.htaccess Tutorials and Sample .htaccess Files
.htaccess file examples and code to get you up and running. This is the index of my favorite apache HTTP (htaccess, mod_rewrite, httpd.conf) examples, solutions, ideas, htaccess tips, apache tricks and .htaccess sample files. Some of my best server tricks and htaccess configuration techniques aren’t yet here, but are on their way. I like to semi-hide the very best solutions throughout these articles so that only the hungry find it. But 99% of these .htaccess articles are full of easy to use, cut-and-paste-ready htaccess example snippets.
Note: new section on mod_security!
For Webmasters
- When site is ‘Under Construction’
- Redirect Everyone but you to alternate page on your server.
- Set the Timezone of the server
- Set the Server Administrator Email
- Turn off the ServerSignature
- Force Files to download, do not display in browser
- Process All .gif files with a cgi script
- Process Requests with certain Request Methods
- Make any file be a certain filetype
- Use IfModule directive for robust code
Custom HTTP Headers
- Prevent Caching 100%
- Remove IE imagetoolbar without meta tag
- Add Privacy (P3P) Header to your site
- Add language and charset headers without meta tags
PHP htaccess tips
301 Redirects without mod_rewrite
- For single moved file
- Redirect home to new Domain
- For multiple files - RedirectMatch
- Redirect entire site to single file
- Example Redirect code in .htaccess
mod_rewrite tips and tricks
- Check for a key in QUERY_STRING
- Removes the QUERY_STRING from the URL
- Fix for infinite loops
- Require the www
- Redirect .php files to .html files (SEO friendly)
- Redirect .html files to actual .php files (SEO friendly)
- Block access to files during certain hours of the day
- Rewrite underscores to hyphens for SEO URL
- Redirecting Wordpress Feeds to Feedburner
- Only allow GET and PUT request methods
- Prevent bandwidth theft and file, image hotlinking
Speed with .htaccess Caching
- htaccess time cheat sheet
- Caching with mod_expires + mod_headers
- htaccess Caching with mod_headers
- htaccess Caching with mod_expires
htaccess Password Protection
- Require password for single file
- Password Protect multiple files
- Allow access from 1 IP without password prompt, require password for other IP
- Example .htaccess file for password protection
Security with Apache htaccess
- CHMOD your files
- Prevent access to .htaccess and .htpasswd files
- Show Source Code instead of executing
- Securing directories: Remove ability to execute scripts
- .htaccess ErrorDocuments
SSL encryption in htaccess, HTTPS
- Redirect non-https requests to https server
- Rewrite non-https to HTTPS without mod_ssl!
- Redirect everything served on port 80 to HTTPS URI
Apache Variable fun mod_env
Elite .htaccess Security with MOD_SECURITY
- Laying the smack down on attacks
- mod_security + mod_rewrite
- Block Spam by examining POST form fields
- Enable mod_security - DreamHost
- Disabling mod_security conditionally per IP
- Disabling mod_security with .htaccess Authorization
- AskApache’s MOD_SECURITY config for DreamHost
- Block WordPress Spam Forever!
- Force Any Connections to be Paused a set number of ms
- Only Allow Certain REQUEST_METHODS
- ModSecurity Debugging and Logging
- Turn Off/On Logging JUST for your IP Address
- Mod_Security Directives for DreamHost
- How I got Started with mod_sec
- Example httpd.conf mod_security rule files
SetEnvIf and SetEnvIfNoCase Examples
- Unique mod_setenvif Variables
- Populates HTTP_MY_ Variables with mod_setenvif variable values
- Set REMOTE_HOST to HTTP_HOST
- Allows only if HOST Header is present in request
- Add values from HTTP Headers
- Set the REDIRECT_STATUS for Interpreter Security
.htaccess Core Directives
Here are some of the directives included in the core of apache httpd that you may utilize in .htaccess files.
- Files
- Container for directives affecting files matching specified patterns
- Limit
- Container for authentication directives when accessed using specified HTTP methods
- LimitExcept
- Container for authentication directives to be applied when any HTTP method other than those specified is used to access the resource
- IfModule
- Container for directives based on existance of specified modules
- IfDefine
- Container for directives based on existance of command line defines
- FilesMatch
- Container for directives affecting files matching specified patterns
- AuthType
- An HTTP authorization type (e.g., “Basic”)
- AuthName
- The authentication realm (e.g. “Members Only”)
- Require
- Selects which authenticated users or groups may access a protected space
- Satisfy
- access policy if both allow and require used (’all’ or ‘any’)
- AddDefaultCharset
- The name of the default charset to add to any Content-Type without one or ‘Off’ to disable
- AcceptPathInfo
- Set to on or off for PATH_INFO to be accepted by handlers, or default for the per-handler preference when AllowOverride includes FileInfo
- ErrorDocument
- Change responses for HTTP errors
- Options
- Set a number of attributes for a given directory
- DefaultType
- the default MIME type for untypable files
- FileETag
- Specify components used to construct a file’s ETag
- ServerSignature
- En-/disable server signature (on|off|email)
- ContentDigest
- whether or not to send a Content-MD5 header with each request
- LimitRequestBody
- Limit (in bytes) on maximum size of request message body
- LimitXMLRequestBody
- Limit (in bytes) on maximum size of an XML-based request body
- ForceType
- a mime type that overrides other configured type
- SetHandler
- a handler name that overrides any other configured handler
- SetOutputFilter
- filter (or ; delimited list of filters) to be run on the request content
- SetInputFilter
- filter (or ; delimited list of filters) to be run on the request body
- AddOutputFilterByType
- output filter name followed by one or more content-types
Apache Authorization
.htaccess directives for controlling authorization (AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, trunk/mod/mod_authn_core.html#authname, trunk/mod/mod_authn_core.html#authtype, trunk/mod/mod_authn_file.html#authuserfile, trunk/mod/mod_authz_core.html#require).
Apache Files and Information
.htaccess directives controlling document types (defaulttype, errordocument, forcetype, trunk/mod/mod_negotiation.html#languagepriority, sethandler, setinputfilter, setoutputfilter, trunk/mod/mod_headers.html#header, trunk/mod/mod_headers.html#requestheader, trunk/mod/mod_setenvif.html#setenvif, trunk/mod/mod_setenvif.html#setenvifnocase, BrowserMatch, CookieExpires, CookieDomain, CookieStyle, CookieTracking, CookieName, trunk/mod/mod_rewrite.html directives RewriteEngine, RewriteOptions, RewriteBase, trunk/mod/mod_rewrite.html#rewritecond, trunk/mod/mod_rewrite.html#rewriterule) and Action from mod_actions.
Apache Directory Indexing
.htaccess directives controlling directory indexing (AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, trunk/mod/mod_dir.html#directoryindex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName).
Apache Access Control
.htaccess directives controlling host access (trunk/mod/mod_authz_host.html#allow, trunk/mod/mod_authz_host.html#deny and Order).
.htaccess Tutorial Index | » htaccess tricks for Webmasters
htaccess sample-.htaccess create-htaccess htaccess-file
Related Articles
askapache
12.07.06 at 1:40 am
That’s perfect summary, very valuable for my next job of doing SEO friendly urls through htaccess. Thank you.
02.07.07 at 4:56 pm
So I try to set up a simple .htaccess file for this site to get rid of the ugly default wordpress links and guess what? It causes a server error
Great. I email the tech support of the hosting and they say they need more information and point me to some useless FAQs. What information do you want?! All I want is to create an .htaccess file sheesh
I did, however, come across the *ultimate* .htaccess guide in the process - Seemed like an interesting blog in general
02.09.07 at 11:58 am
Thanks for this article, it’s great.
So great that we’ve made it ‘sticky‘ on The Webmaster Forums.
Now we don’t have to repeat ourselves, just send people to this article!
02.10.07 at 5:32 pm
Great list, it helps clear up much of the htacess mystery and confusion that comes from creating such files.
02.23.07 at 12:15 am
An amazing Article, with consise and yet very specific.
02.28.07 at 7:30 am
this does not seem to work ?
It lets me in from any ip address ?
I’ve managed to get it to work like this (although may not be correct)
I’m not sure if this is optimal however.
03.09.07 at 5:56 am
hi i needed a little help.
I wanted to redirect a given page twice.
I am building a site in joomla and its a great problem using their .htaccess file….
So could u please help he
04.13.07 at 9:41 pm
A great article. One of the best tutorial available online.
08.13.07 at 4:37 pm
http://www.michiknows.com/2007/02/12/who-else-wants-to-hide-their-wordpress-admin-folder/
10.07.07 at 9:38 am
very nice doc
thank you man.
10.26.07 at 9:02 pm
Hello,
How can I write a rule for :
domain.tld/index.php?option=com_content&task=view&id=16Itemid=32 to -> http//domain.tld/content/And:
domain.tld/index.php?option=com_content&task=view&id=30&Itemid=63 to -> http://domain.tld/content/careersThanks
12.13.07 at 11:40 pm
[...] Or just add this to your blogs .htaccess file. [...]
12.17.07 at 10:36 pm
After three frustrating phone calls to the idiots at 1&1 hosting, simply trying to help one of my clients get a redirect…I gave up and asked my website hosting company, DreamHost for help. Their article directed me to this site, which, solved the problem with my client’s site in a snap. Thank you so much for this!
04.18.08 at 6:43 am
Thanks for putting this up. This guide is complete and direct to the point. I like it!