Htaccess Tips
1. Redirect to a secure https connection
If you want to redirect your entire site to a secure https connection, use the following:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
2. Block script execution
You can stop scripts in certain languages from running with this:
Options -ExecCGI
AddHandler cgi-script .pl .py .php .jsp. htm .shtml .sh .asp .cgi
3. Restrict file upload limits for PHP
You can restrict the maximum file size for uploading in PHP, as well as the maximum execution time. Just add this:
php_value upload_max_filesize 10M
php_value post_max_size 10M
php_value max_execution_time 200
php_value max_input_time 200
4. Force a file to download with a “Save As” prompt.
If you want to force someone to download a file instead of opening it in their browser, use this code:
AddType application/octet-stream .doc .mov .avi .pdf .xls .mp4
5. Compress file output with GZIP
You can add the following code to your htaccess file to compress all of your JavaScript, CSS and HTML files using GZIP
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text\.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image\.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
6 .Set up a 301 redirect
If you move around the structure of your site and need to redirect some old URLs to their new locations, the following bit of code will do so for you
Redirect 301 /original/filename.html http://domain.com/updated/filename.html
7. Set the default page of each directory
If you don’t want to use an index page in each directory, you can set the default page visited when someone reaches (like an about page or a page offering the newest content) that directory by adding this:
DirectoryIndex news.html
8. Prevent directory browsing
If you don’t include an index file in a directory, visitors can browse the directory itself. But preventing that is as easy as adding a single line to your .htaccess file:
Options All -Indexes
9 . Create a custom error page
.htaccess on a Linux Apache server makes it easy to create your own custom error pages. Just create your custom error page files and then add this code to your .htaccess file:
ErrorDocument 401 /401.php
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php
10 . Disguise your file types
You can disguise all of your file types by making them appear as PHP files. Just insert this snippet in:
ForceType application/x-httpd-php
11. Protect your site from hotlinking
The last thing you want is for those stealing your content to also be able to embed the images hosted on your server in their posts. It takes up your bandwidth and can quickly get expensive. Here’s a way to block hotlinking within htaccess:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([ -a-z0-9] \.)?domain\.com [NC]
RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L]
12 .Enable File Caching
Enabling file caching can greatly improve your site’s performance and speed. Use the following code to set up caching (changing the file types and time values to suit your site’s needs):
#cache html and htm files for one day
<FilesMatch “.(html|htm)$”>
Header set Cache-Control “max-age=43200″
</FilesMatch>
#cache css, javascript and text files for one week
<FilesMatch “.(js|css|txt)$”>
Header set Cache-Control “max-age=604800″
</FilesMatch>
#cache flash and images for one month
<FilesMatch “.(flv|swf|ico|gif|jpg|jpeg|png)$”>
Header set Cache-Control “max-age=2592000″
</FilesMatch>
#disable cache for script files
<FilesMatch “\.(pl|php|cgi|spl|scgi|fcgi)$”>
Header unset Cache-Control
</FilesMatch>
If you want to redirect your entire site to a secure https connection, use the following:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
2. Block script execution
You can stop scripts in certain languages from running with this:
Options -ExecCGI
AddHandler cgi-script .pl .py .php .jsp. htm .shtml .sh .asp .cgi
3. Restrict file upload limits for PHP
You can restrict the maximum file size for uploading in PHP, as well as the maximum execution time. Just add this:
php_value upload_max_filesize 10M
php_value post_max_size 10M
php_value max_execution_time 200
php_value max_input_time 200
4. Force a file to download with a “Save As” prompt.
If you want to force someone to download a file instead of opening it in their browser, use this code:
AddType application/octet-stream .doc .mov .avi .pdf .xls .mp4
5. Compress file output with GZIP
You can add the following code to your htaccess file to compress all of your JavaScript, CSS and HTML files using GZIP
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text\.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image\.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
6 .Set up a 301 redirect
If you move around the structure of your site and need to redirect some old URLs to their new locations, the following bit of code will do so for you
Redirect 301 /original/filename.html http://domain.com/updated/filename.html
7. Set the default page of each directory
If you don’t want to use an index page in each directory, you can set the default page visited when someone reaches (like an about page or a page offering the newest content) that directory by adding this:
DirectoryIndex news.html
8. Prevent directory browsing
If you don’t include an index file in a directory, visitors can browse the directory itself. But preventing that is as easy as adding a single line to your .htaccess file:
Options All -Indexes
9 . Create a custom error page
.htaccess on a Linux Apache server makes it easy to create your own custom error pages. Just create your custom error page files and then add this code to your .htaccess file:
ErrorDocument 401 /401.php
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php
10 . Disguise your file types
You can disguise all of your file types by making them appear as PHP files. Just insert this snippet in:
ForceType application/x-httpd-php
11. Protect your site from hotlinking
The last thing you want is for those stealing your content to also be able to embed the images hosted on your server in their posts. It takes up your bandwidth and can quickly get expensive. Here’s a way to block hotlinking within htaccess:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([ -a-z0-9] \.)?domain\.com [NC]
RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L]
12 .Enable File Caching
Enabling file caching can greatly improve your site’s performance and speed. Use the following code to set up caching (changing the file types and time values to suit your site’s needs):
#cache html and htm files for one day
<FilesMatch “.(html|htm)$”>
Header set Cache-Control “max-age=43200″
</FilesMatch>
#cache css, javascript and text files for one week
<FilesMatch “.(js|css|txt)$”>
Header set Cache-Control “max-age=604800″
</FilesMatch>
#cache flash and images for one month
<FilesMatch “.(flv|swf|ico|gif|jpg|jpeg|png)$”>
Header set Cache-Control “max-age=2592000″
</FilesMatch>
#disable cache for script files
<FilesMatch “\.(pl|php|cgi|spl|scgi|fcgi)$”>
Header unset Cache-Control
</FilesMatch>
Comments
Post a Comment