Deny/Allow Certain IP Addresses

Block an IP Address

#Deny List
order allow,deny deny from 123.123.123.123 #specify a specific address deny from 123.123.123.123/30 #specify a subnet range deny from 123.123.* #specify an IP address wildcard allow from all

Allow an IP address

#Allow List
order allow,deny allow from 123.123.123.123 #specify a specific address allow from 123.123.123.123/30 #specify a subnet range allow from 123.123.* #specify an IP address wildcard deny from all

Disable directory browsing

For security reason it is always better to disable directory browsing so that people won’t know what files you have. The following code will do so.

Options All -Indexes

Adding MIME Types

If your server is not  set up to deliver certain file like MP3 or SWF properly then you can add the MIME type for those through .htaccess.

AddType application/x-shockwave-flash swf

Change your default directory page

Through DirectoryIndex you can change your default landing page of your website. The default landing pages are index.html, index.php, default.php etc. But if want to change it to some other page then please use the following code.

DirectoryIndex filename.html

Protect .htaccess files

<files .htaccess>
order allow,deny
deny from all
</files>

Protect php.ini file

<files php.ini>
order allow,deny
deny from all
</files>

Preventing hotlinking

What is Hotlinking or Bandwidth Theft?

When someone uses a link to an image , video or any other file that is saved on another website is known as hotlinking. For example, instead of saving video.flv on to your own website, if you uses a link to the video as http://domain.com/video.flv is known as hotlinking. Following is the .htaccess code to prevent hotlinking.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]
You can also show different file when hotlink is detected.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.domain.com/404.html [R,L] 

Force Caching with htaccess

The following htaccess code won’t help the initial pageload, but it will significantly help subsequent pageloads by sending 304 statuses when requested elements haven’t been modified. 

FileETag MTime Size
ExpiresActive on
ExpiresDefault "access plus x seconds"

Check Spelling directive

This directive can be useful to auto-correct simple spelling errors in the URL

<IfModule mod_speling.c>
CheckSpelling On
</IfModule> 
Top