htaccess

.htaccess - Programmer Sheet

Rewrite and Redirection
(Note: It is assumed that you have `mod_rewrite` installed and enabled. The first line should be 'RewriteEngine on' to enable this)

Serve All Requests With One PHP File
RewriteCond %{REQUEST_FILENAME} !-f 

RewriteCond %{REQUEST_FILENAME} !-d 

RewriteRule ^([^?]*)$ /index.php [NC,L,QSA]
Force www with .htaccess
RewriteEngine on 

RewriteCond %{HTTP_HOST} ^example\.com [NC] 

RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301,NC]
Force www in a Generic Way with .htaccess
RewriteCond %{HTTP_HOST} !^$ 

RewriteCond %{HTTP_HOST} !^www\. [NC]

RewriteCond %{HTTPS}s ^on(s)| 

RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Force non-www with .htaccess
RewriteEngine on 

RewriteCond %{HTTP_HOST} ^www\.example\.com [NC] 

RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
Force HTTPS with .htaccess
RewriteEngine on 

RewriteCond %{HTTPS} !on 

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Force HTTPS Behind a Proxy with .htaccess
RewriteCond %{HTTP:X-Forwarded-Proto} !https 

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Force Trailing Slash with .htaccess
RewriteCond %{REQUEST_URI} /+[^\.]+$ 

RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]
Remove Trailing Slash with .htaccess
RewriteCond %{REQUEST_FILENAME} !-d 

RewriteRule ^(.*)/$ /$1 [R=301,L]
Redirect a Single Page with .htaccess
Redirect 301 /oldpage.html https://www.yoursite.com/newpage.html 

Redirect 301 /oldpage2.html https://www.yoursite.com/folder/
Alias a Single Directory with .htaccess
RewriteEngine On 

RewriteRule ^source-directory/(.*) target-directory/$1
Alias Paths To Script with .htaccess
RewriteEngine On 

RewriteRule ^$ index.fcgi/ [QSA,L] 

RewriteCond %{REQUEST_FILENAME} !-f 

RewriteCond %{REQUEST_FILENAME} !-d 

RewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]
Redirect an Entire Site with .htaccess
Redirect 301 / https://newsite.com/
Alias "Clean" URLs with .htaccess
RewriteEngine On 

RewriteCond %{SCRIPT_FILENAME} !-d 

RewriteRule ^([^.]+)$ $1.php [NC,L]
Rewrite and Redirection
(Note: It is assumed that you have `mod_rewrite` installed and enabled. The first line should be 'RewriteEngine on' to enable this)

Deny All Access with .htaccess
# Require all denied
Only allow certain IPs with .htaccess
# Require all denied 

# Require ip xxx.xxx.xxx.xxx
Block IP Address with .htaccesss
# Require all granted 

# Require not ip xxx.xxx.xxx.xxx 

# Require not ip xxx.xxx.xxx.xxy
Allow access only from LAN with .htaccess
order deny,allow 

deny from all 

allow from 192.168.0.0/24
Deny Access To Certain User Agents with .htaccess
RewriteCond %{HTTP_USER_AGENT} ^User\ Agent\ 1 [OR] 

RewriteCond %{HTTP_USER_AGENT} ^Another\ Bot\ You\ Want\ To\ Block [OR] 

RewriteCond %{HTTP_USER_AGENT} ^Another\ UA 

RewriteRule ^.* - [F,L]
Deny Access to Hidden Files and Directories with .htaccess
<files your-file-name.txt> 

    order allow,deny 

    deny from all 

</files>
Deny Access to Backup and Source Files with .htaccess
<FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$"> 

    ## Apache 2.2 

    Order allow,deny 

    Deny from all 

    Satisfy All 

    ## Apache 2.4 

    # Require all denied 

</FilesMatch>
Disable Directory Browsing with .htaccess
Options All -Indexes
Enable Directory Listings with .htaccess
Options All +Indexes
Disable Listing Of Certain Filetypes with .htaccess
IndexIgnore *.zip *.mp4 *.pdf
Disable Image Hotlinking with .htaccess
RewriteEngine on 

RewriteCond %{HTTP_REFERER} !^$ 

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] 

RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Redirect hotlinkers and show a different image with .htaccess
RewriteCond %{HTTP_REFERER} !^$ 

RewriteCond %{HTTP_REFERER}  
!^https://(www\.)?your-website.com/.*$ [NC]  

RewriteRule \.(gif|jpg|png)$ https://www.your-website.com/do-not-hotlink-our-content.jpg [R,L]
Deny Access from certain referrers with .htaccess
RewriteCond %{HTTP_REFERER} block-this-referer\.com [NC,OR]
 
RewriteCond %{HTTP_REFERER} and-block-traffic-that-this-site-sends\.com [NC] 
 
RewriteRule .* - [F]
Password Protect a Directory with .htaccess
AuthType Basic 

AuthName "Password Protected Dir Title" 

AuthUserFile /home/hidden/directory/here/.htpasswd 

Require valid-user
Password Protect a File or Several Files with .htaccess
AuthName "Password Protected Directory Title" 

AuthType Basic 

AuthUserFile /home/hidden/directory/here/.htpasswd 


<Files "/a-private-file.txt"> 

Require valid-user

<Files>> 

<FilesMatch ^((one|two|three)-rings?\.o)$> 

Require valid-user

</FilesMatch>
Performance Rules

Compress Text Files (gzip/deflate output) with .htaccess
<IfModule mod_deflate.c>

# Force compression for mangled headers.
# https://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>

# Compress all output labeled with one of the following MIME-types
# (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
#    and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
#    as `AddOutputFilterByType` is still in the core directives).
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/atom+xml \
application/javascript \
application/json \
application/rss+xml \
application/vnd.ms-fontobject \
application/x-font-ttf \
application/x-web-app-manifest+json \
application/xhtml+xml \
application/xml \
font/opentype \
image/svg+xml \
image/x-icon \
text/css \
text/html \
text/plain \
text/x-component \
text/xml
</IfModule>

</IfModule>
Turn eTags Off with .htaccess
<IfModule mod_headers.c> 

Header unset ETag 

</IfModule>
FileETag None
Limit Upload File Size with .htaccess
LimitRequestBody 1048576
Miscellaneous Rules

Server Variables for mod_rewrite with .htaccess
%{API_VERSION} 

%{DOCUMENT_ROOT} 

%{HTTP_ACCEPT} 

%{HTTP_COOKIE} 

%{HTTP_FORWARDED} 

%{HTTP_HOST} 

%{HTTP_PROXY_CONNECTION} 

%{HTTP_REFERER} 

%{HTTP_USER_AGENT} 

%{HTTPS} 

%{IS_SUBREQ} 

%{REQUEST_FILENAME} 

%{REQUEST_URI} 

%{SERVER_ADDR} 

%{SERVER_ADMIN} 

%{SERVER_NAME} 

%{SERVER_PORT} 

%{SERVER_PROTOCOL} 

%{SERVER_SOFTWARE} 

%{THE_REQUEST}
Set PHP Variables with .htaccess
php_value <key> <val>
Custom Error Pages with .htaccess
ErrorDocument 500 "Houston, we have a problem." 

ErrorDocument 401 https://error.yourdomain.com/mordor.html

ErrorDocument 404 /errors/halflife3.html
Redirect users to a maintenance page in .htaccess
ErrorDocument 403 
 YourMaintenancePageFilenameOrFullUrlUrl.html

Order deny,allow

Deny from all

Allow from 555.555.555.555
Force Downloading with .htaccess
<Files *.md> 

    ForceType application/octet-stream 

    Header set Content-Disposition attachment 

</Files>
Disable Showing Server Info with .htaccess
ServerSignature Off
Prevent Downloading with .htaccess
<FilesMatch "\.(tex|log|aux)$"> 

    Header set Content-Type text/plain 

</FilesMatch>
Allow Cross-Domain Fonts with .htaccess
<IfModule mod_headers.c> 

<FilesMatch "\.(eot|otf|ttc|ttf|woff|woff2)$"> 

Header set Access-Control-Allow-Origin "*" 

</FilesMatch> 

</IfModule>
Auto UTF-8 Encode with .htaccess
# Use UTF-8 encoding for anything served text/plain or text/html 

AddDefaultCharset utf-8 


# Force UTF-8 for a number of file formats 

AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
Set Server Timezone with .htaccess
SetEnv TZ America/Los_Angeles
Switch to Another PHP Version with .htaccess
AddHandler application/x-httpd-php55 .php
Execute PHP with a different file extension with .htaccess
AddType application/x-httpd-php .ext
Serve WebP Images Automatically from .htaccess
RewriteEngine On  

RewriteCond %{HTTP_ACCEPT} image/webp 

RewriteCond %{DOCUMENT_ROOT}/$1.webp -f 

RewriteRule (.+)\.(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]

We use cookies!🍪

We value your privacy and use cookies to enhance your browsing experience, personalize content, and analyze site traffic. To learn more about how we use cookies and manage your preferences, review our Cookie Policy. By clicking 'Accept,' you consent to our use of cookies. Read more