A quick introduction of .htaccess with examples
What is .htaccess?
The .htaccess file is a configuration file that affects how a web server responds to various requests.
.htaccess
files provide a way to make configuration changes on a per-directory basis.
Why is it called .htaccess?
(Hyper Text + Access) These files were first used to control user access on a per-directory basis.
Where is the .htaccess file?
every folder (directory) on your server could have one
Why can’t I find my .htaccess file?
On most file systems, file names that begin with a dot ( . ) are hidden files. This means they are not typically visible by default.
Request Status 200- OK 300- Redirect 400- Client 500- Server
Client Request Errors 400 — Bad Request 401 — Authorization Required 402 — Payment Required (not used yet) 403 — Forbidden 404 — Not Found 405 — Method Not Allowed 406 — Not Acceptable (encoding) 407 — Proxy Authentication Required 408 — Request Timed Out 409 — Conflicting Request 410 — Gone 411 — Content Length Required 412 — Precondition Failed 413 — Request Entity Too Long 414 — Request URI Too Long 415 — Unsupported Media Type.
Server Errors 500 — Internal Server Error 501 — Not Implemented 502 — Bad Gateway 503 — Service Unavailable 504 — Gateway Timeout 505 — HTTP Version Not Supported.
URL Redirects and URL Rewriting
301 vs. 302
301 means “Permanently Moved”
302 means “Moved Temporarily”
Redirect vs. Rewrite
#Redirect #Basic Page Redirect Redirect 301 /relative-url.html http://urfusion.net/full-url.html
#Redirecting a large section Redirect 301 /old-directory http://urfusion.net/new-directory
#Redirecting an entire site Redirect 301 / http://urfusion.net
#Rewrite #Redirecting www to non-www Options +FollowSymlinks RewriteEngine on RewriteCond %{http_host} ^www\.urfusion\.net [NC] RewriteRule ^(.*)$ http://urfusion.com/$1 [R=301,NC]
#Redirecting to www RewriteEngine On RewriteCond %{http_host} ^urfusion.net [NC RewriteRule ^(.*) http://www.urfusion.net/$1 [R=301,NC]
Hiding Your .htaccess File
order allow,deny deny from all
Magick things happend with .htaccess
1. Stopping hot linking of images:
#Block hotlinking RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?urfusion.net [NC] RewriteRule \.(jpg|jpeg|png|gif|css)$ - [NC,F,L]
2. Block bad crawlers
#To block an IP address RewriteCond %{REMOTE_HOST} 208.96.122.142 [OR]
#To block user-agents RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR] RewriteRule ^.* - [F,L]
#or Blacklisting by IP order allow,deny deny from 111.22.3.4 deny from 789.56.4. allow from all
#or Whitelisting by IP order deny,allow deny from all allow from 111.22.3.4 allow from 789.56.4.7
#or Domain names instead of IP addresses order allow,deny deny from example.com allow from all
3. Optimize the performance of your site
#Gzip: AddOutputFilterByType DEFLATE text/html text/plain text/css application/json AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE text/xml application/xml text/x-component AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype #Max-age expires: # If you don't use filenames to version, lower the CSS and JS to something like ExpiresActive on # Perhaps better to whitelist expires rules? Perhaps. ExpiresDefault "access plus 1 month" # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5) ExpiresByType text/cache-manifest "access plus 0 seconds" # Your document html ExpiresByType text/html "access plus 0 seconds" # Data ExpiresByType text/xml "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType application/json "access plus 0 seconds" # Feed ExpiresByType application/rss+xml "access plus 1 hour" ExpiresByType application/atom+xml "access plus 1 hour" # Favicon (cannot be renamed) ExpiresByType image/x-icon "access plus 1 week" # Media: images, video, audio ExpiresByType image/gif "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType video/mp4 "access plus 1 month" # Webfonts ExpiresByType application/x-font-ttf "access plus 1 month" ExpiresByType font/opentype "access plus 1 month" ExpiresByType application/x-font-woff "access plus 1 month" ExpiresByType image/svg+xml "access plus 1 month" ExpiresByType application/vnd.ms-fontobject "access plus 1 month" # CSS and JavaScript ExpiresByType text/css "access plus 1 year" ExpiresByType application/javascript "access plus 1 year"
4. Fix broken links, preserve SEO
Redirect /pdf_press /products/pdf-press
5. Custom error pages ErrorDocument 404 /error/error404.htm ErrorDocument 500 /error/error500.htm
6. Require SSL
# require SSL SSLOptions +StrictRequire SSLRequireSSL SSLRequire %{HTTP_HOST} eq "urfusion.net" ErrorDocument 403 https://urfusion.net # require SSL without mod_ssl RewriteCond %{HTTPS} !=on [NC] RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
7. Setting Environment Variables SetEnv SPECIAL_PATH /foo/bin
8. Password Protection With .htpasswd
#Usernames and passwords for the .htaccess system are stored in a file name .htpasswd #These are stored each on a single line, in the form: username:encryptedpassword AuthUserFile /usr/local/etc/.htpasswd AuthName "Name of Secure Area" AuthType Basic require valid-user
You can also put users into groups and allow access based on group. This is done by adding another file which specifies the groups.
The group file, which could be named (for example) .htgroups looks like this:
admin: johnsmith janedoe staff: jackdoe cindysmith
Then you can specify it in your .htaccess file:
AuthUserFile /usr/local/etc/.htpasswd AuthGroupFile /usr/local/etc/.htgroup AuthName "Admin Area" AuthType Basic require group admin
9. Block Users by Referrer
RewriteEngine on RewriteCond %{HTTP_REFERER} ^http://.*urfusion\.net [NC,OR] RewriteRule .* - [F]
10. Specifying a Default File for a Directory
DirectoryIndex home.html
11. Force Download by MIME Type
AddType application/octet-stream pdf doc docx rtf
12. Disable or Enable Index
#Disabling Indexes Options -Indexes #Enabling Indexes Options +Indexes #Hiding some files from the Index IndexIgnore *.gif *.jpg IndexIgnore secret-image.jpg
13. Scripts as Source pre
RemoveHandler cgi-script .php .py AddType text/plain .php .py
php_value upload_max_filesize 10M
more coming soon…
Recent Comments