- 301 Redirect Domain / Server - Redirect the visitor to another domain / server.
- 301 Redirect Page / Folder - This is the cleanest way to redirect a URL. Quick, easy, and search-engine friendly.
- Active Gzip Compression - Compression reduces response times by reducing the size of the HTTP response. Gzip is the most popular and effective compression method currently available and generally reduces the response size by about 70%.
- Active Gzip Compression w/BrowserMatch - Compression reduces response times by reducing the size of the HTTP response. Gzip is the most popular and effective compression method currently available and generally reduces the response size by about 70%
- Allow Single URL Through .htaccess Password Protection - This code is useful for multi environment setups (staging, production, etc.) it allows you to keep your .htaccess files in sync while maintaining an .htpasswd on your development environment or anything but the live environment.
- Append / Prepend Files - Rather than having to call / include a file you need on every single page, you can have them automatically prepended (top of file) or appended (bottom of file) automatically through your .htaccess file.
- Automatically add utf-8 charset to files - In order to avoid encoding problems, you can force a specific encoding directly on your .htaccess file. That way, you will ensure that your HTML documents will always render correctly, even if you forget to add a directive in your HTML pages.
- Block Hitbots - Block hitbots based on referring URL.
- Block Specific IP Address - Block specific IP Address from accessing your site.
- Block Unwanted Referring Domain Traffic - Block unwanted visitors based on the referring domain. You can also save bandwidth by blocking specific file types such as .jpg, .zip, .mp3, and .mpg from specific referring domains.
- Change Default Index Page - This rule tells the server to search for and serve a new-default-page as the default directory index file. This rule must exist in the htaccess file of the root directory for which you wish to replace the default index file (e.g., index.html) and show (new-default-page.html) instead.
- Custom Error Pages - Create your own custom error pages versus seeing the standard server pages.
- Declare specific/additional MIME types - You can add various MIME types that are specific to your server content.
- Different Directory Index Page - Normally index.html or index.php is the default page a server serves up when visiting a directory without specifying a file name. You can change this with your .htaccess file.
- Disguise Script Extensions - To enhance security, disguise scripting languages by replacing actual script extensions with dummy extensions of your choosing. For example, to change the .foo? extension to .php?, add the following line to your .htaccess file and rename all affected files accordingly.
- Employ Basic URL Spelling Check - This bit of voodoo will auto-correct simple spelling errors in the URL.
- Fancy Indexing - Adds fixed width fonts, file size and date, sort capability. Propagates to higher level directories.
- Force Ajax.gif Requests to Correct Location - A common one is requests for a file called ajax-loader.gif, probably evil scanning looking for poorly made ajax applications in which to exploit. Make sure that file really does exist and force all requests for it to that real location.
- Force charset utf-8 - If you can not change the configuration of Apache server, use this code to force decoding of page to utf-8.
- Force Correct content-type for XHTML Documents - Most webservers serve XHTML content as TEXT/HTML which is definitely the right way to handle XHTML documents. In case the server isn't doing that correctly, you can force it on Apache servers with your .htaccess file.
- Force Favicon Requests to Correct Location - For whatever crazy reason, perhaps evil-doing site scanners, requests to a web server for a favicon in all known crevasses of the site are fairly common. Since that file probably only actually exists in the root directory of your site, these requests result in a 404. If you server up a fancy, user-friendly 404 page, this can add up to a ton of bandwidth for no good reason.
- Force Files to Download (Not Open in Browser) - You can easily stop files from downloading in the browser using this .htaccess code.
- Help Prevent SQL Injection Attempts - This will look for common attack methods and redirect them to a page called hack.cfm which can be a blank page or message.
- Instruct browser to download multimedia files rather than display them - Here is a useful method for delivering multimedia file downloads to your users. Typically, browsers will attempt to play or stream such files when direct links are clicked. With this method, provide a link to a multimedia file and a dialogue box will provide users the choice of saving the file or opening it.
- Instruct server to display source code for dynamic file types - There are many situations where site owners may wish to display the contents of a dynamic file rather than executing it as a script. To exercise this useful technique, create a directory in which to place dynamic files that should be displayed rather than executed, and add the following line of code to the .htaccess file belonging to that directory.
- iPad Detection - iPad has a pretty large screen and a fully capable browser, so most websites don't need to have iPad specific versions of them. But if you need to, you can detect it with .htaccess file.
- iPhone Sniffer - Easily detect iPhone visitors and redirect them to your iPhone layout.
- Limit Access to the Local Area Network (LAN) - You can limit the access to your local LAN Area Network with this .htaccess code.
- Minimize CSS Image Flicker in IE6 - Add the following htaccess rules to minimize or even eliminate CSS background-image “flickering” in MSIE6.
- Password Protect Folder - You can easily password protect folders using this code snippet.
You can create the code for your unique username and password here.
- Prevent Access to a Specific File - To restrict access to a specific file, add the following code block and edit the file name mysecretfile.jpg? with the name of the file that you wish to protect.
- Prevent access to multiple file types - To restrict access to a variety of file types, add the following code block and edit the file types within parentheses to match the extensions of any files that you wish to protect.
- Prevent Direct Access to Config Files - Prevent direct access to config files.
- Prevent Direct Access to htaccess file - Prevent direct Access to .htaccess file.
- Prevent hotlinking of images - Images linked from anywhere other than your website are blocked or redirected to a custom graphic image. If using a custom graphic image be sure that the image being shown is not hotlink protected or your server can go into an endless loop.
- Prevent or allow domain access for a specified range of IP addresses - There are several effective ways to block a range of IP addresses via htaccess. This first method blocks an IP range specified by their CIDR (Classless Inter-Domain Routing) number. This method is useful for blocking mega-spammers such as RIPE, Optinet, and others.
- Prevent Unauthorized Directory Browsing - Prevent unauthorized directory browsing by instructing the server to serve a Forbidden Authorization Required? message for any request to view a directory. For example, if your site is missing the default index page, everything within the root of your site will be accessible to all visitors. To prevent this, include the following .htaccess rule.
- Protect against denial-of-service (DOS) attacks by limiting file upload size - One method to help protect your server against DOS attacks involves limiting the maximum allowable size for file uploads. Here, we are limiting file upload size to 10240000 bytes, which is equivalent to around 10 megabytes. For this rule, file sizes are expressed in bytes.
- Redirection By Language - You can redirect a visitor depending on their language.
- Remove File Extention from URL - You can remove the file extension to your URL's.
This converts URL http://site.com/about.html to http://site.com/about
- Secure directories by disabling execution of scripts - Prevent malicious brainiacs from actively scripting secure directories by adding the following rules to the representative .htaccess file (edit file types to suit your needs).
- Secure Directories by IP Address and/or Domain - In the following example, all IP addresses are allowed access except for 12.345.67.890 and domain.com.
- Server Maintenance Redirection - This code makes it easy to temporarily take down a website for updates.
You will need to know your IP Address so that you are able to view your website while all others are redirected.
- Set the default language - Here is an easy way to set the default language for pages served by your server.
- WWW / No-WWW - You should choose to either use the http://www.domain.com or http://domain.com address for uniformity and SEO purposes.
|
