Learn Useful htaccess with examples

Deny/Allow Certain IP Addresses

Block an IP Address

#Deny List

order allow,deny
deny from 123.123.123.123 #specify a specific address
deny from 123.123.123.123/30 #specify a subnet range
deny from 123.123.* #specify an IP address wildcard
allow from all

Allow an IP address

#Allow List

order allow,deny
allow from 123.123.123.123 #specify a specific address
allow from 123.123.123.123/30 #specify a subnet range
allow from 123.123.* #specify an IP address wildcard 
deny from all

Disable directory browsing

For security reason it is always better to disable directory browsing so that people won’t know what files you have. The following code will do so.

Options All -Indexes

Adding MIME Types

If your server is not set up to deliver certain file like MP3 or SWF properly then you can add the MIME type for those through .htaccess.

AddType application/x-shockwave-flash swf

Change your default directory page

Through DirectoryIndex you can change your default landing page of your website. The default landing pages are index.html, index.php, default.php etc. But if want to change it to some other page then please use the following code.

DirectoryIndex filename.html

Protect .htaccess files

<files .htaccess>
order allow,deny
deny from all
</files>

Protect php.ini file

<files php.ini>
order allow,deny
deny from all
</files>

Preventing hotlinking

What is Hotlinking or Bandwidth Theft?

When someone uses a link to an image , video or any other file that is saved on another website is known as hotlinking. For example, instead of saving video.flv on to your own website, if you uses a link to the video as http://domain.com/video.flv is known as hotlinking. Following is the .htaccess code to prevent hotlinking.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]

You can also show different file when hotlink is detected.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.domain.com/404.html [R,L]

Force Caching with htaccess

The following htaccess code won’t help the initial pageload, but it will significantly help subsequent pageloads by sending 304 statuses when requested elements haven’t been modified.

FileETag MTime Size
ExpiresActive on
ExpiresDefault "access plus x seconds"

Check Spelling directive

This directive can be useful to auto-correct simple spelling errors in the URL

<IfModule mod_speling.c>
CheckSpelling On
</IfModule>

Learn more about .htassess file

URL redirect through .htaccess file

Create custom error pages through .htaccess file

More .htaccess Examples

Security tips to protect your website from hackers

Forcing SSL and WWW using .htaccess