What exactly is htaccess?

The htaccess file is a configuration file which is often used on Apache based web servers to control diverse features of the server. The file on its own is just a small simple text file that can be edited via notepad or your webhosts online file manager, through c-panel or alternatively you can download the .htaccess file from your server’s home public_html folder, modify it and reupload it via FTP using programs such as FileZilla.

Hypertext Access, commonly reduced to htaccess, htaccess is a configuration file which handles the website directory that it is put into and all of the subdirectories underneath it.

The htaccess file is an extremely helpful feature that enables webmasters to control how their website functions. It is possible to 301 redirect webpages, modify the extensions of webpages, rewrite urls for much better keyword ranking presence, password protect web directories and much much more.

Within this htaccess guide I am going to provide you with a few of the basic tips and tricks which assists you with your website.

.htaccess Snippets 2013.

Redirecting non-www to www with .htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

Redirecting non-www to www with .htaccess:
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\.URL\$ [NC]
RewriteRule ^(.*)$$1 [R=301,L]

Redirect aliases of home page to the root website:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*(default|index)\.(html|php|htm)\ HTTP/ [NC]
RewriteRule ^(([^/]+/)*)(default|index)\.(html|php|htm)$$1 [R=301,L]

ErrorDocument 403:

ErrorDocument 404:

Disallow directory browsing:
Options All -Indexes

Allow all except those indicated:
<Files *>
order allow,deny
allow from all
deny from ###.#.##.###
deny from ###.#.##.###

Send the vary header to help crawl mobile content:
Header append Vary: User-Agent

Force the latest IE version, in various cases when it may fall back to IE7 mode:
Use ChromeFrame if it’s installed for a better experience for the IE users:
<IfModule mod_headers.c>
Header set X-UA-Compatible “IE=Edge,chrome=1”
<FilesMatch “\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$” >
Header unset X-UA-Compatible

Default charset & language:
AddDefaultCharset UTF-8
DefaultLanguage en-GB

Set server timezone:
SetEnv TZ Europe/London

Remove last modified header:
Header unset Last-Modified

Turn off ETag:
Header unset ETag
FileETag None

File compression:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

Force no caching for dynamic files:
<FilesMatch “.(php|cgi|pl|htm)$”>
ExpiresActive Off
Header set Cache-Control “private, no-cache, no-store, proxy-revalidate, no-transform”
Header set Pragma “no-cache”

Enable expirations:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault “access plus 1 seconds”
ExpiresByType image/x-icon “access plus 2592000 seconds”
ExpiresByType image/jpeg “access plus 2592000 seconds”
ExpiresByType image/png “access plus 2592000 seconds”
ExpiresByType image/gif “access plus 2592000 seconds”
ExpiresByType application/x-shockwave-flash “access plus 2592000 seconds”
ExpiresByType text/css “access plus 604800 seconds”
ExpiresByType text/javascript “access plus 216000 seconds”
ExpiresByType application/javascript “access plus 216000 seconds”
ExpiresByType application/x-javascript “access plus 216000 seconds”
ExpiresByType text/html “access plus 600 seconds”
ExpiresByType application/xhtml+xml “access plus 600 seconds”

Set the cache-control max-age:
# 1 Year
<FilesMatch “\.(ico|pdf|flv)$”>
Header set Cache-Control “max-age=29030400, public”
# 1 Week
<FilesMatch “\.(jpg|jpeg|png|gif|swf)$”>
Header set Cache-Control “max-age=604800, public”
# 2 Days
<FilesMatch “\.(xml|txt|css|js)$”>
Header set Cache-Control “max-age=172800, proxy-revalidate”
# 1 Min
<FilesMatch “\.(html|htm|php)$”>
Header set Cache-Control “max-age=60, private, proxy-revalidate”

Common hacking tools and bandwidth block:
SetEnvIf user-agent “Indy Library” stayout=1
SetEnvIf user-agent “Wget” stayout=1
SetEnvIf user-agent “libwww-perl” stayout=1
SetEnvIf user-agent “Download Demon” stayout=1
SetEnvIf user-agent “GetRight” stayout=1
SetEnvIf user-agent “GetWeb!” stayout=1
SetEnvIf user-agent “Go!Zilla” stayout=1
SetEnvIf user-agent “Go-Ahead-Got-It” stayout=1
SetEnvIf user-agent “GrabNet” stayout=1
SetEnvIf user-agent “TurnitinBot” stayout=1
deny from env=stayout

File injection protection:
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* – [F]

Leave a Reply