htaccess tricks

http://www.queness.com/post/5421/17-useful-htaccess-tricks-and-tips

17 Useful Htaccess Tricks and Tips
I have collected 17 htaccess methods in this article which I have used or tested it before, and I think some of them are essential tricks and tips to protect your webserver against malicious attacks and other would able to perform simple tasks efficiently such as redirection and web server optimization.
Author: kevin | Source: queness

Some people might not aware of the power of htaccess, I have 17 htaccess methods in this article which I have used or tested it before, and I think some of them are essential tricks and tips to protect your webserver against malicious attacks and other would able to perform simple tasks efficiently such as redirection and web server optimization.

Last but not least, if you have been looking for web hosting services, you might want to have a look at this unlimited web hosting. :)
General

The following htaccess will able to help you to achieve simple task such as redirection and web server optimization.
1. Set Timezone

Sometimes, when you using date or mktime function in php, it will show you a funny message regarding timezone. This is one of the way to solve it. Set timezone for your server. A list of supported timezone can be found here
view plaincopy to clipboardprint?

1. SetEnv TZ Australia/Melbourne

SetEnv TZ Australia/Melbourne

2. SEO Friendly 301 Permanent Redirects

Why it's SEO friendly? Nowadays, some modern serach engine has the capability to detect 301 Permanent Redirects and update its existing record.
view plaincopy to clipboardprint?

1. Redirect 301 http://www.queness.com/home http://www.queness.com/

Redirect 301 http://www.queness.com/home http://www.queness.com/

3. Skip the download dialogue

Usually when you try to download something from a web server you get a request asking whether you want to save the file or open it. To avoid that you can use the below code on your .htaccess file
view plaincopy to clipboardprint?

1. AddType application/octet-stream .pdf
2. AddType application/octet-stream .zip
3. AddType application/octet-stream .mov

AddType application/octet-stream .pdf
AddType application/octet-stream .zip
AddType application/octet-stream .mov

4. Skip www

One of the SEO guideline is, make sure there is only one URL pointing to your website. Therefore, you will need this to redirect all www traffic to non-ww, or the other way around.
view plaincopy to clipboardprint?

1. RewriteEngine On
2. RewriteBase /
3. RewriteCond %{HTTP_HOST} ^www.queness.com [NC]
4. RewriteRule ^(.*)$ http://queness.com/$1 [L,R=301]

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.queness.com [NC]
RewriteRule ^(.*)$ http://queness.com/$1 [L,R=301]

5. Custom Error page

Create a custom error page for each of the error codes.
view plaincopy to clipboardprint?

1. ErrorDocument 401 /error/401.php
2. ErrorDocument 403 /error/403.php
3. ErrorDocument 404 /error/404.php
4. ErrorDocument 500 /error/500.php

ErrorDocument 401 /error/401.php
ErrorDocument 403 /error/403.php
ErrorDocument 404 /error/404.php
ErrorDocument 500 /error/500.php

6. Compress files

Optimize your website loading time by compressing files into smaller size.
view plaincopy to clipboardprint?

1. # compress text, html, javascript, css, xml:
2. AddOutputFilterByType DEFLATE text/plain
3. AddOutputFilterByType DEFLATE text/html
4. AddOutputFilterByType DEFLATE text/xml
5. AddOutputFilterByType DEFLATE text/css
6. AddOutputFilterByType DEFLATE application/xml
7. AddOutputFilterByType DEFLATE application/xhtml+xml
8. AddOutputFilterByType DEFLATE application/rss+xml
9. AddOutputFilterByType DEFLATE application/javascript
10. AddOutputFilterByType DEFLATE application/x-javascript

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

7. Cache files

File caching is another famous approach in optimizing website loading time
view plaincopy to clipboardprint?

1.
2. Header set Cache-Control "max-age=2592000"
3.

Header set Cache-Control "max-age=2592000"

8. Disable caching for certain file type

Well, in the other hand, you can disable caching for certain file type.
view plaincopy to clipboardprint?

1. # explicitly disable caching for scripts and other dynamic files
2.
3. Header unset Cache-Control
4.

# explicitly disable caching for scripts and other dynamic files

Header unset Cache-Control

Security

The following htaccess code will able to enhance the security level of your webserver. Hotlinking protection is pretty useful to avoid other people using images that stored in your server.
1. Hotlinking protection with .htaccess

Hate it when people stealing bandwidth from your website by using images that are hosted in your web server? Use this, you will able to prevent it from happening.
view plaincopy to clipboardprint?

1. RewriteBase /
2. RewriteCond %{HTTP_REFERER} !^$
3. RewriteCond %{HTTP_REFERER} !^http://(www.)?queness.com/.*$ [NC]
4. RewriteRule .(gif|jpg|swf|flv|png)$ /feed/ [R=302,L]

RewriteBase /
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?queness.com/.*$ [NC]
RewriteRule .(gif|jpg|swf|flv|png)$ /feed/ [R=302,L]

2. Prevent hacks

If you want to increase the security level of your website, you can chuck these few lines of codes to prevent some common hacking techniques by detecting malicious URL patterns.
view plaincopy to clipboardprint?

1. RewriteEngine On
2.
3. # proc/self/environ? no way!
4. RewriteCond %{QUERY_STRING} proc/self/environ [OR]
5.
6. # Block out any script trying to set a mosConfig value through the URL
7. RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
8.
9. # Block out any script trying to base64_encode crap to send via URL
10. RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
11.
12. # Block out any script that includes a <script> tag in URL
13. RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
14.
15. # Block out any script trying to set a PHP GLOBALS variable via URL
16. RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
17.
18. # Block out any script trying to modify a _REQUEST variable via URL
19. RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
20.
21. # Send all blocked request to homepage with 403 Forbidden error!
22. RewriteRule ^(.*)$ index.php [F,L]

RewriteEngine On

# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]

# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]

# Block out any script that includes a