htaccess tips

htaccess Guide Sections

• htaccess tricks for Webmasters
• HTTP Header control with htaccess
• mod_php or php as a cgi with htaccess tips, htaccess php tricks
• SEO Redirects without mod_rewrite
• mod_rewrite tips and tricks with RewriteEngine, RewriteBase, RewriteRule, and RewriteCond
• Caching, cache-control, cache, expires, and optimizing htaccess

htaccess from the Apache htaccess tutorial. Check out and use the 404 Error Page WordPress Plugin

MAIN HTACCESS SETTINGS AND OPTIONS

 Options: ALL,FollowSymLinks,Includes,IncludesNOEXEC,SymLinksIfOwnerMatch
##########

## MAIN DEFAULTS ###
Options +ExecCGI -Indexes
DirectoryIndex index.html index.htm index.php
DefaultLanguage en-US
AddDefaultCharset UTF-8
ServerSignature Off

## ENVIRONMENT VARIABLES ###
SetEnv PHPRC /webroot/includes
SetEnv TZ America/Indianapolis
SetEnv SERVER_ADMIN webmaster@domain.tld

## MIME TYPES ###
AddType video/x-flv .flv
AddType application/x-shockwave-flash .swf
AddType image/x-icon .ico

## FORCE FILE TO DOWNLOAD INSTEAD OF APPEAR IN BROWSER ###
-> http://www.htaccesselite.com/addtype-addhandler-action-vf6.html
AddType application/octet-stream .mov .mp3 .zip 

Htaccess ErrorDocuments

======== 1xx
ErrorDocument 100 /error-100/
ErrorDocument 101 /error-101/
ErrorDocument 102 /error-102/
======== 2xx
ErrorDocument 200 /error-200/
ErrorDocument 201 /error-201/
ErrorDocument 202 /error-202/
ErrorDocument 203 /error-203/
ErrorDocument 204 /error-204/
ErrorDocument 205 /error-205/
ErrorDocument 206 /error-206/
ErrorDocument 207 /error-207/
======== 4xx
ErrorDocument 400 /error-400/
ErrorDocument 401 /error-401/
ErrorDocument 402 /error-402/
ErrorDocument 403 /error-403/
ErrorDocument 404 /error-404/
ErrorDocument 405 /error-405/
ErrorDocument 406 /error-406/
ErrorDocument 407 /error-407/
ErrorDocument 408 /error-408/
ErrorDocument 409 /error-409/
ErrorDocument 410 /error-410/
ErrorDocument 411 /error-411/
ErrorDocument 412 /error-412/
ErrorDocument 413 /error-413/
ErrorDocument 414 /error-414/
ErrorDocument 415 /error-415/
ErrorDocument 416 /error-416/
ErrorDocument 417 /error-417/
ErrorDocument 418 /error-418/
ErrorDocument 419 /error-419/
ErrorDocument 420 /error-420/
ErrorDocument 421 /error-421/
ErrorDocument 422 /error-422/
ErrorDocument 423 /error-423/
ErrorDocument 424 /error-424/
ErrorDocument 425 /error-425/
ErrorDocument 426 /error-426/
======== 5xx
ErrorDocument 500 /error-500/
ErrorDocument 501 /error-501/
ErrorDocument 502 /error-502/
ErrorDocument 503 /error-503/
ErrorDocument 504 /error-504/
ErrorDocument 505 /error-505/
ErrorDocument 506 /error-506/
ErrorDocument 507 /error-507/
ErrorDocument 508 /error-508/
ErrorDocument 509 /error-509/
ErrorDocument 510 /error-510/

the most famous htaccess guide of them all

AddLanguage aa .aa # Afar
AddLanguage ab .ab # Abkhazian
AddLanguage af .af # Afrikaans
AddLanguage am .am # Amharic
AddLanguage gu .gu # Gujarati
AddLanguage ha .ha # Hausa
AddLanguage he .he # Hebrew
AddLanguage hi .hi # Hindi
AddLanguage hr .hr # Croatian
AddLanguage hu .hu # Hungarian
AddLanguage hy .hy # Armenian
AddLanguage ia .ia # Interlingua
AddLanguage id .id # Indonesian
AddLanguage ie .ie # lnteriingue
AddLanguage ik .ik # Knupiak
AddLanguage is .is # Icelandic
AddLanguage it .it # Italian
AddLanguage iu .iu # Inuktitut (Eskimo)
AddLanguage ja .ja # Japanese
AddLanguage jw .jw # Javanese
AddLanguage ka .ka # Georgian
AddLanguage kk .kk # Kazakh
AddLanguage kl .kl # Greaenlandic
AddLanguage km .km # Cambodian
AddLanguage kn .kn # Kannada
AddLanguage ko .ko # Korean
AddLanguage ks .ks # Kashmiri
AddLanguage ku .ku # Kurdish
AddLanguage ky .ky # Kirghiz
AddLanguage la .la # Latin
AddLanguage ln .ln # Lingala
AddLanguage lo .lo # Laothian
AddLanguage lt .lt # Lithuainnian
AddLanguage lv .lv # Latvian, Lettish
AddLanguage mg .mg # Malagasy
AddLanguage mi .mi # Maori
AddLanguage uk .uk # Ukrainian
AddLanguage ur .ur # Urdu
AddLanguage uz .uz # Uzbek
AddLanguage vi .vi # Vietnamese
AddLanguage vo .vo # Volapuek
AddLanguage wo .wo # Wolof
AddLanguage xh .xh # Xhosa
AddLanguage yi .yi # Yiddish
AddLanguage yo .yo # Yoruba
AddLanguage za .za # Zhuang
AddLanguage zh .zh # Chinese
AddLanguage zu .zu # Zulu

Authentication, Security, SSL in .htaccess

• htaccess and Apache authentication with htpasswd, 401, and 403
• htaccess Security Tricks and Tips
• SSL tips and examples

HTACCESS SCRIPTING, ACTION, ADDHANDLER

 Handlers be builtin, included in a module, or added with Action directive
 default-handler: default, handles static content (core)
      send-as-is: Send file with HTTP headers (mod_asis)
      cgi-script: treat file as CGI script (mod_cgi)
       imap-file: Parse as an imagemap rule file (mod_imap)
     server-info: Get server config info (mod_info)
   server-status: Get server status report (mod_status)
        type-map: type map file for content negotiation (mod_negotiation)
  fastcgi-script: treat file as fastcgi script (mod_fastcgi)
##########

-> http://www.askapache.com/php/

## PARSE AS CGI ###
AddHandler cgi-script .cgi .pl .spl

## RUN PHP AS APACHE MODULE ###
AddHandler application/x-httpd-php .php .htm

## RUN PHP AS CGI ###
AddHandler php-cgi .php .htm

## CGI PHP WRAPPER FOR CUSTOM PHP.INI ###
AddHandler phpini-cgi .php .htm
Action phpini-cgi /cgi-bin/php5-custom-ini.cgi

## FAST-CGI SETUP WITH PHP-CGI WRAPPER FOR CUSTOM PHP.INI ###
AddHandler fastcgi-script .fcgi
AddHandler php-cgi .php .htm
Action php-cgi /cgi-bin/php5-wrapper.fcgi

## CUSTOM PHP CGI BINARY SETUP ###
AddHandler php-cgi .php .htm
Action php-cgi /cgi-bin/php.cgi

## PROCESS SPECIFIC FILETYPES WITH CGI-SCRIPT ###
Action image/gif /cgi-bin/img-create.cgi

## CREATE CUSTOM HANDLER FOR SPECIFIC FILE EXTENSIONS ###
AddHandler custom-processor .ssp
Action custom-processor /cgi-bin/myprocessor.cgi

HTACCESS HEADERS, CACHING OPTIMIZATION

      300   5 M
     2700  45 M
     3600   1 H
    54000  15 H
    86400   1 D
   518400   6 D
   604800   1 W
  1814400   3 W
  2419200   1 M
 26611200  11 M
 29030400   1 Y (never expire)

-> http://www.askapache.com/htaccess/speed-up-sites-with-htaccess-caching.html

   Header set Cache-Control "max-age=2592000"

   Header set Cache-Control "max-age=604800"

   Header set Cache-Control "max-age=600"

   Header unset Cache-Control

## ALTERNATE EXPIRES CACHING ###
-> htaccesselite.com/d/use-htaccess-to-speed-up-your-site-discussion-vt67.html
ExpiresActive On
ExpiresDefault A604800
ExpiresByType image/x-icon A2592000
ExpiresByType application/x-javascript A2592000
ExpiresByType text/css A2592000
ExpiresByType text/html A300

   ExpiresActive Off

## META HTTP-EQUIV REPLACEMENTS ###

   Header set imagetoolbar "no"

HTACCESS REWRITES AND REDIRECTS

 REQUEST METHODS: GET,POST,PUT,DELETE,CONNECT,OPTIONS,PATCH,PROPFIND,
                  PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK
##########

## REWRITE DEFAULTS ###
RewriteEngine On
RewriteBase /

## REQUIRE SUBDOMAIN ###
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^subdomain\.domain\.tld$ [NC]
RewriteRule ^/(.*)$ http://subdomain.domain.tld/$1 [L,R=301]

## SEO REWRITES ###
RewriteRule ^(.*)/ve/(.*)$    $1/voluntary-employee/$2 [L,R=301]
RewriteRule ^(.*)/hsa/(.*)$     $1/health-saving-account/$2 [L,R=301]

## WORDPRESS ###
RewriteCond %{REQUEST_FILENAME} !-f    # Existing File
RewriteCond %{REQUEST_FILENAME} !-d    # Existing Directory
RewriteRule . /index.php [L]

## ALTERNATIVE ANTI-HOTLINKING ###
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(subdomain\.)?domain.tld/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ - [F] 

## REDIRECT HOTLINKERS ###
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(subdomain\.)?domain.tld/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ http://google.com [R] 

## DENY REQUEST BASED ON REQUEST METHOD ###
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD)$ [NC]
RewriteRule ^.*$ - [F] 

## REDIRECT UPLOADS ###
RewriteCond %{REQUEST_METHOD} ^(PUT|POST)$ [NC]
RewriteRule ^(.*)$ /cgi-bin/form-upload-processor.cgi?p=$1 [L,QSA] 

## REQUIRE SSL EVEN WHEN MOD_SSL IS NOT LOADED ###
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

### ALTERNATATIVE TO USING ERRORDOCUMENT ###
-> http://www.htaccesselite.com/d/htaccess-errordocument-examples-vt11.html
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /error.php [L]

## SEO REDIRECTS ###
Redirect 301 /2006/oldfile.html http://subdomain.domain.tld/newfile.html
RedirectMatch 301 /o/(.*)$ http://subdomain.domain.tld/s/dl/$1

HTACCESS AUTHENTICATION AND SECURITY

 Require (user|group|valid-user) (username|groupname)
##########

## BASIC PASSWORD PROTECTION ###
AuthType basic
AuthName "prompt"
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
Require valid-user

## ALLOW FROM IP OR VALID PASSWORD ###
Require valid-user
Allow from 192.168.1.23
Satisfy Any

## PROTECT FILES ###

  Order Allow,Deny
  Deny from all

## PREVENT HOTLINKING ###
SetEnvIfNoCase Referer "^http://subdomain.domain.tld/" good
SetEnvIfNoCase Referer "^$" good

   Order Deny,Allow
   Deny from all
   Allow from env=good
   ErrorDocument 403 http://www.google.com/intl/en_ALL/images/logo.gif
   ErrorDocument 403 /images/you_bad_hotlinker.gif

## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK ###
LimitRequestBody 10240000 #bytes, 0-2147483647(2GB) 

=============================================================================#
          SSL SECURITY
=============================================================================#
-> http://www.askapache.com/htaccess/ssl-example-usage-in-htaccess.html
##########

## MOST SECURE WAY TO REQUIRE SSL ###
-> http://www.askapache.com/htaccess/apache-ssl-in-htaccess-examples.html
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "domain.tld"
ErrorDocument 403 https://domain.tld 



          SITE UNDER CONSTRUCTION
=============================================================================#
 Heres some awesome htaccess to use when you are developing a site
##########

## COMBINED DEVELOPER HTACCESS CODE-USE THIS ###

   Header set Cache-Control "max-age=5"

AuthType basic
AuthName "Ooops! Temporarily Under Construction..."
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
Require valid-user           # password prompt for everyone else
Order Deny,Allow
Deny from all
Allow from 192.168.64.5      # Your, the developers IP address
Allow from w3.org            # css/xhtml check jigsaw.w3.org/css-validator/
Allow from googlebot.com     # Allows google to crawl your pages
Satisfy Any                  # no password required if host/ip is Allowed

## DONT HAVE TO EMPTY CACHE OR RELOAD TO SEE CHANGES ###
ExpiresDefault A5 #If using mod_expires

   Header set Cache-Control "max-age=5"

## ALLOW ACCESS WITH PASSWORD OR NO PASSWORD FOR SPECIFIC IP/HOSTS ###
AuthType basic
AuthName "Ooops! Temporarily Under Construction..."
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
Require valid-user           # password prompt for everyone else
Order Deny,Allow
Deny from all
Allow from 192.168.64.5      # Your, the developers IP address
Allow from w3.org            # css/xhtml check jigsaw.w3.org/css-validator/
Allow from googlebot.com     # Allows google to crawl your pages
Satisfy Any                  # no password required if host/ip is Allowed

---

htaccess rewrite links

• Apache variables info, tricks, and tips
• .htaccess Security with MOD_SECURITY
• SetEnvIf and SetEnvIfNoCase Examples for conditionally setting variables in Apache .htaccess

htaccess and .htaccess rewrite links

Apache Documentation

First, here are several links to the definitive source for Apache 1.3 and Apache 2.0 specifically related to using .htaccess, especially for redirecting URLs and blocking bad bots and spammers.

Apache 1.3

• Apache 1.3: Authentication, Authorization, and Access Control
• Apache 1.3: Module mod_access
• Apache 1.3: Module mod_rewrite URL Rewriting Engine
• Apache 1.3: Module mod_setenvif
• Apache 1.3: Modules
• Apache 1.3 Tutorial: .htaccess files
• Apache 1.3 Tutorial: Apache URL Rewriting Guide
  By Ralf S. Engelschall

Apache 2.0

• Apache 2.0: Authentication, Authorization, and Access Control
• Apache 2.0: Apache Module mod_access
• Apache 2.0: Apache Module mod_rewrite
• Apache 2.0: Apache Module mod_setenvif
• Apache 2.0: Module Index
• Apache 2.0 Tutorial: .htaccess files
• Apache 2.0 Tutorial: Apache URL Rewriting Guide
  By Ralf S. Engelschall

How to Use .htaccess, mod_rewrite, and Related (for Apache)

• Ultimate .htaccess examples
• stupid htaccess tricks
• .htaccess Tutorial
  Introduction to .htaccess, including what you can do with .htaccess, creating custom error pages, deny/allow access to specific pages or directories, password protection, redirecting URLs, and more. By David Gowans, via freewebmasterhelp.com.
• Abbreviate URLs with mod_rewrite
  By Andy King, via websiteoptimization.com.
• An Introduction to Redirecting URLs on an Apache Server
  For mod_rewrite beginners, by DaveAtIFG via Webmasterworld, Dec 16, 2002.
• mod_rewrite: A Beginner’s Guide to URL Rewriting
  By Tamas Turcsanyi, via SitePoint, October 22, 2002.
• Rewriting URLs with mod_rewrite
  By Daniel via 4webhelp.net, updated February 09, 2004.
• URLS! URLS! URLS!
  by Bill Humphries via A List Apart, June 30, 2000.
• Using the .htaccess File
  Helpful, easy-to-understand introduction to .htaccess and what you can do with it. Collated by Miraz Jordan via wise-women.org.

SRC: http://brainstormsandraves.com/archives/2005/10/09/htaccess/