Essential .htaccess Tips and Tricks
Explore crucial .htaccess tips including URL rewriting, SEO optimization, security enhancements, and more.
Discover key .htaccess techniques for enhancing your website's performance and security.
What is .htaccess?
.htaccess is a server configuration file for the Apache Web Server. When placed in a web directory, the server loads the .htaccess file and follows its instructions, allowing you to modify configurations.
How to Create a .htaccess File
-
Using a Control Panel:
- Log in to your control panel.
- Create a new file named
.htaccess.
-
On Your PC:
- Create a new text file.
- Open in a text editor (e.g., Notepad).
- Save as
.htaccess(use File > Save As).
Useful .htaccess Tips
Custom Directory Index
Specify a custom directory index:
DirectoryIndex index.php index.html index.htm
Prevent Directory Listing
Disable directory browsing:
Options -Indexes
Force WWW or Non-WWW
Redirect between www and non-www versions:
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
Custom Error Pages
Set up custom error pages:
ErrorDocument 400 /error/400-badrequest.php
ErrorDocument 401 /error/401-authorizationrequired.php
ErrorDocument 404 /error/404-notfound.php
ErrorDocument 403 /error/403-forbidden.php
ErrorDocument 500 /error/500-servererror.php
Redirect HTTP to HTTPS
Ensure secure connections by redirecting HTTP to HTTPS:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
SEO-Friendly URL Rewriting
Rewrite URLs for better SEO:
RewriteEngine on
RewriteRule ^user/([A-Za-z0-9-_+]+)/?$ user.php?name=$1 [NC,L]
Hide File Extensions
Browse PHP files without an extension:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
Compress Files
Improve load times by compressing files:
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
Protect Files
Secure important files like php.ini:
<Files php.ini>
Order Allow,Deny
Deny from all
</Files>
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
Set Cache-Control Headers
Optimize caching for browsers:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access 1 month"
</IfModule>
<ifModule mod_headers.c>
<filesMatch ".(css|jpg|jpeg|png|gif|js|ico)$">
Header set Cache-Control "max-age=2592000, public"
</filesMatch>
<filesMatch "\.(x?html?|php)$">
Header set Cache-Control "private, must-revalidate"
</filesMatch>
</ifModule>
Enhance Security
Prevent common security threats:
Options +FollowSymlinks
ServerSignature Off
# Block base64_encode
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block <script> tags
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block PHP GLOBALS
RewriteCond %{QUERY_STRING} GLOBALS(=|\