20130926-193229.jpg

I’m keeping a collection of .htaccess code snippets for future use. Maybe someone can use them as well.

[alert style=”1″]DISCLAIMER: If you don’t know what you are doing, don’t mess with your .htaccess file. Seriously, one typo can screw your website up. No joke. Always backup your .htaccess file before modifying it. Copy it to the same directory and rename it as “OLD.htaccess” for example.[/alert]

Disable Directory Browsing – Everyone Needs to Have This!

[codesyntax lang=”apache” lines=”normal”]

# disable directory browsing
Options ExecCGI Includes IncludesNOEXEC SymLinksIfOwnerMatch -Indexes[/codesyntax]

Securing Directory (403 Forbidden)

[codesyntax lang=”apache” lines=”normal”]

Options -Indexes
DirectoryIndex index.html index.php /index.php

[/codesyntax]

Redirect Everyone Except Certain IP

[codesyntax lang=”apache” lines=”normal”]

ErrorDocument 403 http://www.domain.com/403.html
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx[/codesyntax]

Allow Me, Allow Client with Password, Allows Validation (w3.org), Deny Everyone Else

[codesyntax lang=”apache” lines=”normal”]

AuthName "Site Under Development"
AuthUserFile /web/site.com/.htpasswd
AuthType basic
Require valid-user
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx w3.org
Satisfy Any

[/codesyntax]

301 Single File Redirect

[codesyntax lang=”apache” lines=”normal”]

Redirect 301 /file1.html http://www.domain.com/file2.html

[/codesyntax]

Protect Against Denial-of-Service (DOS) Attack

[codesyntax lang=”apache” lines=”normal”]

## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK
#bytes, 0-2147483647(2GB)
LimitRequestBody 10240000

[/codesyntax]

Require SSL

[codesyntax lang=”apache” lines=”normal”]

## SECURE WAY TO REQUIRE SSL
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "domain.com"
ErrorDocument 403 https://domain.com

[/codesyntax]

NoIndex by Robots

[codesyntax lang=”apache” lines=”normal”]

Header set X-Robots-Tag "noindex, noarchive, nosnippet"

[/codesyntax]

Error Pages – Allows people to see an Error Page you Created

[codesyntax lang=”apache” lines=”normal”]

ErrorDocument 404 /custom404.html #404 Error Page
ErrorDocument 500 /custom500.html #500 Error Page

[/codesyntax]

Redirect Non-WWW. to WWW.

[codesyntax lang=”apache” lines=”normal”]

# Redirect non-www urls to www
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.domain\.com
RewriteRule (.*) http://www.domain.com/$1 [R=301,L]

[/codesyntax]

Sources: moz.com, AskApace.com , htaccess Basics, & Some I’ve had for years & I don’t remember where I got them.