Skip to content

Instantly share code, notes, and snippets.

@mobinjavari

mobinjavari/htaccess.md

Last active November 23, 2024 20:10
Show Gist options
  • Save mobinjavari/ebdde3139c20bd3824e672c136e90f33 to your computer and use it in GitHub Desktop.
Save mobinjavari/ebdde3139c20bd3824e672c136e90f33 to your computer and use it in GitHub Desktop.
Download ZIP
Tips for using htaccess
Raw
htaccess.md

HTACCESS

.htaccess is a simple and powerful configuration file used in Apache web servers. This file allows website administrators to easily control and manage server settings for specific directories and files, without having to access the main server settings.


  1. Authorization, Authentication :

    htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access". The htaccess file is often accompanied by an htpasswd file which stores valid usernames and their passwords.

  2. Customized Error Responses :

    Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found.

    Example : ErrorDocument 404 /notfound.html

  3. Rewriting Urls :

    Servers often use htaccess to rewrite "ugly" URLs to shorter and prettier ones.

  4. Cache Control :

    htaccess files allow a server to control User agent caching used by web browsers to reduce bandwidth usage, server load, and perceived lag.



Tips for using htaccess


  • Preventing the theft of files and folders on the host :
Options –Indexes
Options All -Indexes
  • Introducing the default language :
AddDefaultCharset UTF-8
DefaultLanguage fa-IR
  • Block Access to a Comprehensive Range of Files :
<Files ".(htaccess | htpasswd | ini | phps | fla | psd | log | sh)$">
 Order Allow,Deny
 Deny from all
</Files>
  • Return 404 if original request is .php :
RewriteCond %{THE_REQUEST} "^[^ ]* .*?\.php[? ].*$"
RewriteRule .* - [L,R=404]
  • Run Php without filename extension :
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*)$ $1.php
  • Redirect the browser to https :
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • Setting custom pages on error pages :
ErrorDocument 401 page401.php
ErrorDocument 403 page403.php
ErrorDocument 404 page404.php
ErrorDocument 500 page500.php
  • Change the title and extension of the default index file when loading :
DirectoryIndex app.php app.html
  • Restrict files :
RewriteEngine On
RewriteCond %{REQUEST_URI} !(\.(png|jpg|webp|gif|jpeg|zip|css|svg|js|pdf|ico|json|ttf|db|mp4))$
RewriteRule ^(.*)$ bot.php [QSA,L]
  • Limit the type of executable files and display :
Options +FollowSymlinks
RewriteEngine On
rewritecond %{REQUEST_FILENAME} !^(.+).css$
rewritecond %{REQUEST_FILENAME} !^(.+).js$
rewritecond %{REQUEST_FILENAME} !file.php$
RewriteRule ^(.+)$ /deny/ [nc]
  • Remove slash in end directory :
DirectorySlash Off
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [R=301,L]
  • PHP Version :
<IfModule mime_module>
  AddHandler application/x-httpd-alt-php80 .php .php8 .phtml
</IfModule>
  • CORS & API :
<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*" Header set
  Access-Control-Allow-Methods "GET, POST, OPTIONS" Header set
  Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
</IfModule>
  • Creating restrictions on uploading files :
php_value upload_max_filesize 20M
  • Display request timed message in a specified time period :
php_value max_execution_time 200
  • Maximum time to receive POST and GET information :
php_value max_input_time 250
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment