Up Sites with htaccess Caching

# MONTH

Header set Cache-Control "max-age=2592000"

# WEEK

Header set Cache-Control "max-age=604800"

# DAY

Header set Cache-Control "max-age=43200"

Prevent Files image/file hotlinking and bandwidth stealing

Options +FollowSymLinks

RewriteEngine On

RewriteBase /

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www\.)?askapache.com/.*$ [NC]

RewriteRule \.(gif jpg swf flv png)$ http://www.askapache.com/feed.gif [R=302,L]

ErrorDocuments

Article: Additional ErrorDocument Info and Examples

ErrorDocument 404 /favicon.ico

ErrorDocument 403 https://secure.htaccesselite.com

ErrorDocument 404 /cgi-bin/error.php

ErrorDocument 400 /cgi-bin/error.php

ErrorDocument 401 /cgi-bin/error.php

ErrorDocument 403 /cgi-bin/error.php

ErrorDocument 405 /cgi-bin/error.php

ErrorDocument 406 /cgi-bin/error.php

ErrorDocument 409 /cgi-bin/error.php

ErrorDocument 413 /cgi-bin/error.php

ErrorDocument 414 /cgi-bin/error.php

ErrorDocument 500 /cgi-bin/error.php

ErrorDocument 501 /cgi-bin/error.php

Note: You can also do an external link, but don't do an external link to your site or you will cause a loop that will hurt your SEO.

Authentication Magic

Require password for 1 file:

AuthName "Prompt"

AuthType Basic

AuthUserFile /home/askapache.com/.htpasswd

Require valid-user

Protect multiple files:

AuthName "Development"

AuthUserFile /.htpasswd

AuthType basic

Require valid-user

Example uses of the Allow Directive:

# A (partial) domain-name

Allow from 10.1.0.0/255.255.0.0

# Full IP address

Allow from 10.1.2.3

# More than 1 full IP address

Allow from 192.168.1.104 192.168.1.205

# Partial IP addresses

# first 1 to 3 bytes of IP, for subnet restriction.

Allow from 10.1

Allow from 10 172.20 192.168.2

# network/netmask pair

Allow from 10.1.0.0/255.255.0.0

# network/nnn CIDR specification

Allow from 10.1.0.0/16

# IPv6 addresses and subnets

Allow from 2001:db8::a00:20ff:fea7:ccea

Allow from 2001:db8::a00:20ff:fea7:ccea/10

Using visitor dependent environment variables:

Article: Additional SetEnvIf examples

SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in

Order Deny,Allow

Deny from all

Allow from env=let_me_in

Allow from apache.org but deny from foo.apache.org

Order Allow,Deny

Allow from apache.org

Deny from foo.apache.org

Allow from IP address with no password prompt, and also allow from non-Ip address with password prompt:

AuthUserFile /home/www/site1-passwd

AuthType Basic

AuthName MySite

Require valid-user

Allow from 172.17.10

Satisfy Any

block access to files during certain hours of the day

Options +FollowSymLinks

RewriteEngine On

RewriteBase /

# If the hour is 16 (4 PM) Then deny all access

RewriteCond %{TIME_HOUR} ^16$

RewriteRule ^.*$ - [F,L]

A good default example .htaccess file

I use this when I start a new site, and uncomment or delete parts of the file depending on the sites needs

# DEFAULT SETTINGS

##############################################

Options +ExecCGI -Indexes

DirectoryIndex index.php index.html index.htm

### DEFAULTS ###

ServerSignature Off

AddType video/x-flv .flv

AddType application/x-shockwave-flash .swf

AddType image/x-icon .ico

AddDefaultCharset UTF-8

DefaultLanguage en-US

SetEnv TZ America/Indianapolis

SetEnv SERVER_ADMIN webmaster@askapache.com

### FAST-CGI ###

AddHandler fastcgi-script fcgi

AddHandler php-cgi .php

Action php-cgi /cgi-bin/php5-wrapper.fcgi

# HEADERS and CACHING

##############################################

#### CACHING ####

# YEAR

Header set Cache-Control "max-age=2592000"

# WEEK

Header set Cache-Control "max-age=604800"

# 10 minutes

Header set Cache-Control "max-age=600"

# DONT CACHE

Header unset Cache-Control

# REWRITES AND REDIRECTS

##############################################

### SEO REDIRECTS ###

Redirect 301 /2006/uncategorized/htaccesselitecom-aboutus.html http://www.^^SITE^^.^^TLD^^

### REWRITES ###

RewriteEngine On

RewriteBase /

### WORDPRESS ###

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

# END WordPress

# AUTHENTICATION

##############################################

AuthName "askapache.com"

Require valid-user

AuthUserFile /askapache/.htpasswd

AuthType basic

Ultimate htaccess Article

Web Developer and Server Administrator for best-practices, based in Indianapolis.

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.org Evolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.