Useful hacks and snippets for .htaccess

This translation is a very interesting article for me personally, which I want to share with a respected associate. I have already met some of these recipes on Habré, but not all of the following are fragmented and far from it.

Every web developer knows about the purpose of the .htaccess file. At a basic level, it allows you to control access to site directories. But by adding various additional code fragments to it, many other interesting things can be done with it.
')
If you need basic information about the purpose of this file, then you can get an introduction to .htaccess from our article ( I did not do the translation of this article, as there are basics, there are enough of them in the Russian segment of the Network, but if you are interested, you can to translate it to complete the picture - a comment of the translator ), in which all aspects of its application are described in sufficient detail.

So, useful examples of use. htaccess:

1. Managing access to files and directories

Password protection is one thing, but sometimes it may be necessary to completely block user access to a particular file or folder. This usually refers to system folders, such as includes, for example, which applications should have access to, but not users.

To do this, put this code in a file. htaccess and save it in the directory to which you are blocking access:

deny from all 

However, keep in mind that access will be blocked for all users, including you. You can open access for a specific user by registering his IP address. Here is the code you need for this:

 order deny,allow deny from all allow from xxx.xxx.xxx.xxx 

where xxx. xxx. xxx. xxx is your IP. You can replace the last three digits to set the allowed IP address ranges. For example, writing “0/12” instead of them will set the range of IP addresses of one network, which will save you from having to enter all allowed IP addresses into the list separately.

If you want to block access to a specific file, including itself. htaccess, use the following code snippet:

 <Files .htaccess> order allow,deny deny from all </Files> 

If you want to specify certain IP addresses that need to be denied access, list them with allow from.

If you want to block access to files of a certain type, use this code:

 <FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$"> Order Allow,Deny Deny from all </FilesMatch> 

2. Ban on directory browsing

To prevent viewing the site directories, add the following code to .htaccess:

 Options All -Indexes 

If for some reason you want to allow viewing of all directories, use the code:

 Options All +Indexes 

3. Accelerate download time by compressing files

You can compress files of any type. For example, to compress HTML files, add the code:

 AddOutputFilterByType DEFLATE text/html 

To compress text files, use:

 AddOutputFilterByType DEFLATE text/plain 

You can also compress JavaScript or enable compression for other different file types with the commands:

 AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/rss+xml 

In addition, you can compress all your javascript, html and css files with gzip. To do this, use the following code:

 <IfModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text\.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image\.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </IfModule> 

4. Protecting the site from inserting images from other resources

If you want to prohibit adding links to images from third-party resources, add the code to the .htaccess file:

 RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L] 

Remember to replace yourdomain.com with your domain name.

5. Blocking visitors referred from a specific domain

If you do not want to see users from a specific domain on your site, then you can deny them access. For example, users with unwanted resources (adult sites, hacking sites, etc.) you can redirect to 403 Forbidden page. To do this, you must enable mod_rewrite, although, as a rule, it is enabled by default. Add in .htaccess code:

 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_REFERER} bannedurl1.com [NC,OR] RewriteCond %{HTTP_REFERER} bannedurl2.com [NC,OR] RewriteRule .* - [F] </ifModule> 

You need to replace bannedurl1.com and bannedurl2.com with domains that you want to blacklist. You can use the [NC] flag, indicating that the domain name entered is case-insensitive. The [F] flag indicates the type of action, in this case, the display of 403 Forbidden error. If you want to prohibit several sites, use the [NC, OR] flags for each domain, but if you want to prohibit the use of one domain, use only the [NC] flag.

6. Blocking requests from certain browsers

If records of visits to specific browsers have appeared in your log files (these can be bots or spiders simulating browser work), you can deny them access to your site by adding a few lines to. htaccess:

 RewriteEngine On RewriteBase / SetEnvIfNoCase Referer "^$" bad_user SetEnvIfNoCase User-Agent "^badbot1" bad_user SetEnvIfNoCase User-Agent "^badbot2" bad_user SetEnvIfNoCase User-Agent "^badbot3" bad_user Deny from env=bad_user 

Replace badbot1, badbot1, etc. with bot names from your journal. This will prevent outsiders from accessing your site.

7. File Caching

File caching is another way to speed up the loading of your site. Here is what you need to register in .htaccess:

 <FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$"> Header set Cache-Control "max-age=2592000" </FilesMatch> 

You can add more file types (or delete some of them) to the list of files in this example listed. You can also specify the time to save files in the cache (in seconds) using the max-age variable.

8. Disable caching for different file types.

If you do not want to cache certain types of files, you can not include them in the list. However, sometimes files can be saved in the cache even without being explicitly listed in the list, in this case you can disable caching for them individually. Most often, turning off caching is required for dynamic files, such as scripts. An example of the code required for this:

 <FilesMatch ".(pl|php|cgi|spl|scgi|fcgi)$"> Header unset Cache-Control </FilesMatch> 

Just specify the file types for which you want to disable caching.

9. Bypassing the download dialog

By default, when you try to download a file from a web server, a dialog is displayed that asks you if you want to save the file or open it. This dialogue is especially annoying when downloading large media or PDF files. If the files you uploaded to the server are designed exclusively for downloading, you can make life easier for users by setting the download as the default action. Add in htaccess the following:

 AddType application/octet-stream .pdf AddType application/octet-stream .zip AddType application/octet-stream .mp3 

10. Rename the .htaccess file

If you for some reason want to rename the .htaccess file, then you can do it. Theoretically, renaming a .htaccess file should not cause problems with applications running on your server, but if you notice any script execution errors after renaming a file, just rename it back.

 AccessFileName htac.cess 

In addition, it is necessary to update all records that mention the .htaccess file, otherwise there will be a lot of errors.

11. Replacing the start page of the site

If you want to set a non-standard homepage (index.html, index.php, index.htm, etc.), add the following code to the .htaccess file:

 DirectoryIndex mypage.html 

Replace mypage.html with the URL of the page you want to use as the main one.

12. Redirect to secure HTTPS connection

If you are using HTTPS and want to redirect users to secure pages on your site, add the following lines to the .htaccess file:

 RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 

13. Limiting the maximum size of downloaded files in PHP, the maximum size of transmitted data, the maximum execution time of scripts, etc.

.htaccess allows you to set some values ​​that directly affect the operation of PHP applications. For example, if you want to set a limit on the size of uploaded files in PHP, in order not to overload hosting with large files:

 php_value upload_max_filesize 15M 

You can set any value; in the example, the file size is limited to 15M (MB). In addition, you can limit the maximum size of the data transmitted when loading in PHP:

 php_value post_max_size 10M 

You can replace 10M with any value you require. If you do not need constant execution of scripts, you can limit the time they are executed using the line:

 php_value max_execution_time 240 

240 - runtime (in seconds), after which the script will be stopped, you can change this value to any other. Finally, if you want to limit the analysis time by the source data script, use the following code:

 php_value max_input_time 180 

Set instead of 180 whatever time you need (in seconds).

14. Hiding file types

Sometimes it is necessary that users do not know what types of files are on your site. One way to hide this information is to have all your files displayed as HTML or PHP files:

 ForceType application/x-httpd-php ForceType application/x-httpd-php 

And this is only part of what can .htaccess, but in general it allows you to do much more. For example, you can set automatic translation of pages on your site, set the server time zone, remove WWW from URLs, or use fancy directory views, etc. But in any case, before you start experimenting with the .htaccess file, always save a backup of the original .htaccess so that if problems arise you can quickly restore the site.

A source

UPD (thanks to akuma ) The PHP extension for hiding the file format is given as an example and using this trick in a real project may prove unsafe.