here are some common .htaccess syntaxes and examples:
1. Redirects:
- Redirect from one page to another:
```apache
Redirect 301 /old-page.html /new-page.html
```
- Redirect entire site to a new domain:
```apache
Redirect 301 / https://newdomain.com/
```
2. Rewrite Rules:
- Enable mod_rewrite:
```apache
RewriteEngine On
```
- Rewrite URLs (e.g., remove .php extension):
```apache
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
```
- Remove "www" from the URL:
```apache
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
```
- Force HTTPS for a specific domain:
```apache
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^yourdomain\.com$ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
```
3. Error Handling:
- Custom error pages:
```apache
ErrorDocument 404 /error404.html
```
4. Deny Access:
- Deny access to a specific IP address or range:
```apache
order deny,allow
deny from 192.168.1.100
```
- Block access to specific file types:
```apache
<FilesMatch "\.(txt|pdf|doc)$">
Order Deny,Allow
Deny from all
</FilesMatch>
```
5. Security:
- Prevent directory listing:
```apache
Options -Indexes
```
- Protect .htaccess file:
```apache
<Files ".htaccess">
Require all denied
</Files>
```
6. MIME Types:
- Set custom MIME types (e.g., for web fonts):
```apache
AddType application/font-woff2 .woff2
AddType application/font-woff .woff
AddType application/octet-stream .ttf .otf
```
Remember to use these syntaxes with caution, as incorrect .htaccess rules can lead to issues with your website. Always make a backup of your existing .htaccess file before making changes and test thoroughly after implementing any new rules.
7. Compression:
- Enable gzip compression for various file types:
```apache
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
# Exclude some browser-specific files from compression
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>
```
8. Cache Control:
- Set caching for certain file types:
```apache
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/html "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
```
9. Server-Side Includes:
- Enable Server-Side Includes (SSI):
```apache
AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes
```
10. Control PHP Settings:
- Increase PHP upload file size limit:
```apache
php_value upload_max_filesize 20M
php_value post_max_size 20M
```
- Disable PHP error reporting:
```apache
php_flag display_errors off
php_flag log_errors on
php_value error_log /path/to/php_error.log
```
Remember that the availability of specific modules (e.g., mod_rewrite, mod_deflate, mod_expires) may vary depending on your web server setup. Always check with your hosting provider or server administrator if you encounter any issues or if you are unsure about the modules available. Additionally, improper use of .htaccess rules can cause unexpected behavior, so test thoroughly after making changes to ensure everything works as expected.
11. Hotlink Protection:
- Prevent other websites from directly linking to your images:
```apache
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com/ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
```
12. URL Parameters:
- Remove "index.php" from URLs using the "DirectoryIndex" directive:
```apache
DirectoryIndex home.php
```
- Change URL parameter format from "example.com/page?param=value" to "example.com/page/value":
```apache
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
```
13. CORS (Cross-Origin Resource Sharing):
- Allow specific domains to access your resources:
```apache
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "https://example.com"
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
</IfModule>
```
14. Directory-Specific Settings:
- Set a different default page for a specific directory:
```apache
DirectoryIndex alternative.html
```
- Protect a directory with a password (requires mod_auth):
```apache
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
```
15. IP Whitelisting:
- Allow specific IP addresses to access your site:
```apache
order deny,allow
deny from all
allow from 192.168.1.100
allow from 10.0.0.0/8
```
16. Custom Server Response:
- Return a custom server response code:
```apache
ErrorDocument 403 /error403.html
```
17. Disable Directory Browsing:
- Prevent users from seeing the list of files in a directory if no index file is present:
```apache
Options -Indexes
```
Remember to adjust these .htaccess rules based on your specific needs and requirements. Always double-check your changes to avoid unintended consequences. Additionally, ensure that your web server has the necessary modules enabled to support the directives you're using. Incorrect or unsupported directives can cause server errors and unexpected behavior.
18. Block User Agents:
- Block access from specific user agents (e.g., web crawlers, bots):
```apache
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (badbot1|badbot2|badbot3) [NC]
RewriteRule ^.*$ - [F,L]
```
19. Prevent Image Hotlinking and Redirect:
- Redirect hotlinked images to a custom image or page:
```apache
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com/ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ /images/hotlink-forbidden.png [NC,R,L]
```
20. Force File Download:
- Force files to be downloaded instead of displaying them in the browser:
```apache
<FilesMatch "\.(pdf|zip|mp3)">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
```
21. MIME Type Handling:
- Set a custom MIME type for specific file extensions:
```apache
AddType application/extension .ext
```
22. Redirect based on Browser Language:
- Redirect users based on their browser's preferred language:
```apache
RewriteEngine On
RewriteCond %{HTTP:Accept-Language} (fr) [NC]
RewriteRule ^$ /index-fr.php [L]
```
23. RewriteBase:
- Set the base URL for relative path rewriting (useful in subdirectories):
```apache
RewriteBase /subdirectory/
```
24. Conditional Error Pages:
- Set custom error pages based on the HTTP status code:
```apache
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
```
25. IP Blocking with CIDR Notation:
- Block a range of IP addresses using CIDR notation:
```apache
Order deny,allow
Deny from 192.168.1.0/24
Allow from all
```
These .htaccess syntaxes and examples cover a range of useful configurations, from security measures to redirect and caching rules. As always, it's crucial to understand what each rule does and test your .htaccess file thoroughly after making any changes to avoid unintended consequences.
26. Limiting File Upload Size:
- Restrict the maximum file upload size for forms on your website:
```apache
# Limit upload size to 10 MB
LimitRequestBody 10485760
```
27. Custom Response Headers:
- Add custom response headers to the server's responses:
```apache
<IfModule mod_headers.c>
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
```
28. Hiding Server Information:
- Prevent the server version and other sensitive information from being disclosed:
```apache
ServerSignature Off
ServerTokens Prod
```
29. Redirect Non-www to www (or vice versa):
- Redirect users to either the www or non-www version of your domain:
```apache
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
```
30. URL Rewriting for SEO-Friendly URLs:
- Convert dynamic URLs into SEO-friendly ones:
```apache
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^products/([a-zA-Z0-9_-]+)$ product.php?slug=$1 [QSA,L]
```
31. Maintenance Mode:
- Display a maintenance page while performing site updates:
```apache
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteRule ^(.*)$ /maintenance.html [R=307,L]
```
32. Enabling HTTP/2 Push for Resources:
- Push resources to the client proactively over HTTP/2:
```apache
<IfModule mod_http2.c>
<FilesMatch "\.(html|css|js|png|jpg|svg|gif)$">
Header add Link "<$uri>; rel=preload; as=image" # Replace as=image with as=script for JS files
</FilesMatch>
</IfModule>
```
Remember to check if the modules used in these examples (e.g., mod_http2, mod_headers) are available and enabled on your server. Additionally, keep in mind that .htaccess files can affect server performance, so try to consolidate rules and only use what is necessary for your specific use case.
Always test thoroughly after making changes to ensure that your website functions as expected and remains secure.
33. Secure Your .htaccess File:
- Prevent unauthorized access to the .htaccess file itself:
```apache
<Files ".htaccess">
Require all denied
</Files>
```
34. Handle Custom Error Pages with PHP:
- Use PHP to handle custom error pages for better flexibility:
```apache
ErrorDocument 404 /error.php?error=404
ErrorDocument 500 /error.php?error=500
```
35. Set Default Charset:
- Set the default character encoding for your website:
```apache
AddDefaultCharset UTF-8
```
36. Enable Cross-Origin Resource Sharing (CORS) for Fonts:
- Allow cross-origin requests for web fonts:
```apache
<IfModule mod_headers.c>
<FilesMatch "\.(eot|otf|ttc|ttf|woff|woff2|font.css)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
```
37. Enable HTTP Strict Transport Security (HSTS):
- Force HTTPS connections for a specific period to improve security:
```apache
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>
```
38. Set Environment Variables:
- Set environment variables for your website's configurations:
```apache
SetEnv APPLICATION_ENV production
```
39. Proxy Configuration:
- Configure Apache as a reverse proxy to forward requests to another server:
```apache
ProxyPass / http://backend-server-ip/
ProxyPassReverse / http://backend-server-ip/
```
40. Disable ETags:
- Turn off ETags to improve caching and reduce server load:
```apache
FileETag None
```
41. Limit Access to Specific IPs or Ranges for Specific Files:
- Allow access to specific files only from certain IP addresses or ranges:
```apache
<Files "admin.php">
Require ip 192.168.1.100
Require ip 10.0.0.0/24
</Files>
```
42. Change PHP Configuration Directives:
- Change PHP settings directly from .htaccess:
```apache
php_flag display_errors off
php_value memory_limit 256M
```
Remember to thoroughly test your .htaccess rules after implementation to ensure they work as intended. Incorrect .htaccess rules can lead to server errors or unexpected behavior. Additionally, make sure to have a backup of your original .htaccess file before making any changes.
43. Disable HTTP Methods:
- Restrict certain HTTP methods to improve security:
```apache
<LimitExcept GET POST HEAD>
Require all denied
</LimitExcept>
```
44. Enable Cross-Origin Resource Sharing (CORS) for AJAX Requests:
- Allow cross-origin AJAX requests from specific domains:
```apache
<IfModule mod_headers.c>
SetEnvIf Origin "^https://allowed-domain\.com$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials true
</IfModule>
```
45. Enable Directory Listing:
- Allow directory listing for a specific directory:
```apache
Options +Indexes
```
46. Handle Specific File Types with PHP:
- Route specific file types through PHP for additional processing:
```apache
AddType application/x-httpd-php .customext
```
47. Disable Access to Specific File Types:
- Prevent access to certain file types for security purposes:
```apache
<FilesMatch "\.(sql|ini)$">
Require all denied
</FilesMatch>
```
48. Custom Response Status Messages:
- Set custom response status messages for specific URLs:
```apache
Redirect 410 /old-page.html
```
49. Set Max Execution Time for PHP Scripts:
- Limit the maximum execution time for PHP scripts to prevent long-running processes:
```apache
php_value max_execution_time 60
```
50. Block Access to Hidden Files:
- Block access to hidden files and directories starting with a dot:
```apache
RedirectMatch 404 /\..*$
```
51. Enable HTTP/2 Push for CSS and JS Resources:
- Push CSS and JS resources proactively over HTTP/2:
```apache
<IfModule mod_headers.c>
<FilesMatch "\.(css|js)$">
Header add Link "</path/to/your-file.css>; rel=preload; as=style"
Header add Link "</path/to/your-file.js>; rel=preload; as=script"
</FilesMatch>
</IfModule>
```
Remember that the effectiveness and appropriateness of these .htaccess rules will depend on your specific website's needs and configuration. Always thoroughly test your website after implementing any .htaccess changes, and make sure you have a backup of your original .htaccess file to revert to in case of issues.
52. Password Protect a Directory using Basic Authentication:
- Create a password-protected directory with a username and password:
```apache
AuthType Basic
AuthName "Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
```
To generate the `.htpasswd` file, you can use the `htpasswd` command-line tool:
```
htpasswd -c /path/to/.htpasswd username
```
The `-c` flag is used only when creating the file for the first time. For additional users, omit the `-c` flag.
53. Set Cache-Control and Expires Headers:
- Specify cache settings for different file types:
```apache
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/html "access plus 1 week"
ExpiresByType text/css "access plus 2 weeks"
ExpiresByType application/javascript "access plus 2 weeks"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
</IfModule>
```
54. Prevent Content Type Sniffing:
- Disable content type sniffing to prevent browsers from interpreting files incorrectly:
```apache
<IfModule mod_headers.c>
Header set X-Content-Type-Options nosniff
</IfModule>
```
55. Custom Error Page for Specific HTTP Status Code:
- Set a custom error page for a specific HTTP status code:
```apache
ErrorDocument 403 /error-pages/forbidden.html
ErrorDocument 500 /error-pages/server-error.html
```
56. Rewrite URL with Query String Parameters:
- Rewrite a URL with query string parameters:
```apache
RewriteEngine On
RewriteCond %{QUERY_STRING} ^id=123&name=([^&]+)$ [NC]
RewriteRule ^page\.php$ /user/%1? [R=301,L]
```
57. Restrict Access Based on HTTP Method:
- Restrict access to certain URLs based on HTTP methods:
```apache
<Limit POST PUT DELETE>
Require all denied
</Limit>
```
58. Force File Downloads (Forcing Download of Specific File Types):
- Force files to be downloaded instead of opened in the browser:
```apache
<FilesMatch "\.(pdf|zip)$">
Header set Content-Disposition attachment
</FilesMatch>
```
59. Enable Gzip Compression for SVG Images:
- Compress SVG images for faster loading:
```apache
<IfModule mod_deflate.c>
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
</IfModule>
```
60. Set a Custom PHP Configuration for Specific Directory:
- Apply custom PHP settings only to a specific directory:
```apache
<IfModule mod_php7.c>
php_value max_execution_time 60
php_value memory_limit 128M
</IfModule>
```
Remember that .htaccess rules can have different effects depending on your server's configuration. Always test the rules thoroughly to ensure they work as intended and do not interfere with other parts of your website.
61. Block Specific File Access:
- Block direct access to specific file types:
```apache
<FilesMatch "\.(config|ini|log)$">
Require all denied
</FilesMatch>
```
62. Prevent Clickjacking Attacks:
- Add X-Frame-Options header to prevent clickjacking attacks:
```apache
<IfModule mod_headers.c>
Header always append X-Frame-Options SAMEORIGIN
</IfModule>
```
63. Redirect Based on the HTTP Request Method:
- Redirect GET requests to a specific page:
```apache
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^GET$ [NC]
RewriteRule ^old-page\.html$ /new-page.html [R=301,L]
```
64. Redirect to a Maintenance Page for Specific IP Addresses:
- Redirect everyone except specific IP addresses to a maintenance page:
```apache
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.100$
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.101$
RewriteRule ^.*$ /maintenance.html [R=307,L]
```
65. Set Specific Response Headers for SVG Files:
- Set custom headers for SVG files:
```apache
<FilesMatch "\.svg$">
Header set Cache-Control "max-age=604800"
Header set X-Content-Type-Options "nosniff"
</FilesMatch>
```
66. Redirect HTTP Requests to HTTPS:
- Redirect all HTTP requests to HTTPS:
```apache
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
```
67. Blocking Multiple IPs:
- Block access from multiple IP addresses:
```apache
order allow,deny
deny from 192.168.1.100
deny from 10.0.0.0/8
```
68. Enable Content-Encoding Gzip for JSON Files:
- Compress JSON files with gzip for faster transmission:
```apache
<IfModule mod_deflate.c>
AddType application/json .json
</IfModule>
```
69. Enable X-XSS-Protection Header:
- Add the X-XSS-Protection header to prevent XSS attacks:
```apache
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>
```
70. Deny Access to Specific User Agents:
- Block specific user agents from accessing the website:
```apache
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (badbot1|badbot2|badbot3) [NC]
RewriteRule ^ - [F,L]
```
As always, ensure that you understand the impact of each .htaccess rule on your website and test thoroughly after making any changes. Incorrect or misconfigured .htaccess rules can lead to unintended consequences, so it's essential to review them carefully before implementation.
71. Allow Cross-Origin Resource Sharing (CORS) for Web Fonts:
- Enable cross-origin requests for web fonts from specific domains:
```apache
<IfModule mod_headers.c>
<FilesMatch "\.(eot|otf|ttc|ttf|woff|woff2|font.css)$">
Header set Access-Control-Allow-Origin "https://allowed-domain.com"
</FilesMatch>
</IfModule>
```
72. Redirect to a Temporary Maintenance Page:
- Redirect all requests to a temporary maintenance page with a 503 status code:
```apache
RewriteEngine On
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteRule ^.*$ /maintenance.html [R=503,L]
```
- Optionally, add a custom message for users when the site is under maintenance:
```apache
ErrorDocument 503 /maintenance.html
RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} !=503
RewriteRule ^ - [R=503]
```
73. Set Custom Headers Based on File Type:
- Set custom headers based on the file type:
```apache
<FilesMatch "\.(jpg|png|gif)$">
Header set Cache-Control "public, max-age=31536000"
</FilesMatch>
<FilesMatch "\.(css|js)$">
Header set Cache-Control "public, max-age=604800"
</FilesMatch>
```
74. Prevent Access to Important Configuration Files:
- Block access to sensitive configuration files:
```apache
<FilesMatch "^(wp-config\.php|config\.php|settings\.php|\.env)">
Require all denied
</FilesMatch>
```
75. Disable DirectoryIndex for Specific Directory:
- Prevent directory listing for a specific directory:
```apache
Options -Indexes
```
76. Set Content-Security-Policy (CSP) Header:
- Add a Content-Security-Policy header for added security:
```apache
<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self';"
</IfModule>
```
77. Allow Cross-Origin Resource Sharing (CORS) for Videos:
- Enable cross-origin requests for videos from specific domains:
```apache
<IfModule mod_headers.c>
<FilesMatch "\.(mp4|webm)$">
Header set Access-Control-Allow-Origin "https://allowed-domain.com"
</FilesMatch>
</IfModule>
```
78. Limit Access Based on User Agent:
- Restrict access to specific URLs based on the user agent:
```apache
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "BadBot" [NC]
RewriteRule ^.*$ - [F,L]
```
79. Enable Compression for Specific File Types:
- Enable compression (gzip) for specific file types:
```apache
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/javascript application/x-javascript
</IfModule>
```
80. Enable HTTP Public Key Pinning (HPKP) Header:
- Add the HTTP Public Key Pinning header for enhanced security:
```apache
<IfModule mod_headers.c>
Header set Public-Key-Pins "pin-sha256=\"base64==\"; pin-sha256=\"base64==\"; max-age=5184000; includeSubDomains; report-uri=\"https://your-report-uri.com\""
</IfModule>
```
As always, exercise caution while making changes to your .htaccess file, and thoroughly test your website to ensure everything works as expected. Incorrect .htaccess rules can cause issues and affect your site's performance and security.
81. Use a Custom 404 Error Page for Missing Images:
- Show a custom 404 error page for missing images:
```apache
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule \.(jpg|jpeg|png|gif)$ - [L]
ErrorDocument 404 /custom-404-image.php
```
82. Redirect with Query String Parameters:
- Redirect URLs with specific query string parameters to a new URL:
```apache
RewriteEngine On
RewriteCond %{QUERY_STRING} ^utm_source=google&utm_medium=cpc$
RewriteRule ^products\.php$ /new-products-page.php? [R=301,L]
```
83. Disable Server-Side Includes (SSI) for Certain Directories:
- Disable server-side includes for a specific directory:
```apache
<Directory "/path/to/your/directory">
Options -Includes
</Directory>
```
84. Enable Content-Security-Policy (CSP) for Inline Scripts:
- Enable Content-Security-Policy (CSP) to restrict inline scripts and use only external scripts:
```apache
<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self'; style-src 'self'; font-src 'self';"
</IfModule>
```
85. Force File Download with Content-Disposition:
- Force file download with a specific filename:
```apache
<FilesMatch "\.(pdf|zip)$">
Header set Content-Disposition attachment
</FilesMatch>
```
86. Enable HTTP/2 Server Push for Resources:
- Push resources to the client proactively over HTTP/2:
```apache
<IfModule mod_headers.c>
<FilesMatch "\.(css|js|jpg|png|svg)$">
Header add Link "</path/to/your-file.css>; rel=preload; as=style"
Header add Link "</path/to/your-file.js>; rel=preload; as=script"
Header add Link "</path/to/your-image.jpg>; rel=preload; as=image"
</FilesMatch>
</IfModule>
```
87. Prevent Clickjacking with X-Frame-Options:
- Add the X-Frame-Options header to prevent clickjacking:
```apache
<IfModule mod_headers.c>
Header always append X-Frame-Options SAMEORIGIN
</IfModule>
```
88. Restrict Access to Specific IPs with Authentication:
- Restrict access to specific IP addresses with authentication:
```apache
<Files "restricted-file.php">
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
</Files>
```
89. Rewrite URL with UTM Parameters:
- Rewrite a URL with UTM parameters to clean URLs:
```apache
RewriteEngine On
RewriteCond %{QUERY_STRING} ^utm_source=([^&]+)&utm_medium=([^&]+)&utm_campaign=([^&]+)$
RewriteRule ^product\.php$ /product/%1/%2/%3? [R=301,L]
```
90. Set Different Error Documents for Specific Virtual Hosts:
- Set different error documents for different virtual hosts:
```apache
<VirtualHost *:80>
ServerName www.example.com
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
</VirtualHost>
```
Remember to understand the purpose of each .htaccess rule and their implications on your website. Test thoroughly after making changes to ensure your website functions correctly and securely. It's always a good idea to keep a backup of your .htaccess file before making any changes in case you need to revert.
91. Set the Server Signature:
- Customize the server signature displayed in the response headers:
```apache
ServerSignature Off
```
92. Redirect to HTTPS with www (Canonical URL):
- Redirect all non-HTTPS requests to HTTPS and add www:
```apache
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
```
93. Prevent Directory Listing Globally:
- Globally disable directory listing for all directories:
```apache
Options -Indexes
```
94. Enable Caching for Web Fonts:
- Set caching headers for web fonts:
```apache
<IfModule mod_expires.c>
ExpiresByType application/font-woff "access plus 1 year"
ExpiresByType application/font-woff2 "access plus 1 year"
ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
ExpiresByType application/x-font-ttf "access plus 1 year"
</IfModule>
```
95. Rewrite URLs with Trailing Slashes:
- Remove or add trailing slashes to URLs consistently:
```apache
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [R=301,L]
```
96. Rewrite Query String URLs:
- Convert query string URLs to clean URLs:
```apache
RewriteEngine On
RewriteCond %{QUERY_STRING} ^product_id=123$
RewriteRule ^products\.php$ /product/slug [R=301,L]
```
97. Set a Default Charset for Text-Based Files:
- Specify the default character encoding for text-based files:
```apache
AddDefaultCharset UTF-8
```
98. Redirect to HTTPS with Specific Ports:
- Redirect all non-HTTPS requests to HTTPS with specific ports:
```apache
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
```
99. Force Secure Cookies:
- Ensure that cookies are only transmitted over HTTPS:
```apache
<IfModule mod_headers.c>
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</IfModule>
```
100. Enable the ETag Header:
- Enable ETag header for caching and conditional requests:
```apache
FileETag MTime Size
```
These additional .htaccess rules provide even more options for configuring your website, enhancing security, and improving performance. Always make sure to understand how each rule works and how it may interact with other rules in your .htaccess file. Thoroughly test your website after implementing any changes to ensure that everything functions as expected.
101. Redirect to HTTPS with Specific Subdomains:
- Redirect all non-HTTPS requests to HTTPS for specific subdomains:
```apache
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^subdomain\.example\.com$ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
```
102. Enable Strict-Transport-Security (HSTS) Preloading:
- Add HSTS preload to include your site in HSTS preload lists:
```apache
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>
```
103. Block Access to Sensitive Files and Directories:
- Block access to sensitive files and directories using a whitelist approach:
```apache
<FilesMatch "(^\.htaccess$|\.ini$|config\.php)">
Require all denied
</FilesMatch>
<DirectoryMatch "^/(admin|includes)/">
Require all denied
</DirectoryMatch>
```
104. Redirect to HTTPS for Specific Pages:
- Redirect specific pages to HTTPS:
```apache
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(login|checkout)\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
```
105. Disable HTTP TRACE and TRACK Methods:
- Disable the TRACE and TRACK HTTP methods for improved security:
```apache
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
```
106. Set a Custom 410 (Gone) Error Page:
- Set a custom 410 error page for permanently removed content:
```apache
ErrorDocument 410 /errors/410-gone.html
```
107. Disable Server-Side Includes (SSI) Globally:
- Disable server-side includes (SSI) globally for security purposes:
```apache
<Directory />
Options -Includes
</Directory>
```
108. Enable Compression for JSON and XML Files:
- Enable gzip compression for JSON and XML files:
```apache
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/json text/xml
</IfModule>
```
109. Disable Range Requests:
- Disable HTTP range requests to prevent partial content responses:
```apache
<IfModule mod_headers.c>
RequestHeader unset Range
</IfModule>
```
110. Prevent PHP File Execution in Specific Directories:
- Disable PHP file execution in specific directories:
```apache
<FilesMatch "\.php$">
Require all denied
</FilesMatch>
```
Remember that .htaccess rules can have significant impacts on your website's functionality, security, and performance. Always test your .htaccess changes thoroughly and understand how each rule affects your website's behavior. Additionally, ensure you have a backup of your original .htaccess file before making any changes to revert back in case of any issues.
111. Redirect Based on Browser User-Agent:
- Redirect users based on their browser's user-agent string:
```apache
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} MSIE [NC]
RewriteRule ^(.*)$ /ie-specific-page.html [R=301,L]
```
112. Enable Directory Indexing with Custom Index Page:
- Set a custom index file when directory indexing is enabled:
```apache
DirectoryIndex custom-index.html
```
113. Allow Cross-Origin Resource Sharing (CORS) for Specific Domains:
- Allow cross-origin requests for specific domains:
```apache
<IfModule mod_headers.c>
SetEnvIf Origin "^https://allowed-domain\.com$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials true
</IfModule>
```
114. Enable Keep-Alive and Adjust Keep-Alive Timeout:
- Enable HTTP Keep-Alive and set the keep-alive timeout to 20 seconds:
```apache
KeepAlive On
KeepAliveTimeout 20
```
115. Redirect All Pages to the Root URL:
- Redirect all pages to the root URL (homepage):
```apache
RewriteEngine On
RewriteRule ^(.*)$ / [R=301,L]
```
116. Enable Server-Side Includes (SSI) for Specific File Types:
- Enable server-side includes (SSI) for HTML and SHTML files:
```apache
AddType text/html .html
AddOutputFilter INCLUDES .html
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
```
117. Set a Custom Error Page for Specific Error Codes:
- Set custom error pages for specific HTTP error codes:
```apache
ErrorDocument 400 /errors/bad-request.html
ErrorDocument 403 /errors/forbidden.html
```
118. Set a Specific Timezone for PHP:
- Set the timezone for PHP date functions:
```apache
php_value date.timezone "America/New_York"
```
119. Allow Access to Specific Files Based on IP:
- Allow access to specific files for specific IP addresses:
```apache
<Files "admin-page.php">
Require ip 192.168.1.100
Require ip 10.0.0.0/24
</Files>
```
120. Enable HTTP/2 Server Push for Web Fonts:
- Push web fonts proactively over HTTP/2:
```apache
<IfModule mod_headers.c>
<FilesMatch "\.(woff|woff2|ttf)$">
Header add Link "</path/to/font.woff>; rel=preload; as=font; crossorigin"
</FilesMatch>
</IfModule>
```
Remember that .htaccess rules can significantly impact your website's behavior and security. Always test thoroughly and ensure each rule serves your specific needs. Additionally, make sure to have a backup of your .htaccess file before making any changes.
121. Enable Content-Disposition for Forced Download:
- Force file download and specify the filename for specific file types:
```apache
<FilesMatch "\.(pdf|zip)$">
Header set Content-Disposition "attachment; filename=myfile.%{REQUEST_URI##*.}"
</FilesMatch>
```
122. Set a Custom Server Error Page:
- Set a custom server error page for all server error responses (e.g., 500 Internal Server Error):
```apache
ErrorDocument 500 /errors/500-error.html
```
123. Redirect to a Different Domain:
- Redirect all requests to a different domain:
```apache
RewriteEngine On
RewriteRule ^(.*)$ http://new-domain.com/$1 [R=301,L]
```
124. Set a Custom Header for Specific Files:
- Set custom headers for specific file types:
```apache
<FilesMatch "\.(pdf|doc|xls)$">
Header set X-My-Custom-Header "Custom Value"
</FilesMatch>
```
125. Enable Access-Control-Allow-Origin for CORS:
- Allow cross-origin requests from all domains:
```apache
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
```
126. Limit Access to Specific IP Ranges:
- Allow access to specific IP ranges using CIDR notation:
```apache
<Files "admin-page.php">
Require ip 192.168.1.0/24
Require ip 10.0.0.0/16
</Files>
```
127. Enable Compression for SVG and XML Files:
- Enable gzip compression for SVG and XML files:
```apache
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE image/svg+xml text/xml
</IfModule>
```
128. Redirect to Specific Pages for Different Browsers:
- Redirect users based on their browser type:
```apache
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "Mozilla/5.0 \(compatible; MSIE [7-9]" [NC]
RewriteRule ^(.*)$ /ie-specific-page.html [R=301,L]
```
129. Disable MIME Sniffing:
- Prevent browsers from MIME-sniffing content types:
```apache
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
</IfModule>
```
130. Block Image Hotlinking:
- Block other websites from hotlinking to your images:
```apache
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your-domain\.com/ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
```
Remember to adjust these .htaccess rules to fit your specific use case, and always test your website thoroughly after making any changes. Incorrect or misconfigured .htaccess rules can lead to issues with your website's functionality or security. Make sure to have a backup of your .htaccess file and revert to the previous version if needed.
The "RewriteOptions inherit" directive in the .htaccess file inherits configurations from the parent (or ancestor) configuration file to serve as the basis for a mod_rewrite environment. To better understand this directive and its inheritance and priority rules in htaccess, let's break it down:
Inheritance in htaccess: When we create a .htaccess file in a directory, it is used to apply settings and define how that directory and its subdirectories should behave. In other words, any configurations (e.g., URL rewriting or security settings) specified in the .htaccess file will, by default, only affect that particular directory and its subdirectories. Other directories will remain unaffected.
Rewrite Rules Priority in htaccess: In the .htaccess file, we can use the mod_rewrite module to modify the way URLs are displayed. For this purpose, we utilize RewriteRule and RewriteCond directives. These directives are executed in a specific order and have their own priority. In other words, if multiple RewriteRule directives exist simultaneously in the .htaccess file, only the first one encountered will be applied, and the others will be ignored.
The "RewriteOptions inherit" directive: The "inherit" mode for the RewriteOptions directive means sharing the settings from the parent .htaccess file with its subdirectories. By applying this directive in a specific directory's .htaccess file, all configurations present in the parent .htaccess file will also be applied to that directory and its subdirectories. This inheritance feature can be quite useful as it eliminates the need to repeat settings in each .htaccess file of the subdirectories, making the configuration management more straightforward.
Example:
Let's assume we have a website with the following directory structure:
```
- public_html/
|- .htaccess (Website-wide settings)
|- products/
| |- .htaccess (Settings for products)
| |- product1.php
| |- product2.php
|- services/
|- .htaccess (Settings for services)
|- service1.php
|- service2.php
```
Now, if we want to share the settings from the main .htaccess file to the products and services directories, the content of the .htaccess file in the public_html directory would be as follows:
```
# .htaccess file in the public_html directory
RewriteEngine On
# Other website-wide settings
# This directive shares the configurations from the parent .htaccess file with subdirectories
RewriteOptions Inherit
```
The content of the .htaccess file in the products and services directories would be as follows, respectively:
```
# .htaccess file in the products directory
# Settings specific to products
# Inherited settings from the parent .htaccess file
```
```
# .htaccess file in the services directory
# Settings specific to services
# Inherited settings from the parent .htaccess file
```
By using the "RewriteOptions inherit" directive in the .htaccess files of the products and services directories, all configurations from the parent .htaccess file in the public_html directory are shared and applied to the products and services directories, respectively. Any changes made to the .htaccess file in the parent directory will be inherited by the subdirectories as well.
The "RewriteOptions -inherit" directive in the .htaccess file explicitly disables the inheritance of configurations from the parent (or ancestor) configuration file for a mod_rewrite environment. In other words, it prevents the current directory and its subdirectories from inheriting any rewrite configurations specified in the parent .htaccess file.
When you use "RewriteOptions -inherit" in the .htaccess file of a specific directory, it ensures that the rewrite rules and settings defined in that directory's .htaccess file will not be influenced by any configurations in the parent directory's .htaccess file.
Example:
Let's consider the same directory structure we discussed earlier:
```
- public_html/
|- .htaccess (Website-wide settings)
|- products/
| |- .htaccess (Settings for products)
| |- product1.php
| |- product2.php
|- services/
|- .htaccess (Settings for services)
|- service1.php
|- service2.php
```
Suppose we want to prevent the products directory and its subdirectories from inheriting any rewrite configurations from the main .htaccess file located in the public_html directory. To achieve this, we would use the following content for the .htaccess file in the products directory:
```
# .htaccess file in the products directory
RewriteEngine On
# Other product-specific settings
# Disable inheritance from the parent .htaccess file
RewriteOptions -inherit
```
The .htaccess file in the services directory can be left unchanged:
```
# .htaccess file in the services directory
# Settings specific to services
# Inherited settings from the parent .htaccess file
```
With "RewriteOptions -inherit" in the products directory's .htaccess file, the configurations from the main .htaccess file in the public_html directory will not be inherited by the products directory and its subdirectories. Any rewrite rules and settings defined specifically in the products directory's .htaccess file will take precedence over any settings from the parent .htaccess file. The services directory, however, will still inherit and apply the configurations from the parent .htaccess file unless the "RewriteOptions -inherit" directive is used in its .htaccess file as well.