February 12, 2013 459 Views 2 Comments

Htaccess Tricks

SHARE THIS ARTICLE

The Hypertext Access (.htaccess) file is a configuration file which is used on Apache based web servers to control which features get loaded. The directives within this small text file are automatically read and the associated feature/functionality enabled/disabled. Here’s a list of just a few of the things you can do (htaccess tips and tricks):

Force WWW in your url

So, you can get to a website by typing http://mydomain.com or by typing http://www.mydomain.com, should this matter to you? Yep. Search engines like Google doesn’t like when you have duplicate content on a website, this can significantly decrease your search engine ranking. To make sure that Google doesn’t index the content to the ‘non-www’ and the ‘www’ versions the same, it’s a good idea to force the www in the URL when people access your website.
Below is the code you’ll need to add to your .htaccess file to force/add the www to your URL. Replace ‘example’ with your domain name

# force www in url
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
# END force www in url

Caching and Compression

mod_gzip is an external extension module for Apache that allows you to quickly and easily compress your files before you send them to the client. By using this simple .htaccess file cahing, you can save bandwidth and drastically increase your website’s speed.

# file caching
# 1 YEAR
<FilesMatch ".(ico|pdf|flv)$">
Header set Cache-Control "max-age=29030400, public"
</FilesMatch>
# 1 WEEK
<FilesMatch ".(jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
# 2 DAYS
<FilesMatch ".(xml|txt|css|js)$">
Header set Cache-Control "max-age=172800, proxy-revalidate"
</FilesMatch>
# 1 MIN
<FilesMatch ".(html|htm|php)$">
Header set Cache-Control "max-age=60, private, proxy-revalidate"
</FilesMatch>
# END caching

Nicer Directory listing

First, you may need to enable directory listing by adding

Options +Indexes

to your .htaccess file.
Now you may improve the listing by adding:

IndexIgnore htaccess header.html icons robots.txt
IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble
HeaderName header.html
AddIcon icons/image.png .jpg .jpeg .png .gif</p>

Enable SSL with .htaccess

To force SSL (https://) on a single URL

# redirect for http /buy page
RewriteCond %{SERVER_PORT} =80
RewriteRule ^buy/?$ https://mysite.com/buy [R=301,QSA,L,NE]

To force SSL (https://) on a entire domain

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R,L]

Setting server timezone

php_value date.timezone "America/Chicago"

Ensuring media files are downloaded instead of played

AddType application/octet-stream .zip .mp3 .mp4

Error documents

To setup error documents, for example for ‘401 Unauthorised’, ‘403 Forbidden’, and ‘500 Internal Server’ error messages, create a .htaccess file with the following:

ErrorDocument 401 /error_pages/401.html
ErrorDocument 404 /error_pages/404.html
ErrorDocument 500 /error_pages/500.html

Create directory “error_pages” and add a 401.html, 404.html and 500.html file with desired error messages.

Deny visitors by IP address

To set-up visitors restrictions and blocking, create a .htaccess file which includes the following text:

order allow,deny
deny from 255.0.0.0
deny from 123.45.6.
allow from all

To set-up blocking of all visitors except yourself, create a .htaccess file with the following:

order allow,deny
allow from 255.0.0.0
deny from all

Prevent access to php.ini

To enable this, create a .htaccess file and include the following text:

<FilesMatch "^php5?.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>

Password Protect a Directory

To begin, decide which directory you would like to password protect (note that all files and subdirectories within the directory will be password protected), then create a .htaccess file with the following text within that folder (additionally run “htpasswd -c /var/.htpasswd admin” without the quotes from the terminal to create the user account for accessing the directory):

AuthName "Member's Area Name"
AuthUserFile /path/to/password/file/.htpasswd
AuthType Basic
require valid-user

Default htaccess file

Drupal6 – Download
Drupal7 – Download
Wordpress – Download
Shared Hosting – Download
  • John

    You know, ever since I uploaded my first WordPress website, I have been editing my HTACCESS file. After reading your post here, I am surprised at the number of things that can be done to the file in your favor. Thanks for the tips!

  • Chuck

    Denying visitors via IP address is a clean way to keep known spammers away from your site. It happens behind the scenes and does not use hardly any of your web resources.