.htaccess Snippets

31 December, 2015

Server • Apache

Source: http://thejackol.com/htaccess-cheatsheet/

Enable Directory Browsing

Options +Indexes
## block a few types of files from showing
IndexIgnore *.wmv *.mp4 *.avi

Disable Directory Browsing

Options All -Indexes

Customize Error Messages

ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notfound.html
ErrorDocument 500 /servererror.html

Get SSI working with HTML/SHTML

AddType text/html .html
AddType text/html .shtml
AddHandler server-parsed .html
AddHandler server-parsed .shtml
# AddHandler server-parsed .htm

Change Default Page (order is followed!)

DirectoryIndex myhome.htm index.htm index.php

Block Users from accessing the site

<limit GET POST PUT>
    order deny,allow
    deny from 202.54.122.33
    deny from 8.70.44.53
    deny from .spammers.com
    allow from all
</limit>

Allow only LAN users

order deny,allow
deny from all
allow from 192.168.0.0/24

Redirect Visitors to New Page/Directory

Redirect oldpage.html http://www.domainname.com/newpage.html
Redirect /olddir http://www.domainname.com/newdir/

Block site from specific referrers

RewriteEngine on
RewriteCond %{HTTP_REFERER} site-to-block\.com [NC]
RewriteCond %{HTTP_REFERER} site-to-block-2\.com [NC]
RewriteRule .* - [F]

Block Hot Linking/Bandwidth hogging

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

Want to show a “Stealing is Bad” message too?

Add this below the Hot Link Blocking code:

RewriteRule \.(gif|jpg)$ http://www.mydomain.com/dontsteal.gif [R,L]

Stop .htaccess (or any other file) from being viewed

<files file-name>
    order allow,deny
    deny from all
</files>

Avoid the 500 Error

# Avoid 500 error by passing charset
AddDefaultCharset utf-8

Grant CGI Access in a directory

Options +ExecCGI
AddHandler cgi-script cgi pl
# To enable all scripts in a directory use the following
# SetHandler cgi-script

Change Script Extensions

AddType application/x-httpd-php .gne

gne will now be treated as PHP files! Similarly, x-httpd-cgi for CGI files, etc.

Use MD5 Digests

Performance may take a hit but if thats not a problem, this is a nice option to turn on.

ContentDigest On

Enable Gzip - Save Bandwidth

# BEGIN GZIP
<ifmodule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript
</ifmodule>
# END GZIP

Turn off magic_quotes_gpc

# Only if you use PHP
<ifmodule mod_php4.c>
    php_flag magic_quotes_gpc off
</ifmodule>

Set an Expires header and enable Cache-Control

<ifmodule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 1 seconds"
    ExpiresByType text/html "access plus 7200 seconds"
    ExpiresByType image/gif "access plus 518400 seconds"
    ExpiresByType image/jpeg "access plus 518400 seconds"
    ExpiresByType image/png "access plus 518400 seconds"
    ExpiresByType text/css "access plus 518400 seconds"
    ExpiresByType text/javascript "access plus 216000 seconds"
    ExpiresByType application/x-javascript "access plus 216000 seconds"
</ifmodule>

<ifmodule mod_headers.c>
    # Cache specified files for 6 days
    <filesmatch "\.(ico|flv|jpg|jpeg|png|gif|css|swf)$">
        Header set Cache-Control "max-age=518400, public"
    </filesmatch>
    
    # Cache HTML files for a couple hours
    <filesmatch "\.(html|htm)$">
        Header set Cache-Control "max-age=7200, private, must-revalidate"
    </filesmatch>
    
    # Cache PDFs for a day
    <filesmatch "\.(pdf)$">
        Header set Cache-Control "max-age=86400, public"
    </filesmatch>
    
    # Cache Javascripts for 2.5 days
    <filesmatch "\.(js)$">
        Header set Cache-Control "max-age=216000, private"
    </filesmatch>
</ifmodule>