A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers. It allows for decentralized management of web server configuration. They are placed inside the web tree, and are able to override a subset of the server’s global configuration for the directory and all sub-directories.
Redirect users to custom error pages
Instead of serving Apache, Lightspeed or Nginx default error pages to their users, webmasters have the ability to redirect these requests to a custom document. This can be a text file, an HTML page, a Perl script, or whatever you want, as long as the server is capable of reading it and sending it to the user.
ErrorDocument 401 /error_pages/401.html
ErrorDocument 403 /error_pages/403.html
ErrorDocument 404 /error_pages/404.html
ErrorDocument 500 /error_pages/500.html
Make sure WWW and non-WWW domains point to the same
The “www” is not obligatory anymore in URLs, but there are cases when the WWW and non-WWW versions of a site can lead to different places. This can be because of a badly configured server, DNS settings, or problematic shared hosting accounts. Just in case, to avoid this situation, store this snippet somewhere.
## REDIRECT NON-WWW to WWW
RewriteEngine On
RewriteCond %{HTTP_HOST} ^softpedia\.com
RewriteRule (.*) http://www.softpedia.com/$1 [R=301,L]
For this, you first need mod_rewrite enabled on your server and also need to make sure the “RewriteEngine On” line is present in your .htaccess file somewhere. We placed it in our snippet just in case you don’t have it already.
The reverse operation is:
## REDIRECT WWW to NON-WWW
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.softpedia\.com
RewriteRule (.*) http://softpedia.com/$1 [R=301,L]
Send users to a subdomain instead
Sometimes when a user is accessing a section of your site, you’ll want them sent to a custom subdomain. This can also be done using .htaccess.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^subdomain\.domain\.com$ [NC]
RewriteRule ^/(.*)$ http://subdomain.domain.tld/$1 [L,R=301]
HTTP to HTTPS redirections
It’s not that simple. Redirecting users to the HTTPS version of your site doesn’t automatically make it “safe.” You’ll need to look into SSL implementation for that.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Force media files to download in the user’s browser
Some browsers (OK, almost all these days) have a tendency to force files to open inside them instead of allowing users to download them. To make sure the file is saved locally every time, and not streamed to the user, this trick can help:
AddType application/octet-stream .pdf
AddType application/octet-stream .avi
AddType application/octet-stream .mp3
You can pass any type of file extension you like. The server will force the browser to download it regardless.
File hotlinking protection is also achievable
Yes, it’s that simple to protect your files from being hotlinked on the Web. Usually, you’d think this requires complex PHP or JavaScript-based solutions, money to pay developers to implement it, a lot of time to add each file to various firewalls and dashboards, but no, it’s just these three lines of code.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^
RewriteCond %{HTTP_REFERER} !^http://(www\.)?softpedia\.com/ [nc]
RewriteRule .*\.(gif|jpg|png)$ http://www.softpedia.com/hotlink_dummy_immage.png [nc]
Compress text, HTML, JavaScript, CSS, and XML code
The snippet below is for Apache servers and will automatically compress HTML, JavaScript, CSS, and XML files when sending them to your users.
< IfModule mod_deflate.c >
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/x-component
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
< /IfModule>
Disable directory browsing in any website
Regardless if you’re using the .htaccess file in WordPress, Drupal, Joomla, or with Java, Python, or Ruby code, the following line of code in your .htaccess file will prevent any user from exploring your Web directories and looking at what files you have stored inside them.
Options -Indexes
Disable PHP execution inside a folder or for a specific file
Using the .htaccess file filtering capabilities, webmasters can target PHP (HTML, JavaScript, images, etc.) files and then “do” something to them. Since generally most of the times webmasters want to prevent access using .htaccess files, this small snippet can be quite useful.
#ALL PHP FILES
< Files *.php>
deny from all
< /Files>
#ONE SPECIFIC PHP FILE
< Files file_name.php>
deny from all
< /Files>
Put the ban hammer on one or more IP addresses
If there are only a couple of users who tend to abuse your service, you don’t have to implement a firewall just for them. This can be done in .htaccess like so:
< Limit GET POST>
order allow,deny
#BAN SINGLE IP
deny from xxx.xxx.xxx.xxx
#BAN ENTIRE CLASS OF IPS
deny from xxx.xxx.xxx.xxx/24
allow from all
</Limit>
But don’t get used to using .htaccess files that regularly. All these code snippets can be used in your httpd.conf as well, and .htaccess files should be used only in cases where per-directory rules are needed and access to httpd.conf is not allowed or possible.
You will also like our Article: Some Visual Basic Script Programs