Skip to page content or skip to Accesskey List.
Search evolt.org
evolt.org login: or register

Work

Main Page Content

Ultimate htaccess Examples

Posted on February 02, 2007

in Backend

by John Crowner (apachehtaccess)

Rated 0 (Add your rating)

Log in to add a comment
(10 comments so far)

Want more?

 
Picture of apachehtaccess

John Crowner

Member info | Full bio

User since: January 08, 2007

Last login: October 16, 2007

Articles written: 1

Here's my list of the ultimate htaccess code snippets and examples that I use all the time. I tried to keep them extremely minimalistic.

Don't miss checking out my example htaccess file, its very comprehensive

Hey jason I'm glad someone finally noticed the "development" htaccess at the bottom of my file! Thats honestly the piece of code I am most glad to have.

Heres the actual code that I use when I'm developing sites for clients

This lets google crawl the page, lets me access the whole site (24.205.23.222) without a password, and lets my client access the page WITH a password. It also allows for XHTML and CSS validation! (w3.org)

# ELITE HTACCESS FOR WEBDEVELOPERS
##############################################
AuthName "SiteName Administration"
AuthUserFile /home/sitename.com/.htpasswd
AuthType basic
Require valid-user
Order deny,allow
Deny from all
Allow from 24\.205\.23\.222
Allow from w3.org htmlhelp.com
Allow from googlebot.com
Satisfy Any

Each code snippet has been copied from htaccesselite. Additional and detailed info on each htaccess code snippet can be found at askapache.com

NOTE: Most of these snippets can be used with a Files or Filesmatch directive to only apply to certain files.

NOTE: Any htaccess rewrite examples should always begin with:

Options +FollowSymLinks
RewriteEngine On
RewriteBase /

Apache Documentation: 1.3 | 2.0 | 2.2 | Current

Make any file be a certain filetype (regardless of name or extension)

#Makes image.gif, blah.html, index.cgi all act as php
ForceType application/x-httpd-php

Redirect non-https requests to https server fixing double-login problem and ensuring that htpasswd authorization can only be entered using HTTPS

Additional https/ssl information and Apache SSL in htaccess examples

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com

SEO Friendly redirects for bad/old links and moved links

For single moved file

Redirect 301 /d/file.html http://www.htaccesselite.com/r/file.html

For multiple files like a blog/this.php?gh

RedirectMatch 301 /blog(.*) http://www.askapache.com/$1

different domain name

Redirect 301 / http://www.newdomain.com

Require the www

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/robots\.txt$
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

Require the www without hardcoding

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/robots\.txt$ [NC]
RewriteCond %{HTTP_HOST} !^www\.[a-z-]+\.[a-z]{2,6} [NC]
RewriteCond %{HTTP_HOST} ([a-z-]+\.[a-z]{2,6})$ [NC]
RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]

Require no subdomain

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/robots\.txt$
RewriteCond %{HTTP_HOST} \.([a-z-]+\.[a-z]{2,6})$ [NC]
RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]

Require no subdomain

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} \.([^\.]+\.[^\.0-9]+)$
RewriteCond %{REQUEST_URI} !^/robots\.txt$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

Redirect everyone to different site except 1 IP address (useful for web-development)

ErrorDocument 403 http://www.someothersite.com
Order deny,allow
Deny from all
Allow from 24.33.65.6

CHMOD your files

chmod .htpasswd files 640 chmod .htaccess files 644 chmod php files 600 chmod files that you really dont want people to see as 400 NEVER chmod 777, if something requires write access use 766

Variable (mod_env) Magic

Set the Timezone of the server:

SetEnv TZ America/Indianapolis

Set the Server Administrator Email:

SetEnv SERVER_ADMIN webmaste@htaccesselite.com

Turn off the ServerSignature

ServerSignature Off

Add a "en-US" language tag and "text/html; UTF-8" headers without meta tags

Article: Setting Charset in htaccess

Article: Using FilesMatch and Files in htaccess

AddDefaultCharset UTF-8
# Or AddType 'text/html; charset=UTF-8' html
DefaultLanguage en-US

Using the Files Directive

<Files ~ "\.(htm|html|css|js|php)$">
   AddDefaultCharset UTF-8
   DefaultLanguage en-US
</Files>

Using the FilesMatch Directive (preferred)

<FilesMatch "\.(htm|html|css|js|php)$">
   AddDefaultCharset UTF-8
   DefaultLanguage en-US
</FilesMatch>

Use a custom php.ini with mod_php or php as a cgi

Article: Custom PHP.ini tips and tricks

When php run as Apache Module (mod_php) in root .htaccess SetEnv PHPRC /location/todir/containing/phpinifile When php run as CGI Place your php.ini file in the dir of your cgi’d php, in this case /cgi-bin/ htaccess might look something like this AddHandler php-cgi .php .htm Action php-cgi /cgi-bin/php5.cgi When cgi’d php is run with wrapper (for FastCGI) You will have a shell wrapper script something like this: #!/bin/sh export PHP_FCGI_CHILDREN=3 exec /user3/x.com/htdocs/cgi-bin/php5.cgi Change To #!/bin/sh export PHP_FCGI_CHILDREN=3 exec /x.com/cgi-bin/php.cgi -c /abs/path/to/php.ini

Securing directories: Remove the ability to execute scripts

Heres a couple different ways I do it

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI

This is cool, you are basically categorizing all those files that end in those extensions so that they fall under the jurisdiction of the -ExecCGI command, which also means -FollowSymLinks (and the opposite is also true, +ExecCGI also turns on +FollowSymLinks)

Only allow GET and PUT request methods to your server.

Options -ExecCGI -Indexes -All +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} !^(GET|PUT)
RewriteRule .* - [F]

Processing All gif files to be processed through a cgi script

Action image/gif /cgi-bin/filter.cgi

Process request/file depending on the request method

Script PUT /cgi-bin/upload.cgi

Force Files to download, not be displayed in browser

AddType application/octet-stream .avi
AddType application/octet-stream .mpg

Then in your HTML you could just link directly to the file..

<a href="http://www.askapache.com/movies/mov1.avi">Download Movie1</a>

And then you will get a pop-up box asking whether you want to save the file or open it.

Show the source code of dynamic files

If you'd rather have .pl, .py, or .cgi files displayed in the browser as source rather than be executed as scripts, simply create a .htaccess file in the relevant directory with the following:

RemoveHandler cgi-script .pl .py .cgi

Dramatically Speed up your site by implementing Caching!

Article: Speed Up Sites with htaccess Caching

# MONTH
<FilesMatch "\.(flv|gif|jpg|jpeg|png|ico|swf)$">
   Header set Cache-Control "max-age=2592000"
</FilesMatch>

# WEEK
<FilesMatch "\.(js|css|pdf|txt)$">
   Header set Cache-Control "max-age=604800"
</FilesMatch>

# DAY
<FilesMatch "\.(html|htm)$">
   Header set Cache-Control "max-age=43200"
</FilesMatch>

Prevent Files image/file hotlinking and bandwidth stealing

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?askapache.com/.*$ [NC]
RewriteRule \.(gif|jpg|swf|flv|png)$ http://www.askapache.com/feed.gif [R=302,L]

ErrorDocuments

Article: Additional ErrorDocument Info and Examples

ErrorDocument 404 /favicon.ico
ErrorDocument 403 https://secure.htaccesselite.com
ErrorDocument 404 /cgi-bin/error.php
ErrorDocument 400 /cgi-bin/error.php
ErrorDocument 401 /cgi-bin/error.php
ErrorDocument 403 /cgi-bin/error.php
ErrorDocument 405 /cgi-bin/error.php
ErrorDocument 406 /cgi-bin/error.php
ErrorDocument 409 /cgi-bin/error.php
ErrorDocument 413 /cgi-bin/error.php
ErrorDocument 414 /cgi-bin/error.php
ErrorDocument 500 /cgi-bin/error.php
ErrorDocument 501 /cgi-bin/error.php

Note: You can also do an external link, but don't do an external link to your site or you will cause a loop that will hurt your SEO.

Authentication Magic

Require password for 1 file:

<Files login.php>
   AuthName "Prompt"
   AuthType Basic
   AuthUserFile /home/askapache.com/.htpasswd
   Require valid-user
</Files>

Protect multiple files:

<FilesMatch "^(exec|env|doit|phpinfo|w)\.*$">
   AuthName "Development"
   AuthUserFile /.htpasswd
   AuthType basic
   Require valid-user
</FilesMatch>

Example uses of the Allow Directive:

# A (partial) domain-name
Allow from 10.1.0.0/255.255.0.0

# Full IP address
Allow from 10.1.2.3

# More than 1 full IP address
Allow from 192.168.1.104 192.168.1.205

# Partial IP addresses
# first 1 to 3 bytes of IP, for subnet restriction.
Allow from 10.1
Allow from 10 172.20 192.168.2

# network/netmask pair
Allow from 10.1.0.0/255.255.0.0

# network/nnn CIDR specification
Allow from 10.1.0.0/16

# IPv6 addresses and subnets
Allow from 2001:db8::a00:20ff:fea7:ccea
Allow from 2001:db8::a00:20ff:fea7:ccea/10

Using visitor dependent environment variables:

Article: Additional SetEnvIf examples

SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
Order Deny,Allow
Deny from all
Allow from env=let_me_in

Allow from apache.org but deny from foo.apache.org

Order Allow,Deny
Allow from apache.org
Deny from foo.apache.org

Allow from IP address with no password prompt, and also allow from non-Ip address with password prompt:

AuthUserFile /home/www/site1-passwd
AuthType Basic
AuthName MySite
Require valid-user
Allow from 172.17.10
Satisfy Any

block access to files during certain hours of the day

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
# If the hour is 16 (4 PM) Then deny all access
RewriteCond %{TIME_HOUR} ^16$
RewriteRule ^.*$ - [F,L]

A good default example .htaccess file

I use this when I start a new site, and uncomment or delete parts of the file depending on the sites needs

# DEFAULT SETTINGS
##############################################
Options +ExecCGI -Indexes
DirectoryIndex index.php index.html index.htm

### DEFAULTS ###
ServerSignature Off
AddType video/x-flv .flv
AddType application/x-shockwave-flash .swf
AddType image/x-icon .ico
AddDefaultCharset UTF-8
DefaultLanguage en-US
SetEnv TZ America/Indianapolis
SetEnv SERVER_ADMIN webmaster@askapache.com

### FAST-CGI ###
AddHandler fastcgi-script fcgi
AddHandler php-cgi .php
Action php-cgi /cgi-bin/php5-wrapper.fcgi



# HEADERS and CACHING
##############################################
#### CACHING ####
# YEAR
<FilesMatch "\.(flv|gif|jpg|jpeg|png|ico)$">
   Header set Cache-Control "max-age=2592000"
</FilesMatch>
# WEEK
<FilesMatch "\.(js|css|pdf|swf)$">
   Header set Cache-Control "max-age=604800"
</FilesMatch>
# 10 minutes
<FilesMatch "\.(html|htm|txt)$">
   Header set Cache-Control "max-age=600"
</FilesMatch>
# DONT CACHE
<FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
   Header unset Cache-Control
</FilesMatch>



# REWRITES AND REDIRECTS
##############################################
### SEO REDIRECTS ###
Redirect 301 /2006/uncategorized/htaccesselitecom-aboutus.html http://www.^^SITE^^.^^TLD^^

### REWRITES ###
RewriteEngine On
RewriteBase /

### WORDPRESS ###
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress



# AUTHENTICATION
##############################################
AuthName "askapache.com"
Require valid-user
AuthUserFile /askapache/.htpasswd
AuthType basic
Ultimate htaccess Article
10 comments on this article. Log in to add your comment |

Awesome .htaccess resource!

Submitted by mydesignbuddy on February 8, 2007 - 15:58.

I've been looking a long time for a simple cheat sheet on most of these useful functions in apache. Even cooler, you have other features that I never knew about.

Thanks John,

login or register to post comments

Yeah its pretty awesome

Submitted by apachehtaccess on February 9, 2007 - 05:04.

Its being improved and getting better and better all the time.. check it out at AskApache Ultimate htaccess

login or register to post comments

So what would be the best

Submitted by cianuro on February 17, 2007 - 00:44.

So what would be the best method to redirect individual pages sitewide. For example, 301 redirect



domain1.com/productname.html to domain2.com/productname.html

domain1.com/productname2.html to domain2.com/productname.html





Like if one was to redirect a whole site to a completely new domain using the same URL and directory structure?

login or register to post comments

SOMEONE KNOW HOW TO ADD NEW FIELD PLZ

Submitted by buttercup on February 17, 2007 - 00:56.

I want to add new field in the useredit.php
the register.php is good and dont have to add field but i want
when the user is logged in he go to edit account and add his infos
ex: location, name, b-day....
SOMEONE CNA HELP ME PLZ THANK YOU

login or register to post comments

For questions about mod_rewrite and htaccess

Submitted by apachehtaccess on February 23, 2007 - 09:51.

For questions about mod_rewrite and htaccess check out the htaccessElite htaccess Forum You will get your questions answered there.

login or register to post comments

Thanks!! Excatly what I was looking for

Submitted by AxelF on March 7, 2007 - 13:31.

Very nice collection of examples - I had some serious trouble configuration restricted areas via .htaccess for my hobby-projects. Regards, Axel

login or register to post comments

Double Login

Submitted by Spirit77 on March 13, 2007 - 12:42.

I have also try it, and it works perfectly. Every request from mydomain.com is redirected to www.mydomain.com and the problems with the double login on my projekt are removed. Thanks

login or register to post comments

New version

Submitted by apachehtaccess on March 30, 2007 - 21:34.

There is more info to be found at Apache htaccess ultimate article

login or register to post comments

Very Extensive

Submitted by Tjeerd Kramer on May 8, 2007 - 10:05.

Being a webdeveloper / SEO engineer, .htaccess is one of the most powerfull tools at hand. I've bookmarked this extensive article for future reference, thanks a bunch!

login or register to post comments

ldap issues

Submitted by 5mi11er on May 24, 2007 - 20:06.

I cam across this page in search of an answer to the issue I discovered on our sites. I'd found my /var/log/messages being filled with lots of messages stating:
    httpd(pam_unix)[24404]: authentication failure; logname= uid=48 euid=48 tty= ruser= rhost= user=someuser
even though access was being granted. We primarily use PAM enabled LDAP for authentication, so, the hints about making sure apache could read the /etc/shadow file were backward for me; the authentication info wouldn't be found in /etc/shadow.

But, according to the /etc/pam.d/httpd config, it was simply pointing to system_auth, and thus unix authentication was also being tried on every web page access, and since apache didn't have access to /etc/shadow, that attempt would always fail.

So, I created a /etc/pam.d/system_auth_ldap file with the following:

#%PAM-1.0
auth required /lib/security/pam_env.so
#auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_deny.so

#account required /lib/security/pam_unix.so
#account [default=bad success=ok user_unknown=ignore authinfo_unavail=ignore system_err=ignore service_err=ignore] /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so

password required /lib/security/pam_cracklib.so retry=3 type=
#password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so

session required /lib/security/pam_limits.so
#session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
And modified the /etc/pam.d/httpd config file to this:
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth-ldap
account required /lib/security/pam_stack.so service=system-auth-ldap
account required /lib/security/pam_permit.so service=system-auth-ldap
I hope this helps someone else out there.
-Scott

login or register to post comments

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.orgEvolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.