Essential .htaccess Tips and Tricks
O
Ohidur Rahman Bappy
MAR 22, 2025
Essential .htaccess Tips and Tricks
Discover key .htaccess techniques for enhancing your website's performance and security.
What is .htaccess?
.htaccess is a server configuration file for the Apache Web Server. When placed in a web directory, the server loads the .htaccess file and follows its instructions, allowing you to modify configurations.
How to Create a .htaccess File
-
Using a Control Panel:
- Log in to your control panel.
- Create a new file named
.htaccess.
-
On Your PC:
- Create a new text file.
- Open in a text editor (e.g., Notepad).
- Save as
.htaccess(use File > Save As).
Useful .htaccess Tips
Custom Directory Index
Specify a custom directory index:
DirectoryIndex index.php index.html index.htm
Prevent Directory Listing
Disable directory browsing:
Options -Indexes
Force WWW or Non-WWW
Redirect between www and non-www versions:
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
Custom Error Pages
Set up custom error pages:
ErrorDocument 400 /error/400-badrequest.php
ErrorDocument 401 /error/401-authorizationrequired.php
ErrorDocument 404 /error/404-notfound.php
ErrorDocument 403 /error/403-forbidden.php
ErrorDocument 500 /error/500-servererror.php
Redirect HTTP to HTTPS
Ensure secure connections by redirecting HTTP to HTTPS:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
SEO-Friendly URL Rewriting
Rewrite URLs for better SEO:
RewriteEngine on
RewriteRule ^user/([A-Za-z0-9-_+]+)/?$ user.php?name=$1 [NC,L]
Hide File Extensions
Browse PHP files without an extension:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
Compress Files
Improve load times by compressing files:
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
Protect Files
Secure important files like php.ini:
<Files php.ini>
Order Allow,Deny
Deny from all
</Files>
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
Set Cache-Control Headers
Optimize caching for browsers:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access 1 month"
</IfModule>
<ifModule mod_headers.c>
<filesMatch ".(css|jpg|jpeg|png|gif|js|ico)$">
Header set Cache-Control "max-age=2592000, public"
</filesMatch>
<filesMatch "\.(x?html?|php)$">
Header set Cache-Control "private, must-revalidate"
</filesMatch>
</ifModule>
Enhance Security
Prevent common security threats:
Options +FollowSymlinks
ServerSignature Off
# Block base64_encode
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block <script> tags
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block PHP GLOBALS
RewriteCond %{QUERY_STRING} GLOBALS(=|\