January 26 2020

.htaccess tips – Things to keep in .htaccess files

What is .htaccess?

.htaccess is a setup document for use on web servers running the Apache Web Server programming. At the point when a .htaccess document is set in a catalog which is thus ‘stacked by means of the Apache Web Server’, at that point the .htaccess record is distinguished and executed by the Apache Web Server programming. These .htaccess records can be utilized to change the arrangement of the Apache Web Server programming to empower/cripple extra usefulness and highlights that the Apache Web Server programming brings to the table. These offices incorporate fundamental divert usefulness, for example if a 404 record not discovered blunder happens, or for further developed capacities, for example, content secret word insurance or picture hot connection avoidance.

Removing filename Extensions

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-f

RewriteRule ^([^\.]+)$ $1.php [NC,L]

Adding Internal Links 

<a href=”http://whatever.com/wallpaper” title=”wallpaper”>wallpaper</a>

Adding a trailing slash at end

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-f

RewriteRule ^([^/]+)/$ $1.php

RewriteRule ^([^/]+)/([^/]+)/$ /$1/$2.php

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$

404 Error

ErrorDocument 404 errors/404.html 
ErrorDocument 404 errors/404/
ErrorDocument 404 errors/404..php  

Other Custom error pages

ErrorDocument 401 /error/401.php

ErrorDocument 403 /error/403.php

ErrorDocument 404 /error/404.php

ErrorDocument 500 /error/500.php

SSL Redirection http to https
RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

www to https:// redirect

# Canonical https/www

<IfModule mod_rewrite.c>

RewriteCond %{HTTPS} off [OR]

RewriteCond %{HTTP_HOST} !^www\. [NC]

RewriteCond %{HTTP_HOST} ^(.*)$  [NC]

RewriteRule (.*) https://www.%1/$1 [R=301,L]


301 Redirect using htaccess

Redirect 301 /old/file.html http://yourdomain.com/new/file.html
Use following for redirecting Entire Directory.
RedirectMatch 301 /blog(.*) http://yourdomain.com/$1

Rewrite URLs using htacccess

Rewriting product.php?id=12 to product-12.html

RewriteEngine on

RewriteRule ^product-([0-9]+)\.html$ product.php?id=$1

Landing Page ( Sometimes for Events – copy a 404.php page and make new)

Redirect Only a Specific Folder

RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteCond %{REQUEST_URI} folder

RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

Hotlinking Protection 

RewriteBase /

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www.)?queness.com/.*$ [NC]

RewriteRule .(gif|jpg|swf|flv|png)$ /feed/ [R=302,L]

Block .htaccess file 

# secure htaccess file

<Files .htaccess>

order allow,deny

deny from all


# prevent viewing of a specific file

<Files secretfile.jpg>

 order allow,deny

 deny from all


# multiple file types

<FilesMatch “.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$”>

 Order Allow,Deny

 Deny from all


Change Default index page ( can make temporary landing page) 

DirectoryIndex business.html 

Block unwanted visitor from other website 

# block visitors referred from indicated domains

<IfModule mod_rewrite.c>

 RewriteEngine on

 RewriteCond %{HTTP_REFERER} scumbag.com [NC,OR]

 RewriteCond %{HTTP_REFERER} wormhole.com [NC,OR]

 RewriteRule .* – [F]



Restricting access from specific IPs using .htaccess

deny from

allow from all

Change the title and file format of the main index file 

DirectoryIndex file.php file.htm


DirectoryIndex file.php file.htm

Restrict the type of executable files and display

Options + FollowSymlinks

RewriteEngine On

rewritecond% {REQUEST_FILENAME}! ^ (. +). css $

rewritecond% {REQUEST_FILENAME}! ^ (. +) .js $

rewritecond% {REQUEST_FILENAME}! file.php $

RewriteRule ^ (. +) $ / Deny / [nc]

Limit on file upload size

php_value upload_max_filesize 20M

Set memory limit 

php_value memory limit 128M

Change the default page 

#Alternate default index pages

DirectoryIndex first.html index.htm index.html index.php

Block XSS attacks 

# Blocks some XSS attacks

RewriteCond% {QUERY_STRING} (\ |% 3E) [NC, OR]

RewriteCond% {QUERY_STRING} GLOBALS (= | \ [| \% [0-9A-Z] {0.2}) [OR]

RewriteCond% {QUERY_STRING} _REQUEST (= | \ [| \% [0-9A-Z] {0.2})

RewriteRule. * Index.php [F, L]

</ IfModule>

Online .htaccess generator : 




Prasanna Dhakal
Prasanna Dhakal

Prasanna Dhakal has recently completed his Bsc.CSIT from Orchid International College, Kathmandu. He is interested in Technology, Data Science, Database Management & Analysis. He also has interest in music.

Share via
Copy link
Powered by Social Snap