The following are a list for directives that can be used in htaccess files to adjust file paths, adjust site security, prevent unwanted visitors and more.
In the following samples, you should replace the domain names, and file names to match your site needs. Even more, you need to remember to adjust the rewritebase to reflect the directory you are placing the htaccess file in. If it is the root directory, use “/”, if a subdirectory, use that directory name. The subdirectory should be of the form /dir/ (i.e. start at the root directory and terminate the path with a slash. You may remove the “ifModule” lines if you are certain that your server supports the features and you do not plan to move the htaccess file on another machine that would need verification of available functionality.
For your site security, if a index.html, index.php, index.asp is missing in a directory, you do not want people to list your directory. You can prevent listing of your directories by placing the following in the root directory htaccess file.
#Preventing Directory Listing IndexIgnore *
You would like to set the name of the default home page, other than the typical index.html, default.html, etc. You can set the default name with:
#Specify a default home page (index page) DirectoryIndex home.html
In the event that you forget to include the UTF-8 designation in your web files, set the default to UTF-8.
# Default to UTF-8php_value default_charset utf-8
To prevent search engines from seeing two different sites, mydomain.com and www.mydomain.com, you should force all requests to the site to use one or the other of these designations and force input to that. The following will remove www from all incoming requests.
# Never use www in the domain # Replace 'mydomain.com' with your domain nameRewriteEngine on RewriteBase /dir/ RewriteCond %{HTTP_HOST} ^www\.(([a-z0-9_]+\.)?mydomain\.com)$ [NC] RewriteRule .? http://%1%{REQUEST_URI} [R=301,L]
The following will force all input to include www.
# Always use www in the domain # Replace 'mydomain.com' with your domain nameRewriteEngine on RewriteBase /dir/ RewriteCond %{HTTP_HOST} ^([a-z.]+)?mydomain\.com$ [NC] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule .? http://www.%1mydomain.com%{REQUEST_URI} [R=301,L]
The following will force all connections to the site to be a secure access.
# Always use https for secure connections # Replace 'www.mydomain.com' with your domain name # (as it appears on your SSL certificate)RewriteEngine On RewriteBase /dir/ RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]
The following will set only selected pages of the site are secure.
# Always use https for secure connections # Replace 'www.mydomain.com' with your domain name # (as it appears on your SSL certificate)RewriteEngine On RewriteBase / RewriteCond %{HTTPS} on RewriteRule ^(about|contact|products-page|products-page/transaction-results)/$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The following will block traffic to multiple sites. Notice the use of OR
# Block traffic from multiple referrersRewriteEngine on Options +FollowSymlinks RewriteBase / RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR] RewriteCond %{HTTP_REFERER} badforum\.com [NC,OR] RewriteCond %{HTTP_REFERER} badsearchengine\.com [NC] RewriteRule .* - [F]
Redirect away from the root directory to a subfolder where you have placed your website.
# Set a default home directory, (this subfolder always loads) # Replace 'folder' with your subfolder nameRewriteEngine On RewriteBase / RewriteRule ^$ /folder/ [R=301,L]
Redirect your site from a previous location to a new location
# Rename a directory and force visitors to the new name # Replace 'old' with your old folder name # Replace 'new' with your new folder name RewriteEngine on RewriteBase / RewriteRule ^/?old([a-z/.]*)$ /new$1 [R=301,L]
RewriteEngine On RewriteBase /dir/ RewriteRule ^index\.html$ welcome.html
Do a permanent redirect (301 redirect) of multiple domain names to one location
# Redirect Multiple Domains to a Single Domain RewriteEngine On RewriteBase /dir/ RewriteCond %{HTTP_HOST} ^www.mydomain.net$ [NC,OR] RewriteCond %{HTTP_HOST} ^mydomain.net$ [NC,OR] RewriteCond %{HTTP_HOST} ^www.mydomain.net$ [NC] RewriteRule ^(.*)$ http://mydomain.net/$1 [R=301,L]
Prevent the hijacking/hotlinking of your images by producing a FORBIDDEN message
# Give Hotlinkers a 403 Forbidden warning.RewriteEngine on RewriteBase /dir/ RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://mydomain\.net/?.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://mydomain\.com/?.*$ [NC] RewriteRule \.(gif|jpe?g|png|bmp|js|css)$ – [F,NC]
Prevent the hijacking/hotlinking of your images by substituting an alternate image
# Redirect Hotlinkers to "warning.png"RewriteEngine on RewriteBase /dir/ RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://mydomain\.net/?.*$ RewriteCond %{HTTP_REFERER} !^http://mydomain\.com/?.*$ [NC] RewriteRule \.(gif|jpe?g|png|bmp|js|css)$ http://mydomain.com/warning.png [NC,R,L]
Prevent the access to selected types of file by anyone on your site
#Do not allow these file types to be calledRewriteEngine on RewriteBase /dir/ RewriteRule .*\.(jpg|jpe?g|gif|png|bmp|exe|swf)$ - [F,NC]
Set a Default image to be returned for all missing images
# Set up a Default ImageRewriteEngine On RewriteBase /dir/ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^images/.*\.jpg$ /images/default.jpg [L]
The following code can be used to turn files in a specific directory into files that can only be downloaded, not read from their current location. This can be used in a download store, where you would need a directory to hold the downloadable files. This creates a directory that is not listable by visitors and no file in the directory can be executed.
For this to work:
- you must include either ‘All’ or at least: ‘Limit’ and ‘Indexes’ parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
- OPTIONALLY: if “All” is not specified and you want the added protection offered by the OPTIONS directive below, you’ll need to add ‘Options’ to the AllowOverride list:
- Example:
- AllowOverride Limit Options Indexes
# For security reasons, Option followsymlinks cannot be overridden. # Options +FollowSymLinks Options +SymLinksIfOwnerMatch # deny *everything*Order Allow,Deny Deny from all # but now allow just *certain* necessary files:Order Allow,Deny Allow from all IndexIgnore */* # Force all downloads to automatically be treated as "save as" instead of launching in an application directly ForceType application/octet-stream Header set Content-Disposition attachment
Given the state of the internet, you may decide to block access to your website from selected locations. The following offers you a variety of ways to block traffic to your site.
Block traffic from specific websites
# Block traffic from multiple referrersRewriteEngine on # Options +FollowSymlinks RewriteBase /dir/ RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR] RewriteCond %{HTTP_REFERER} anotherbadsite\.com RewriteRule .* - [F]
Deny site from specific IP address with message
# Block a Specific IP Address # Replace the IP address you want to block # leave the "\" before each dot, which escapes the character).RewriteEngine On RewriteBase /dir/ RewriteCond %{REMOTE_ADDR} ^(123\.196\.8\.48)$ RewriteRule ^/* http://www.mydomain.com/sorry.html [L]
Deny site access to specific IP addresses with no comment
order allow,deny deny from 123.45.6.7 deny from 012.34.5. allow from all
Hide specific file.
# hide .htaccessorder allow,deny deny from all
Re-assign .html, .htm, and .shtml pages to be processed by the php processing.
# Force html through php processing AddType application/x-httpd-php .php .html .htm .shtml AddHandler application/x-httpd-php .html .htm .shtml
Add SSI preprocessing to your .shtml files
# Add SSI AddType text/html .shtml AddHandler server-parsed .shtml XBitHack on
Define the files to be used as the result of a document error.
# ERROR Documents ErrorDocument 400 /errors/badrequest.html ErrorDocument 401 /errors/authreqd.html ErrorDocument 403 /errors/forbid.html ErrorDocument 404 /errors/notfound.html ErrorDocument 500 /errors/serverr.html
# You can create your menu with its flags or whatever you like, and add the country code to end # of the links... <a href="page.html-fr" id="..."></a> <IfModule mod_rewrite.c> RewriteRule ^(.*)-fr$ http://www.google.com/translate_c?hl=fr&sl=en&u=http://corz.org/$1 [R,NC] RewriteRule ^(.*)-de$ http://www.google.com/translate_c?hl=de&sl=en&u=http://corz.org/$1 [R,NC] RewriteRule ^(.*)-es$ http://www.google.com/translate_c?hl=es&sl=en&u=http://corz.org/$1 [R,NC] RewriteRule ^(.*)-it$ http://www.google.com/translate_c?hl=it&sl=en&u=http://corz.org/$1 [R,NC] RewriteRule ^(.*)-pt$ http://www.google.com/translate_c?hl=pt&sl=en&u=http://corz.org/$1 [R,NC] <IfModule>