Embedded Files
The Apache web server is a leading choice for powering websites, utilized by millions around the globe. Among Apache's myriad of features is the capability to leverage .htaccess files. These simple text files offer a way to control server behavior, allowing for website customization and heightened security. Below are 20 indispensable .htaccess tips to help you tailor and protect your website.
1.Password-Protect Folders:
To secure a specific folder with a password, use the following .htaccess snippet:
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /your/encrypted/password/file
Require valid-user
Replace the placeholder with your actual encrypted password file, which can be generated using a tool like htpasswd.
2.IP-Based Visitor Blocking:
To ban visitors from specified IP addresses, employ this .htaccess code:
Order Allow,Deny
Deny from 192.168.1.10
You can also use wildcard characters to block a range of IPs.
3.URL Redirection:
Redirect users from an old URL to a new one using:
Redirect 301 /old-page.html http://www.yoursite.com/new-page.html
4.Enforce HTTPS:
Force users to connect using HTTPS with the below .htaccess command:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
5.Disable Directory Browsing:
Prevent Apache from listing folder contents with:
Options -Indexes
6.Customized Error Pages:
To serve custom error pages, utilize:
ErrorDocument 404 /your-404-page.html
ErrorDocument 500 /your-500-page.html
7.Enable Gzip Compression:
To compress website files and speed up loading times, use:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/css text/xml text/plain application/javascript
</IfModule>
8.Restrict File Types:
To block certain file types, employ:
<FilesMatch "\.(sql|conf)$">
Order allow,deny
Deny from all
</FilesMatch>
9.File Upload Limit:
Control the file upload size with:
php_value upload_max_filesize 10M
php_value post_max_size 10M
10.User-Agent Blocking:
Restrict access based on user agents with:
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} bad-agent [NC]
RewriteRule .* - [F]
11.Standardize www Prefix:
Ensure URLs use the 'www' prefix:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
12.Hide Server Signature:
Conceal server version and other metadata:
ServerSignature Off
13.Allow Specific HTTP Methods:
Limit access to specific HTTP methods:
<LimitExcept GET POST>
Order Deny,Allow
Deny from all
</LimitExcept>
14.Referrer Blocking:
Block certain referrers:
RewriteEngine on
RewriteCond %{HTTP_REFERER} spam-site.com [NC]
RewriteRule .* - [F]
15.Set MIME Types:
Define MIME types for specific file extensions:
AddType text/html .html
AddType application/json .json
16.Prevent Hotlinking:
Stop others from direct linking to your media:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC]
RewriteRule \.(gif|jpg|png)$ - [F]
17.Custom Error Handling:
Provide custom error pages:
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
18.HTTPS Redirection:
Redirect to a secure HTTPS version:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
19.Block Directory Listings:
Prevent visitors from seeing directory listings:
Options -Indexes
20.Add Custom HTTP Headers:
Include custom HTTP headers in your responses:
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
With these tips, you can both protect and customize your Apache-powered website to suit your specific needs.
Google Sites
Report abuse