Learn .htaccess in 10 minutes

Mode rewrite

A list of htaccess code snippets and examples.
Any web designer MUST know them.

Any htaccess rewrite examples should always begin with:

Options +FollowSymLinks
RewriteEngine On
RewriteBase /

This lets google crawl the page, lets me access the whole site (24.205.23.222) without a password, and lets my client access the page WITH a password. It also allows for XHTML and CSS validation! (w3.org):

AuthName “SiteName Administration”
AuthUserFile /home/sitename.com/.htpasswd
AuthType basic
Require valid-user
Order deny,allow
Deny from all
Allow from 24\\.205\\.23\\.222
Allow from w3.org htmlhelp.com
Allow from googlebot.com
Satisfy Any

Make any file be a certain filetype (regardless of name or extension)
#Makes image.gif, blah.html, index.cgi all act as php
ForceType application/x-httpd-php:

Redirect non-https requests to https server fixing double-login problem and ensuring that htpasswd authorization can only be entered using HTTPS

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq “google.com”
ErrorDocument 403 https://google.com

SEO Friendly redirects for bad/old links and moved links

For single moved file:

Redirect 301 /d/file.html http://www.htaccesselite.com/r/file.html

For multiple files like a blog/this.php?gh:

RedirectMatch 301 /blog(.*) http://www.askapache.com/$1

different domain name:

Redirect 301 / http://www.newdomain.com

Require the www:

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/robots\\.txt$
RewriteCond %{HTTP_HOST} !^www\\.example\\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

Require the www without hardcoding:

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/robots\\.txt$ [NC]
RewriteCond %{HTTP_HOST} !^www\\.[a-z-]+\\.[a-z]{2,6} [NC]
RewriteCond %{HTTP_HOST} ([a-z-]+\\.[a-z]{2,6})$ [NC]
RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]

Require no subdomain:

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/robots\\.txt$
RewriteCond %{HTTP_HOST} \\.([a-z-]+\\.[a-z]{2,6})$ [NC]
RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]

Require no subdomain:

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} \\.([^\\.]+\\.[^\\.0-9]+)$
RewriteCond %{REQUEST_URI} !^/robots\\.txt$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

Redirect everyone to different site except 1 IP address (useful for web-development):

ErrorDocument 403 http://www.someothersite.com
Order deny,allow
Deny from all
Allow from 24.33.65.6

Add a “en-US” language tag and “text/html; UTF-8” headers without meta tags:

AddDefaultCharset UTF-8
# Or AddType ‘text/html; charset=UTF-8’ html
DefaultLanguage en-US

Using the Files Directive:

AddDefaultCharset UTF-8
DefaultLanguage en-US

Using the FilesMatch Directive (preferred):

AddDefaultCharset UTF-8
DefaultLanguage en-US

Securing directories: Remove the ability to execute scripts:

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options –ExecCGI
Only allow GET and PUT request methods to your server.
Options -ExecCGI -Indexes -All +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} !^(GET|PUT)
RewriteRule .* – [F]

Processing All gif files to be processed through a cgi script:

Action image/gif /cgi-bin/filter.cgi

Process request/file depending on the request method:

Script PUT /cgi-bin/upload.cgi

Force Files to download, not be displayed in browser:

AddType application/octet-stream .avi
AddType application/octet-stream .mpg

Dramatically Speed up your site by implementing Caching!:

# MONTH
Header set Cache-Control “max-age=2592000”
# WEEK
Header set Cache-Control “max-age=604800”
# DAY
Header set Cache-Control “max-age=43200”

Prevent Files image/file hotlinking and bandwidth stealing:

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\\.)?askapache.com/.*$ [NC]
RewriteRule \\.(gif|jpg|swf|flv|png)$ http://www.askapache.com/evil-hotlinker.gif [R=302,L]

ErrorDocuments:

ErrorDocument 404 /favicon.ico
ErrorDocument 403 https://secure.htaccesselite.com
ErrorDocument 404 /cgi-bin/error.php
ErrorDocument 400 /cgi-bin/error.php
ErrorDocument 401 /cgi-bin/error.php
ErrorDocument 403 /cgi-bin/error.php
ErrorDocument 405 /cgi-bin/error.php
ErrorDocument 406 /cgi-bin/error.php
ErrorDocument 409 /cgi-bin/error.php
ErrorDocument 413 /cgi-bin/error.php
ErrorDocument 414 /cgi-bin/error.php
ErrorDocument 500 /cgi-bin/error.php
ErrorDocument 501 /cgi-bin/error.php

Authentication Magic

Require password for 1 file:

AuthName “Prompt”
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Require valid-user

Protect multiple files:

AuthName “Development”
AuthUserFile /.htpasswd
AuthType basic
Require valid-user

Example uses of the Allow Directive:

# A (partial) domain-name
Allow from 10.1.0.0/255.255.0.0

# Full IP address
Allow from 10.1.2.3

# More than 1 full IP address
Allow from 192.168.1.104 192.168.1.205

# Partial IP addresses
# first 1 to 3 bytes of IP, for subnet restriction.
Allow from 10.1
Allow from 10 172.20 192.168.2

# network/netmask pair
Allow from 10.1.0.0/255.255.0.0

# network/nnn CIDR specification
Allow from 10.1.0.0/16

# IPv6 addresses and subnets
Allow from 2001:db8::a00:20ff:fea7:ccea
Allow from 2001:db8::a00:20ff:fea7:ccea/10

Using visitor dependent environment variables:

SetEnvIf User-Agent ^KnockKnock/2\\.0 let_me_in
Order Deny,Allow
Deny from all
Allow from env=let_me_in

block access to files during certain hours of the day:

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
# If the hour is 16 (4 PM) Then deny all access
RewriteCond %{TIME_HOUR} ^16$
RewriteRule ^.*$ – [F,L]

Advertisements