Useful Htaccess Tricks and Tips

Most people might not know the power of htaccess, here I want to discuss some important and useful tips & tricks about the htaccess. its helps to protect your web server against venomous attacks. It’s also many helps you to perform simple tasks efficiently such as web server optimization, redirection, Security, Secure directories by disabling execution of scripts, Block unwanted visitor based on referring domain, and many more.

What is .htaccess?

.htaccess could be a configuration file to be used on internet servers running the Apache internet Server. When a .htaccess file is placed in a very directory that is successively ‘loaded via the Apache internet Server’, then the .htaccess file is detected and dead by the Apache internet Server

Here some important Points:

1. Skip www

One of the SEO guidelines is, check that there’s only 1 computer address information to your website. Therefore, you’ll want this to direct all WWW traffic to non-WW, or the opposite means around.

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.iamramraj.com [NC]
RewriteRule ^(.*)$ http://iamramraj.com/$1 [L,R=301]

2. Custom Error page

Creating a custom error page for each of the error codes.

ErrorDocument 401 /error/401.php
ErrorDocument 403 /error/403.php
ErrorDocument 404 /error/404.php
ErrorDocument 500 /error/500.php

3. Cache files

File caching is another important approach in optimizing website loading time.

<FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>

4. Skip the download dialogue

Usually, after you attempt to transfer one thing from an internet server you get a call for participation asking whether or not you wish to avoid wasting the file or open it. To avoid that you just will use the below code on your .htaccess file.

AddType application/octet-stream .pdf
AddType application/octet-stream .zip
AddType application/octet-stream .mov

5. SEO Friendly 301 Permanent Redirects

Why it’s SEO friendly? today, some trendy search engine has the potential to observe 301 Permanent Redirects and update its existing record.

Redirect 301 http://www.iamramraj.com/home http://www.iamramraj.com/

6. Set Timezone

Sometimes, after you victimization date or mktime operate in PHP, it’ll show you a funny message concerning timezone. this is often one among the thanks to solving it. Set timezone for your server. a listing of supported timezone is often found here.

SetEnv TZ Australia/Melbourne

7. Compress files

Optimize your website loading time by compression files into smaller size.

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

8. Disable caching for sure file type

Well, within the alternative hand, you’ll disable caching for sure file kind.

# explicitly disable caching for scripts and other dynamic files
<FilesMatch ".(pl|php|cgi|spl|scgi|fcgi)$">
Header unset Cache-Control
</FilesMatch>

9. Secure directories by disabling execution of scripts

# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI

10. Blocking request supported User-Agent Header

This technique might save your information measure quota by interference bound bots or spiders from locomotion your web site.

# block visitors referred from indicated domains
<IfModule mod_rewrite.c>
SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spiderman) HTTP_SAFE_BADBOT
Deny from env=HTTP_SAFE_BADBOT
</ifModule>

11. Block unwanted visitor based on referring domain

# block visitors referred from indicated domains
<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP_REFERER} iamramraj.com [NC,OR]
 RewriteCond %{HTTP_REFERER} iamramraj.com [NC,OR]
 RewriteRule .* - [F]
</ifModule>

12. Change the default Index page

You can modify the default page index.html, index.php or index.htm to one thing else.

DirectoryIndex business.html

13. Disable directory browsing

Avoid the server from displaying directory index, or the opposite.

# disable directory browsing
Options All -Indexes

# enable directory browsing
Options All +Indexes

14. Rename htaccess files

You can also rename your .htaccess file name to something else to prevent access.

AccessFileName htacc.ess

15. Block access to your .htaccess file

The following code can stop user to access your .htaccess file. Also, you’ll block multiple file kind further.

# secure htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>

# prevent viewing of a specific file
<Files secretfile.jpg>
 order allow,deny
 deny from all
</Files>

# multiple file types
<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>

16. Prevent hacks

If you would like to extend the safety level of your website, you’ll chuck these few lines of codes to stop some common hacking techniques by sleuthing malicious uniform resource locator patterns.

RewriteEngine On

# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]

# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]

# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]

# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})

# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]

17. Hotlinking protection with .htaccess

Hate it once individuals stealing information measure from your website by victimization pictures that area unit hosted in your internet service? Use this, you’ll able to forestall it from happening.

RewriteBase /
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?iamramraj.com/.*$ [NC]
RewriteRule .(gif|jpg|swf|flv|png)$ /feed/ [R=302,L]