Saturday, 27 June 2015

30 Popular .htaccess code snippets

“A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration„. (FromWikipedia) The .htaccess method will only effect the folder in which the .htaccess file resides, and all the folders inside. The .htaccess file is very useful and allows you to do a lot of things… Here’s my list of the most popular htaccess code snippets that can be added to your .htaccess file. I hope you find them as useful as I do.

.Htaccess Code Snippets, Examples, Tips And Tricks

01. Protect WordPress Blog From Script Injections


 Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]
Source: http://wptidbits.com/tutorials/21-most-popular-htaccess-hacks-for-wordpress/

02. Prevent Hotlinking


 RewriteEngine On

#Replace ?mysite\.com/ with your blog url

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]

RewriteCond %{HTTP_REFERER} !^$

#Replace /images/nohotlink.jpg with your "don't hotlink" image url

RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
Source: http://www.wprecipes.com/how-to-protect-your…

03. Configure Your Website For HTML5 Videos


 RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_URI} !=/favicon.ico

AddType video/ogg .ogv

AddType video/ogg .ogg

AddType video/mp4 .mp4

AddType video/webm .webm

AddType application/x-shockwave-flash swf
Source: http://snipplr.com/view.php?codeview&id=53437

04. Use Browser Caching To Improve Blog Speed


 <IfModule mod_expires.c>

ExpiresActive On

ExpiresByType image/jpg "access 1 year"

ExpiresByType image/jpeg "access 1 year"

ExpiresByType image/gif "access 1 year"

ExpiresByType image/png "access 1 year"

ExpiresByType text/css "access 1 month"

ExpiresByType application/pdf "access 1 month"

ExpiresByType text/x-javascript "access 1 month"

ExpiresByType application/x-shockwave-flash "access 1 month"

ExpiresByType image/x-icon "access 1 year"

ExpiresDefault "access 2 days"

</IfModule>
Source: http://www.onextrapixel.com/2011/11/03/unleashing-htaccess-for-wordpress/

05. Blacklist Undesired Users And Bots Ip Address


 <Limit GET POST PUT>

order allow,deny

allow from all

deny from 123.456.789

deny from 93.121.788

deny from 223.956.789

deny from 128.456.780

</limit>
Source: http://www.smashingmagazine.com/2010/07/01/10-useful-wordpress-security-tweaks/

06. Redirect Hotlinkers


 RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(subdomain\.)?domain.tld/.*$ [NC]

RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ http://google.com [R]
Source: http://www.askapache.com/htaccess/ultimate-htaccess-file-sample.html

07. Force Trailing Slash


 <IfModule mod_rewrite.c>

 RewriteCond %{REQUEST_URI} /+[^\.]+$

 RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]

</IfModule>
Source: http://perishablepress.com/code-snippets/

08. Remove File Extensions From Urls


 RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME}\.html -f

RewriteRule ^(.*)$ $1.html

# Replace html with your file extension, eg: php, htm, asp
Source: http://eisabainyo.net/weblog/2007/08/19/removing-file-extension-via-htaccess

09. If You Want To Cover Both Http And Https


 Options +FollowSymlinks

RewriteEngine On

RewriteCond %{HTTP_HOST}//s%{HTTPS} ^www.(.*)//((s)on|s.*)$ [NC]

RewriteRule ^ http%3://%1%{REQUEST_URI} [L,R=301]
Source: http://www.askapache.com/htaccess/commonly-used-htaccess-code-examples.html

10. Create Custom Error Pages


 ErrorDocument 400 /errors/badrequest.html

ErrorDocument 401 /errors/authreqd.html

ErrorDocument 403 /errors/forbid.html

ErrorDocument 404 /errors/notfound.html

ErrorDocument 500 /errors/serverr.html
Source: http://css-tricks.com/snippets/htaccess/custom-error-pages/

11. Log PHP Errors


 # display no errs to user

php_flag display_startup_errors off

php_flag display_errors off

php_flag html_errors off

# log to file

php_flag log_errors on

php_value error_log /location/to/php_error.log
Source: http://css-tricks.com/snippets/htaccess/php-error-logging/

12. Redirect WordPress Feeds To FeedBurner


 # temp redirect wordpress content feeds to feedburner

<IfModule mod_rewrite.c>

 RewriteEngine on

 RewriteCond %{HTTP_USER_AGENT} !FeedBurner    [NC]

 RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]

 RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/webanddesigners [R=302,NC,L]

</IfModule>
Source: http://perishablepress.com/press/2008/03/25/redirect-wordpress-feeds-to-feedburner-via-htaccess-redux/

13. Force Download Of Specific Files


 <Files *.xls>

  ForceType application/octet-stream

  Header set Content-Disposition attachment

</Files>

<Files *.eps>

  ForceType application/octet-stream

  Header set Content-Disposition attachment

</Files>
Source: http://www.givegoodweb.com/post/30/forcing-a-download-with-apache-and-htaccess

14. Require Password For 1 File


 <Files login.php>

   AuthName "Prompt"

   AuthType Basic

   AuthUserFile /home/askapache.com/.htpasswd

   Require valid-user

</Files>

15. Protect Multiple Files


 <FilesMatch "^(exec|env|doit|phpinfo|w)\.*$">

   AuthName "Development"

   AuthUserFile /.htpasswd

   AuthType basic

   Require valid-user

</FilesMatch>
Source: http://www.angelmonticelli.com.ar/2010/03/ultimate-htaccess-code-snippets/

16. Compress Text Files


 <ifModule mod_deflate.c>

  <filesMatch "\.(css|js|x?html?|php)$">

    SetOutputFilter DEFLATE

  </filesMatch>

</ifModule>

17. Expire Headers


 <ifModule mod_expires.c>

  ExpiresActive On

  ExpiresDefault "access plus 1 seconds"

  ExpiresByType image/x-icon "access plus 2592000 seconds"

  ExpiresByType image/jpeg "access plus 2592000 seconds"

  ExpiresByType image/png "access plus 2592000 seconds"

  ExpiresByType image/gif "access plus 2592000 seconds"

  ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"

  ExpiresByType text/css "access plus 604800 seconds"

  ExpiresByType text/javascript "access plus 216000 seconds"

  ExpiresByType application/javascript "access plus 216000 seconds"

  ExpiresByType application/x-javascript "access plus 216000 seconds"

  ExpiresByType text/html "access plus 600 seconds"

  ExpiresByType application/xhtml+xml "access plus 600 seconds"

</ifModule>

18. Cache-Control Headers


 <ifModule mod_headers.c>

  <filesMatch "\.(ico|jpe?g|png|gif|swf)$">

    Header set Cache-Control "max-age=2592000, public"

  </filesMatch>

  <filesMatch "\.(css)$">

    Header set Cache-Control "max-age=604800, public"

  </filesMatch>

  <filesMatch "\.(js)$">

    Header set Cache-Control "max-age=216000, private"

  </filesMatch>

  <filesMatch "\.(x?html?|php)$">

    Header set Cache-Control "max-age=600, private, must-revalidate"

  </filesMatch>

</ifModule>

19. Turn ETags Off


 <ifModule mod_headers.c>

  Header unset ETag

</ifModule>

FileETag None

20. Remove Last-Modified Header


 <ifModule mod_headers.c>

  Header unset Last-Modified

</ifModule>
Source: http://www.samaxes.com/2009/01/more-on-compressing-and-caching-your-site-with-htaccess/

21. Banning A WordPress Spammer With .Htaccess


 <Limit GET POST>

order allow,deny

deny from 200.49.176.139

allow from all

</Limit>
Source: The easiest way to ban a WordPress spammer

22. How To: Deny Comment Posting To No Referrer Requests


 RewriteEngine On

RewriteCond %{REQUEST_METHOD} POST

RewriteCond %{REQUEST_URI} .wp-comments-post\.php*

RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]

RewriteCond %{HTTP_USER_AGENT} ^$

RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

23. Redirect Www To Non Www Or Vice Versa


 RewriteEngine On

RewriteBase /

RewriteCond %{HTTP_HOST} ^www.yourblogname.com [NC]

RewriteRule ^(.*)$ http://yourblogname.com/$1 [L,R=301]

RewriteEngine On

RewriteBase /

RewriteCond %{HTTP_HOST} ^yourblogname.com [NC]

RewriteRule ^(.*)$ http://www.yourblogname.com/$1 [L,R=301]
Source: http://www.webanddesigners.com/20-htaccess-hacks-to-prevent-your-wordpress-site-from-hacking/

24. Block Referring Domains


 #block referring domains

RewriteEngine on

RewriteCond %{HTTP_REFERER} digg\.com [NC]

RewriteRule .* – [F]

25. Redirect Visitors To A Maintenance Page


 RewriteEngine on

RewriteCond %{REQUEST_URI} !/maintenance.html$

RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123

RewriteRule $ /maintenance.html [R=302,L]
Source: Comment faire une page d’accueil pour les internautes

26. Allow Only Your IP Adress On The Wp-Admin Directory


 AuthUserFile /dev/null

AuthGroupFile /dev/null

AuthName "Example Access Control"

AuthType Basic

<Limit GET>

order allow, deny

deny from all

allow from xx.xx.xx.xx

</Limit>
Source: Protecting the WordPress wp-admin folder

27. Password-Protect Single File


 <Files secure.php>

AuthType Basic

AuthName "Prompt"

AuthUserFile /home/path/.htpasswd

Require valid-user

</Files>

28. Password-Protect Multiple Files


 <FilesMatch "^(execute|index|secure|insanity|biscuit)*$">

AuthType basic

AuthName "Development"

AuthUserFile /home/path/.htpasswd

Require valid-user

</FilesMatch>

29. Redirect Any Request For Anything From Spamsite To Differentspamsite


 RewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$ [NC]

RewriteRule .* http://www.differentspamsite.com [R]

Redirect All Requests From Spamsite To An Image Of Something At Differentspamsite


 RewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$ [NC]

RewriteRule .* http://www.differentspamsite/something.jpg [R]

Redirect Traffic From A Certain Address Or Range Of Addresses To Another Site


 RewriteCond %{REMOTE_ADDR} 192.168.10.*

RewriteRule .* http://www.differentspamsite.com/index.html [R]
Source: http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

30. Speed Up Your Site With .Htaccess Caching


 # 1 YEAR

<FilesMatch "\.(ico|pdf|flv)$">

Header set Cache-Control "max-age=29030400, public"

</FilesMatch>

# 1 WEEK

<FilesMatch "\.(jpg|jpeg|png|gif|swf)$">

Header set Cache-Control "max-age=604800, public"

</FilesMatch>

# 2 DAYS

<FilesMatch "\.(xml|txt|css|js)$">

Header set Cache-Control "max-age=172800, proxy-revalidate"

</FilesMatch>

# 1 MIN

<FilesMatch "\.(html|htm|php)$">

Header set Cache-Control "max-age=60, private, proxy-revalidate"

</FilesMatch>
Source: http://www.askapache.com/htaccess/speed-up-sites-with-htaccess-caching.html

31. Redirect All WordPress Feeds To Feedburner


 <IfModule mod_alias.c>

 RedirectMatch 301 /feed/(atom|rdf|rss|rss2)/?$ http://feedburner.com/yourfeed/

 RedirectMatch 301 /comments/feed/(atom|rdf|rss|rss2)/?$ http://feedburner.com/yourfeed/

</IfModule>
Source: http://www.wprecipes.com/how-to-redirect-wordpress-rss-feeds-to-feedburner-with-htaccess

32. Stop Spam On Your WordPress Blog


 <IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{REQUEST_METHOD} POST

RewriteCond %{REQUEST_URI} .wp-comments-post\.php*

RewriteCond %{HTTP_REFERER} !.*yourdomainname.* [OR]

RewriteCond %{HTTP_USER_AGENT} ^$

RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

</IfModule>
Source: http://www.wprecipes.com/reduce-spam-on-your-wordpress-blog-by-using-htaccess

33. Deny Access To Your Wp-Config.Php File


 # protect wpconfig.php

<files wp-config.php>

order allow,deny

deny from all

</files>

34. Securing The .Htaccess


 <Files ~ "^.*\.([Hh][Tt][Aa])">

 order allow,deny

 deny from all

 satisfy all

</Files>
Source: http://www.onextrapixel.com/2011/11/03/unleashing-htaccess-for-wordpress/
Warning: 
.htaccess files can do more harm than good if used incorrectly. You should always be careful when modifying your htaccess file: even a minor typographical error can make your site unusable!
So, be sure to keep the original working .htaccess as backup just in case you need to revert to original settings.

1 comment:

Subscribe to: Post Comments (Atom)