Htaccess File Cheatsheet
An .htaccess
file is a configuration file used by web servers running Apache. It allows webmasters to override server configuration settings for their specific directories without having access to the main server configuration files.
Some of the most common things you can do with an .htaccess file include:
Overview of shit you can do with htaccess file
- URL Redirects: You can redirect URLs using directives like Redirect or RewriteRule. This is useful for redirecting old URLs to new ones, managing URL aliases, or enforcing HTTPS.
- Custom Error Pages: You can customize error pages for various HTTP status codes such as 404 (Not Found), 403 (Forbidden), etc. This helps improve the user experience by providing more informative error messages.
- Password Protection: You can password protect directories using AuthType and AuthUserFile directives, which require users to enter a username and password to access certain areas of your website.
- Preventing Directory Listing: You can prevent the web server from listing the contents of directories that do not contain an index file (e.g., index.html) using the Options -Indexes directive.
- Cache Control: You can control caching behavior for certain file types or directories using directives like ExpiresByType and Header set Cache-Control.
- Rewriting URLs: You can rewrite URLs internally using the RewriteRule directive, which is commonly used for creating search engine-friendly URLs or implementing URL routing.
- Hotlink Protection: You can prevent other websites from directly linking to your website’s assets (images, videos, etc.) using the RewriteCond and RewriteRule directives.
- Compression: You can enable compression (gzip) for certain file types to reduce bandwidth usage and improve website performance using directives like AddOutputFilterByType and SetOutputFilter.
- Blocking IP Addresses or User Agents: You can block specific IP addresses or user agents from accessing your website using the Deny directive.
- Force File Download: You can force the browser to download certain file types instead of displaying them in the browser using the AddType and Header directives.
These are just a few examples of what you can do with an .htaccess file. It’s a powerful tool for configuring and customizing your website’s behavior on an Apache web server.
Set website to noindex nofollow
<IfModule mod_headers.c>
Header set X-Robots-Tag "noindex, nofollow"
</IfModule>
Check its working in Firefox
- Open the website you want to test.
- Inspect Element or
Cmd+Option+I
(Mac). - Go to the
Network
tab. - Reload the page to capture network activity.
- Click on the main request (usually the first one) in the list.
- Look under the
Headers
section to find the HTTP response headers, including theX-Robots-Tag
.
if no X-Robots-Tag
exists then nothing is set.
Redirects
1
2
redirect 301 /old-page/ http://www.testdomain.com/new-page/
Redirect 301 /old-page http://www.testdomain.com/new-page/
Redirect http to https
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Force non-www
1
2
3
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.\*)$ http://example.com/$1 [L,R=301]
Force HTTPS and www.
1
2
3
4
RewriteEngine On
RewriteCond %{HTTP_HOST} (?!^www\.)^(.+)$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]
Redirect all URLs to same URL
1
RedirectMatch 301 / http://new-domain.com/
Preventing Directory Listing:
User must be logged in to view files in the uploads dir
This is WordPress example or restricted view of uploads directory.
1
2
3
4
5
6
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.* [NC]
RewriteRule . http://%{HTTP_HOST}%1/wp-login.php?redirect_to=%{REQUEST_URI} [L,QSA]
</IfModule>
STOP REFERRER SPAM
1
2
3
4
RewriteCond %{HTTP_REFERER} example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} example2\.com [NC,OR]
RewriteCond %{HTTP_REFERER} semalt\.com
RewriteRule .\* – [F]
older gist
#301 redirects The trailing slash counts so its worth putting both entries in.
BEGIN 301 Redirects
Redirect 301 /old-page/ http://www.testdomain.com/new-page/ Redirect 301 /old-page http://www.testdomain.com/new-page/
END 301 Redirects
#redirect http to https in wordpress
#Force non-www: RewriteEngine on RewriteCond %{HTTP_HOST} ^www.example.com [NC] RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
force HTTPS and www.
RewriteEngine On RewriteCond %{HTTP_HOST} (?!^www.)^(.+)$ [OR] RewriteCond %{HTTPS} off RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]
increase max file upload
php_value upload_max_filesize 64M php_value post_max_size 64M php_value max_execution_time 300 php_value max_input_time 300
STOP REFERRER SPAM
RewriteCond %{HTTP_REFERER} example.com [NC,OR] RewriteCond %{HTTP_REFERER} example2.com [NC,OR] RewriteCond %{HTTP_REFERER} semalt.com RewriteRule .* – [F]
redirect all URLs to same URL
RedirectMatch 301 / http://new-domain.com/