Post by AskApache | Apr 25, 2023
.htaccess is a very ancient configuration file for web servers, and is one of the most powerful configuration files most webmasters will ever come across. This htaccess guide shows off the very best of the best htaccess tricks and code snippets from hackers and server administrators.
You've come to the right place if you are looking to acquire mad skills for using .htaccess files!
.htpasswd 301 Redirect Apache Apache HTTP Server Cache Hosting Htaccess Htaccess Software HTTP Headers httpd.conf HyperText Transfer Protocol mod_rewrite Redirect RewriteCond RewriteRule SSL
Apr 14, 2022
What if you'd like to send a 200 OK response instead of the default 404 Not Found response using Apache .htaccess
files or httpd.conf
? One use would be to make sure upstream caches cache any request on an api server, as 404's are not cached.
404 ErrorDocument Redirect
Mar 03, 2022
htaccess rewrite Master Class! If you understand the basics of mod_rewrite, or if you literally write the mod_rewite.c code, this article will transform your thinking. The transformation is profound. Deeply effective. Culmination of the best of the best mod_rewrite tricks for understanding and learning exactly what rewrite is doing.
Htaccess mod_rewrite PHP RewriteCond RewriteRule
Apr 30, 2021
.htaccess Topic vs htaccess Keyword
Apache Google Google Trends Htaccess SEO
May 16, 2020
Htaccess php-fpm
Oct 30, 2019
One of the biggest speed bottlenecks of sites today are images, specifically unoptimized images or large scaled images. With Apaches Rewrite module we can convert all existing jpegs and png files (and most gifs) to webp, then transparently rewrite them so that a request for img.png from a browser that supports webp will receive img.webp.
accept Header png RewriteCond RewriteRule vary webp
Jan 04, 2018
WordPress uses a file named .htaccess
to rewrite all requests to the main index.php
file. This article explains what the htaccess file rules look like and what they actually do.
Htaccess wordpress
Jul 22, 2016
Apache F5 HTTPS SetEnvIf X-Forwarded-For
Jun 16, 2016
Secure WP Super Cache, Anti-exploits, Mitigation techniques. A bunch of current ways to stop wordpress exploits and spam. 
security spam wordpress wordpress exploits
Sep 15, 2015
We've figured out what mod_rewrite variables look like, a cheatsheet of the actual value.
Apache cheatsheet Htaccess htaccess file mod_rewrite PHP rewrite Rewriting
Apr 16, 2015
Say you want to Serve Alternate Content based on Time, but instead of serving based off the current time, you want to serve based off yesterdays time, and using .htaccess mod_rewrite rules?
Htaccess mod_rewrite RewriteCond RewriteRule TIME TIME_DAY TIME_MIN TIME_MON TIME_SEC
Apr 10, 2015
Get your real server info
Apr 30, 2013
Want to redirect all links with any uppercase characters to lowercase using pure mod_rewrite within an .htaccess file? Sure why not! OR how to use RewriteMap and mod_speling for those with access to httpd.conf
Htaccess httpd.conf mod_rewrite mod_speling RewriteCond RewriteRule
Feb 22, 2013
So here's the basic idea: There are 2 sites, a development site and a live site. They are essentially mirrors of each other in terms of they have the same files. You need to disallow all search engine robots from indexing and crawling the development site, while allowing full crawling of your live site. Htaccess to the rescue!
Htaccess RewriteRule robots.txt
Feb 14, 2013
Use mod_rewrite to enable phpMyAdmin links in the form: /dbname/table/
phpMyAdmin RewriteRule
Feb 14, 2013
Request to https://www.askapache.com/cg/rewrite-test/?catch=caught&this=that
RewriteCond %{THE_REQUEST}
= GET /cgi-bin/php/pro/rewrite-test/?catch=caught&this=that HTTP/1.1
RewriteCond %{REQUEST_URI}
= /cg/rewrite-test/?catch=caught&this=that
RewriteCond %{QUERY_STRING}
= catch=caught&this=that
RewriteCond %{HTTP_HOST}
= www.askapache.com
RewriteCond %{HTTP_USER_AGENT}
= Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
RewriteCond %{REMOTE_ADDR}
= 8.8.8.8
Feb 01, 2013
AddDescription Apache bash
Oct 31, 2012
Quick and easy method to get a list of all Apache Modules currently loaded, a list of all the directives each module provides, a list of currently used directives, etc... These directives can be used in httpd.conf and/or .htaccess files so it is definately useful to know which ones are available and which ones are currently being used.
Apache bash lynx mod_rewrite mod_status server-info server-status
Feb 18, 2012
These are a few of the mod_rewrite uses that BlogSecurity declared pushed the boundaries of Mod_Rewrite! Some of these snippets are quite exotic and unlike anything you may have seen before, also only for those who understand them as they can kill a website pretty quick.
Htaccess mod_rewrite RewriteCond RewriteRule wordpress
Oct 29, 2011
301 Redirects Htaccess
Aug 20, 2011
FYI, using the Mod_Rewrite Variables Cheatsheet makes this example, and all advanced .htaccess code easier to understand. This demo lets you set a cookie with 1 of 3 values, then you just request the pdf file with a normal link click and get 1 of 3 different responses. This is accomplished with a nice bit of .htaccess code.
Htaccess HTTP cookie JavaScript PDF pdf.js Portable Document Format
Jan 06, 2011
There are a total of 57 HTTP Status Codes recognized by the Apache Web Server. Wouldn't you like to see what all those headers and their output, ErrorDocuments look like?
403 404 500 503 Htaccess mod_rewrite PHP RewriteCond RewriteRule
Oct 16, 2010
Here is even more information from the Ultimate Htaccess Part I. For now this is very rough and you will want to come back later to read it.
Apache HTTP Server Htaccess World Wide Web
Sep 09, 2010
mobile devices mobile proxy server Mobile web analytics
Jun 24, 2010
If you have a php.cgi or php.ini file in your /cgi-bin/ directory or other pub directory, try requesting them from your web browser. If your php.ini shows up or worse you are able to execute your php cgi, you'll need to secure it ASAP. This shows several ways to secure these files, and other interpreters like perl, fastCGI, bash, csh, etc.
Apache HTTP Server CGI Common Gateway Interface Htaccess HTTP 403 interpreter PHP php interpreter php.ini security SuEXEC
Apr 17, 2010
#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login.php).*$ [NC,OR]
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www.askapache.com$ [NC]
RewriteRule .* https://www.askapache.com%{REQUEST_URI} [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /(wp-admin/.*|wp-login.php.*) HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
RewriteCond RewriteEngine RewriteRule
Dec 15, 2009
Apache HTTP Server Htaccess Redirect rewrite RewriteBase RewriteCond RewriteEngine RewriteLock RewriteLog RewriteMap RewriteOptions RewriteRule
Sep 16, 2009
If you have files on your site that you don't want indexed by malicious search engines, grabbed and leeched by malicious spammers, or stolen and made available elsewhere, you can use mod_rewrite to drastically reduce or totally reduce that activity.
Htaccess malicious search engines mod_rewrite Spamming
Aug 30, 2009
Web Developers sometimes use file.ext?v=004
as a version control system to force visitors to use updated files. This is terrible. Instead link to apache-003.css
and set it to be cached forever. When you change the file you just change the links to apache-004.css
. That eliminates millions of bandwidth and resource robbing If-Modified-Since requests. You only need Apache with mod_rewrite, and 1-10 minutes!
Apache HTTP Server Cache Caching Htaccess httpd.conf
Mar 09, 2009

3-Part article covering practical implementation of 3 advanced .htaccess features. Discover an easy way to boost your SEO the AskApache way (focus on visitors), a tip you might keep and use for life. Get some cool security tricks to use against spammers, crackers, and other nefarious sorts. Take your site's error handling to the next level, enhanced ErrorDocuments that go beyond 404's.
SSI
Dec 19, 2008
This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual "locked gates" that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn't allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.
Dec 07, 2008
SetEnv, SetEnvIf, and SetEnvIfNoCase directives conditionally set environment variables accessible by scripts and apache based on HTTP Headers, Variables, and Request information.
Environment variable FilesMatch Header Htaccess SetEnvIf SetEnvIfNoCase
Oct 20, 2008
This past week I updated my sites apache.css file for a site-redesign. I wanted to make changes to the .css file that only I could see, so that my regular traffic and site-visitors would still see the old version. Here's the elegant solution I came up with using .htaccess and mod_rewrite that works so well I'm sharing it with all you wonderful and incredible people reading my blog :)
Apr 29, 2008
This is freaking sweet if you use SSL I promise you! Basically instead of having to check for HTTPS using a RewriteCond %{HTTPS} =on
for every redirect that can be either HTTP or HTTPS, I set an environment variable once with the value "http" or "https" if HTTP or HTTPS is being used for that request, and use that env variable in the RewriteRule.
HTTPS RewriteRule SSL
Apr 23, 2008
Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!
Htaccess mod_security security
Apr 08, 2008
Want to block a bad robot or web scraper using .htaccess files? Here are 2 methods that illustrate blocking 436 various user-agents.
Mar 29, 2008
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com
Some of the Ins and Outs of using SSL Connections with Apache.
301 Redirects Htaccess mod_rewrite SSL
Mar 29, 2008
Fresh .htaccess code for you! Check out the Cookie Manipulation and environment variable usage with mod_rewrite! I also included a couple Mod_Security .htaccess examples. Enjoy!
Mar 10, 2008
Using Cache-Control headers you can specify which types of proxies can cache certain content, and how long files should be cached.
Cache-Control Htaccess
Feb 09, 2008
A hit-list of some of my favorite mod_rewrite code snippets for .htaccess files