htaccess tips and tricks

really help us make our website more secure,easy to configure more linux options by not going to server setup

How to use htaccess to secure, manage and optimize your website

What is .htaccess?
Hypertext Access or htaccess is an Apache configuration web server configuration file.

how to enable rewriting in htaccess file

##Rewrite Engine on code – MUST BE ACTIVE for rewrites##
Options +FollowSymLinks
RewriteEngine on

how to handle error in htaccess file

ErrorDocument 404 http://www.example.com/404.html

how to block indexes in htaccess

##Block Index Display##
Options All -Indexes

setting default index file in htaccess
##Set Default Index Files (Recourses)##
DirectoryIndex newindex.html

best way to protect htaccess file

##Secure htaccess file ##
<Files .htaccess>
Order Allow,Deny
Deny from all </Files>

protect wp-config file in wordpress

##Secure wpconfig.php ###
<Files wp-config.php>
Order Allow,Deny
Deny from all </Files>

blocking hotlinking in htaccess

## Block Hotlinking ##
##From all Sites Except Mine##
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(jpe?g|gif|bmp|png)$ – [F]

blocking hotlinking from specific site in htaccess

## Block Hotlinking ##
##From Specific Sites##
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?friendfeed\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?livejournal\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ – [F]

forcing a file save as .pdf,.doc,.mp4 etc.

## Force a file to download with a “Save As” ##
AddType application/octet-stream .doc .mov .avi .pdf .xls .mp4

Redirecting everyone but selected ip in htacess file

## Redirect Everyone but Selected IP Address ##
ErrorDocument 403 http://www.myoldsite.com
Order deny,allow
Deny from all Allow from 201.111.100.111

blocking selected ips in htaccess

## Block IP Address ##
order allow,deny
deny from 127.0.0.1
deny from 127.0.0.2
deny from 127.0.0.3
allow from all

redirect http:// to www in htaccess
## Redirect non-www to the www version ##
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

redirecting non-ssl pages to ssl pages
## Redirect all Pages to Secure ##
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

redirect to maintenance page in htaccess

## Redirect all to Maintenance Page ##
RewriteBase /
RewriteCond %{REMOTE_HOST} !^111\.11\.11\.11
RewriteCond %{REQUEST_URI} !^/downtime\.html$
RewriteRule ^(.*)$ /downtime.html [R=302,L]

permanent redirect in htacces

## Standard 301 Redirect for Permanent Changes ##
redirect 301 /old-page.html http://www.example.com/newpage.html

redirect directory to new redirect in htaccess
## Redirect for a Directory – Preserves Request ##
RedirectMatch 301 ^/old-folder(.*) http://www.example.com/$1

be aware this won’t move the files for you, you will need to make sure the new files are there or you’ll get a 404.

changing file type requests in htaccess
## Code to make all HTML requests become PHP requests – BE CAREFUL WITH THIS ONE ##
RedirectMatch 301 (.*)\.html$ http://www.example.com$1.php

redirecting to a new domain in htaccess file
## Redirect an Entire Domain – Preserve Request ##
RewriteRule (.*) http://www.newdomain.com/$1 [R=301,L]

redirect to new domain with no preservation in htaccess

## Redirect an Entire Domain – No Preservation ##
Redirect 301 / http://www.newdomain.com

speed up website in htaccess
first activate it on server if not activated it there,
paste the following code in htaccess file

##Enable GZIP Version 1##
php_value output_handler ob_gzhandler
css_value output_handler ob_gzhandler
js_value output_handler ob_gzhandler
##ENABLE GZIP Version 2##
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text\.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image\.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
##Enable GZIP Version 3##
<Files *.php>
SetOutputFilter DEFLATE
</Files>
<Files *.js>
SetOutputFilter DEFLATE
</Files>
<Files *.css>
SetOutputFilter DEFLATE
</Files>
<Files *.html>
SetOutputFilter DEFLATE
</Files>
##Enable GZIP Version 4##
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html

enabling cache in htaccess by default

##Enable Caching##
## Files to Cache for One Month
<FilesMatch “\.(flv|gif|jpg|jpeg|png|ico|swf)$”>
Header set Cache-Control “max-age=2592000”
</FilesMatch>
## Files to Cache for One Week
<FilesMatch “\.(js|css|pdf|txt)$”>
Header set Cache-Control “max-age=604800”
</FilesMatch>
## Files to Cache for One Day
<FilesMatch “\.(html|htm)$”>
Header set Cache-Control “max-age=43200”
</FilesMatch>
## Disable cache for script files
<FilesMatch “\.(pl|php|cgi|spl|scgi|fcgi)$”>
Header unset Cache-Control
</FilesMatch>

actiavting spell checking in htaccess

##Make Linux correct case sensitive urls/slight typos in urls##
CheckSpelling On