what is .htaccess?
.htaccess files (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.
Where as Directives is the terminology that Apache uses for the commands in Apache’s
configuration files. They are normally relatively short commands, typically
key value pairs, that modify Apache’s behavior. An .htaccess file allows
developers to execute a bunch of these directives without requiring access to
Apache’s core server configuration file, often named httpd.conf. This file,
httpd.conf, is typically referred to as the “global configuration file” and I will
refer to it with that name or its short filename equivalent.
Enable Directory Browsing
Options +Indexes
## block a few types of files from showing
IndexIgnore *.wmv *.mp4 *.avi
Disable Directory Browsing
Options All -Indexes
Customize Error Messages
ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notfound.html
ErrorDocument 500 /servererror.html
Get SSI working with HTML/SHTML
AddType text/html .html
AddType text/html .shtml
AddHandler server-parsed .html
AddHandler server-parsed .shtml
# AddHandler server-parsed .htm
Change Default Page (order is followed!)
DirectoryIndex myhome.htm index.htm index.php
Block Users from accessing the site
order deny,allow
deny from 202.54.122.33
deny from 8.70.44.53
deny from .spammers.com
allow from all
Allow only LAN users
order deny,allow
deny from all
allow from 192.168.0.0/24
Redirect Visitors to New Page/Directory
Redirect oldpage.html http://www.domainname.com/newpage.html
Redirect /olddir http://www.domainname.com/newdir/
Block site from specific referrers
RewriteEngine on
RewriteCond % site-to-block\.com [NC]
RewriteCond % site-to-block-2\.com [NC]
RewriteRule .* - [F]
Block Hot Linking/Bandwidth hogging
RewriteEngine on
RewriteCond % !^$
RewriteCond % !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
Stop .htaccess (or any other file) from being viewed
order allow,deny
deny from all
Avoid the 500 Error
# Avoid 500 error by passing charset
AddDefaultCharset utf-8
Password Protecting Directories
Use the .htaccess Password Generator and follow the brief instructions!
Change Script Extensions
AddType application/x-httpd-php .gne
gne will now be treated as PHP files! Similarly, x-httpd-cgi for CGI files, etc.
Use MD5 Digests
Performance may take a hit but if thats not a problem, this is a nice option to turn on.
ContentDigest On
The CheckSpelling Directive
From Jens Meiert: CheckSpelling corrects simple spelling errors (for example, if someone forgets a letter or if any character is just wrong). Just add CheckSpelling On to your htaccess file.
The ContentDigest Directive
As the Apache core features documentation says: “This directive enables the generation of Content-MD5 headers as defined in RFC1864 respectively RFC2068. The Content-MD5 header provides an end-to-end message integrity check (MIC) of the entity-body. A proxy or client may check this header for detecting accidental modification of the entity-body in transit.
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached). Content-MD5 is only sent for documents served by the core, and not by any module. For example, SSI documents, output from CGI scripts, and byte range responses do not have this header.”
To turn this on, just add ContentDigest On.
Set an Expires header and enable Cache-Control
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 7200 seconds"
ExpiresByType image/gif "access plus 518400 seconds"
ExpiresByType image/jpeg "access plus 518400 seconds"
ExpiresByType image/png "access plus 518400 seconds"
ExpiresByType text/css "access plus 518400 seconds"
ExpiresByType text/javascript "access plus 216000 seconds"
ExpiresByType application/x-javascript "access plus 216000 seconds"
# Cache specified files for 6 days
Header set Cache-Control "max-age=518400, public"
# Cache HTML files for a couple hours
Header set Cache-Control "max-age=7200, private, must-revalidate"
# Cache PDFs for a day
Header set Cache-Control "max-age=86400, public"
# Cache Javascripts for 2.5 days
Header set Cache-Control "max-age=216000, private"
“Give a man a fish and he will eat for a day. Teach a man to fish and he
will eat for a lifetime.” - Confucius
.htaccess files (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.
Where as Directives is the terminology that Apache uses for the commands in Apache’s
configuration files. They are normally relatively short commands, typically
key value pairs, that modify Apache’s behavior. An .htaccess file allows
developers to execute a bunch of these directives without requiring access to
Apache’s core server configuration file, often named httpd.conf. This file,
httpd.conf, is typically referred to as the “global configuration file” and I will
refer to it with that name or its short filename equivalent.
Enable Directory Browsing
Options +Indexes
## block a few types of files from showing
IndexIgnore *.wmv *.mp4 *.avi
Disable Directory Browsing
Options All -Indexes
Customize Error Messages
ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notfound.html
ErrorDocument 500 /servererror.html
Get SSI working with HTML/SHTML
AddType text/html .html
AddType text/html .shtml
AddHandler server-parsed .html
AddHandler server-parsed .shtml
# AddHandler server-parsed .htm
Change Default Page (order is followed!)
DirectoryIndex myhome.htm index.htm index.php
Block Users from accessing the site
order deny,allow
deny from 202.54.122.33
deny from 8.70.44.53
deny from .spammers.com
allow from all
Allow only LAN users
order deny,allow
deny from all
allow from 192.168.0.0/24
Redirect Visitors to New Page/Directory
Redirect oldpage.html http://www.domainname.com/newpage.html
Redirect /olddir http://www.domainname.com/newdir/
Block site from specific referrers
RewriteEngine on
RewriteCond % site-to-block\.com [NC]
RewriteCond % site-to-block-2\.com [NC]
RewriteRule .* - [F]
Block Hot Linking/Bandwidth hogging
RewriteEngine on
RewriteCond % !^$
RewriteCond % !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
Stop .htaccess (or any other file) from being viewed
order allow,deny
deny from all
Avoid the 500 Error
# Avoid 500 error by passing charset
AddDefaultCharset utf-8
Password Protecting Directories
Use the .htaccess Password Generator and follow the brief instructions!
Change Script Extensions
AddType application/x-httpd-php .gne
gne will now be treated as PHP files! Similarly, x-httpd-cgi for CGI files, etc.
Use MD5 Digests
Performance may take a hit but if thats not a problem, this is a nice option to turn on.
ContentDigest On
The CheckSpelling Directive
From Jens Meiert: CheckSpelling corrects simple spelling errors (for example, if someone forgets a letter or if any character is just wrong). Just add CheckSpelling On to your htaccess file.
The ContentDigest Directive
As the Apache core features documentation says: “This directive enables the generation of Content-MD5 headers as defined in RFC1864 respectively RFC2068. The Content-MD5 header provides an end-to-end message integrity check (MIC) of the entity-body. A proxy or client may check this header for detecting accidental modification of the entity-body in transit.
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached). Content-MD5 is only sent for documents served by the core, and not by any module. For example, SSI documents, output from CGI scripts, and byte range responses do not have this header.”
To turn this on, just add ContentDigest On.
Set an Expires header and enable Cache-Control
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 7200 seconds"
ExpiresByType image/gif "access plus 518400 seconds"
ExpiresByType image/jpeg "access plus 518400 seconds"
ExpiresByType image/png "access plus 518400 seconds"
ExpiresByType text/css "access plus 518400 seconds"
ExpiresByType text/javascript "access plus 216000 seconds"
ExpiresByType application/x-javascript "access plus 216000 seconds"
# Cache specified files for 6 days
Header set Cache-Control "max-age=518400, public"
# Cache HTML files for a couple hours
Header set Cache-Control "max-age=7200, private, must-revalidate"
# Cache PDFs for a day
Header set Cache-Control "max-age=86400, public"
# Cache Javascripts for 2.5 days
Header set Cache-Control "max-age=216000, private"
“Give a man a fish and he will eat for a day. Teach a man to fish and he
will eat for a lifetime.” - Confucius
