Htaccess File Cheatsheet

An .htaccess file is a configuration file used by web servers running Apache. It allows webmasters to override server configuration settings for their specific directories without having access to the main server configuration files.

Some of the most common things you can do with an .htaccess file include:

Overview of shit you can do with htaccess file

1. URL Redirects: You can redirect URLs using directives like Redirect or RewriteRule. This is useful for redirecting old URLs to new ones, managing URL aliases, or enforcing HTTPS.
2. Custom Error Pages: You can customize error pages for various HTTP status codes such as 404 (Not Found), 403 (Forbidden), etc. This helps improve the user experience by providing more informative error messages.
3. Password Protection: You can password protect directories using AuthType and AuthUserFile directives, which require users to enter a username and password to access certain areas of your website.
4. Preventing Directory Listing: You can prevent the web server from listing the contents of directories that do not contain an index file (e.g., index.html) using the Options -Indexes directive.
5. Cache Control: You can control caching behavior for certain file types or directories using directives like ExpiresByType and Header set Cache-Control.
6. Rewriting URLs: You can rewrite URLs internally using the RewriteRule directive, which is commonly used for creating search engine-friendly URLs or implementing URL routing.
7. Hotlink Protection: You can prevent other websites from directly linking to your website’s assets (images, videos, etc.) using the RewriteCond and RewriteRule directives.
8. Compression: You can enable compression (gzip) for certain file types to reduce bandwidth usage and improve website performance using directives like AddOutputFilterByType and SetOutputFilter.
9. Blocking IP Addresses or User Agents: You can block specific IP addresses or user agents from accessing your website using the Deny directive.
10. Force File Download: You can force the browser to download certain file types instead of displaying them in the browser using the AddType and Header directives.

These are just a few examples of what you can do with an .htaccess file. It’s a powerful tool for configuring and customizing your website’s behavior on an Apache web server.

Redirects

redirect 301 /old-page/ http://www.testdomain.com/new-page/
Redirect 301 /old-page http://www.testdomain.com/new-page/

Redirect http to https

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# BEGIN WordPress

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Force non-www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.\*)$ http://example.com/$1 [L,R=301]

Force HTTPS and www.

RewriteEngine On
RewriteCond %{HTTP_HOST} (?!^www\.)^(.+)$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]

Redirect all URLs to same URL

RedirectMatch 301 / http://new-domain.com/

Preventing Directory Listing:

User must be logged in to view files in the uploads dir

This is WordPress example or restricted view of uploads directory.

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]
	RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.* [NC]
	RewriteRule . http://%{HTTP_HOST}%1/wp-login.php?redirect_to=%{REQUEST_URI} [L,QSA]
</IfModule>

STOP REFERRER SPAM

RewriteCond %{HTTP_REFERER} example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} example2\.com [NC,OR]
RewriteCond %{HTTP_REFERER} semalt\.com
RewriteRule .\* – [F]