.htaccess Tips & Tricks

In this article, we are going to explain in general the commands and the items that are available in .htaccess to get familiar with them

Updated: 20 Sep, 24 by Elizabet J 8 Min

List of content you will read in this article:

.htaccess Tips & Tricks
As you know, the .htaccess file is a hidden file in the main directory of the Web (Public_html), which specifies some general web server settings and the type of web server behavior with your site. .htaccess is a non-extension text file that has the ability to be placed in any directory of the web and adjusts the behavior of each directory individually to the web server.

In this article, we are going to explain in general the commands and the items that are available in Htaccess to get familiar with them. By the end of this article, you will have the know-how to make this file completely and custom for your website.

Note that there may be some configurations in the server's shared hosts in the PHP configuration files or the lack of some modules on the server which might make the codes to not work properly. The best solution is to put the codes into .htaccess one by one and after each function of the site, enter the other codes as desired.

Continue down below to get fully acquainted with .htaccess.

Getting fully acquainted with .htaccess

The .htaccess file has many capabilities for controlling, handling the web server, and accessing websites and clients in different sections. We will continue to go through all the respective sections.

Restricting access from specific IPs using .htaccess

Sometimes sites face unrealistic hits and many requests from a specific IP address, which altogether reduces site loading times. To get this fixed you have the possibility to deny access to that IP address from the .htaccess file.

deny from 1.2.3.4
allow from all

Note: Be sure to enter the desired IP address instead of 1.2.3.4.

Avoid stealing internal files and folders

Some information, such as your dedicated template files that are hosted on your site or zipped files are stored on your web site. These files can easily be detected and stolen by others browsing your web pages. In order to prevent this from happening place the followin code on the .htaccess file.

Options All -Indexes

Change the title and file format of the main index file

You can use this code to change the name and format of your site's original file.

DirectoryIndex file.php file.htm

Increase file security in htaccess

You can use the following code in .htaccess to prevent visitors and profits from accessing some of your important site files, such as configuration files and configurations.

order allow, deny
deny from all

You can enter the file name you want instead of mono.php.

Cached site on the browser with htaccess code

As you know, caching some of your static information on the browser will cause additional load on server resources such as CPU, RAM and the speed of your site and server will increase.

To do this, you can enter the following code at the end of the .htaccess file.

# Enables browser caching

ExpiresActive On
ExpiresByType image / jpg "access 1 year"
ExpiresByType image / jpeg "access 1 year"
ExpiresByType image / gif "access 1 year"
ExpiresByType image / png "access 1 year"
ExpiresByType text / css "access 1 month"
ExpiresByType application / pdf "access 1 month"
ExpiresByType text / x-javascript "access 1 month"
ExpiresByType application / x-shockwave-flash "access 1 month"
ExpiresByType image / x-icon "access 1 year"
ExpiresDefault "access 2 days"

Add mime-type via htaccess

Sometimes it's clicked on a site and the server asks you to open or download the file. In this situation, you can enter the following code so that wherever these extensions are viewed, submit the file without asking the user to download to the visitor.

AddType application / octet-stream .pdf
AddType application / octet-stream .zip
AddType application / octet-stream .mov

Hide directory list

One of the problems that may occur for any site is to list all the directories and files uploaded to the site, whereby profitable individuals can download and use your files to your liking. You can enter the following code in the Htaccess file to close the status bar and prevent it from being viewed by the attendees.

Options -Indexes

Restrict the type of executable files and display

To protect the security of your site's information and data, some of the extensions can be blocked on the site to prevent them from running. To do this, you can enter the following code in your Htaccess file.

Options + FollowSymlinks
RewriteEngine On
rewritecond% {REQUEST_FILENAME}! ^ (. +). css $
rewritecond% {REQUEST_FILENAME}! ^ (. +) .js $
rewritecond% {REQUEST_FILENAME}! file.php $
RewriteRule ^ (. +) $ / Deny / [nc]

Limit on file upload size

You should be aware that when you work with your content management system, there is a limitation to upload, and this limitation will sometimes help you to not upload bulky files so your server does not run out of stock. In this way, you can specify the amount of upload by using the following code.

php_value upload_max_filesize 20M

Note: In the above code, the amount of upload is set to 20 MB and you can change it to the desired level.

Set memory limit

The PHP Exit Limit is one of the most important things you can do to control how much server resources you use. You can set this amount by using the following code.

php_value memory limit 128M

Create constraint on post volume

The following code can be used to maximize the size of each post by 3 MB.

php_value post_max_size 3M

Change the default page

Using the following code in the .htaccess file, you can specify which files to load at the start of your site, and which file is the priority.

#Alternate default index pages
DirectoryIndex first.html index.htm index.html index.php

Create default error pages

Setting default error pages means if a server has an error like 404 when the site is online, which page will the server display to the user. For this you can design the pages for these errors and put them in the directory you want to call them through the following codes when an error occurs.

ErrorDocument 401 /error_pages/401.html
ErrorDocument 404 /error_pages/404.html
ErrorDocument 500 /error_pages/500.html

How to prevent hotlink operation in the htaccess file

The Hotlink Protection feature in the cPanel control panel also allows a site to prevent the use of files and images on other sites.

For example, if there is a direct download link on your site, another site will not use your direct link and cannot use it.

Using .htaccess, you can prevent this abuse. But you should keep in mind that your server must have the functionality of Mod_rewrite enabled in order for it to work correctly.

RewriteEngine is
RewriteCond% {HTTP_REFERER}! ^ $
RewriteCond% {HTTP_REFERER}! ^ Http: // (www \.)? yourdomain.com /.*$ [NC]
RewriteRule \. (Gif | jpg | css) $ - [F]

Note: In the above code, the gif, jpg, and CSS extensions are protected and you can add or replace your extensions, and also enter your domain name instead of yourdomain.com.

Block XSS attacks

XSS attacks are one of the most popular and popular attacks between Web site attacks, which are done by injecting codes into various files. To prevent this kind of attack on your site, you can use the following code on your .htaccess file to create a crush bar for XSS attacks.

# Blocks some XSS attacks

RewriteCond% {QUERY_STRING} (\ |% 3E) [NC, OR]
RewriteCond% {QUERY_STRING} GLOBALS (= | \ [| \% [0-9A-Z] {0.2}) [OR]
RewriteCond% {QUERY_STRING} _REQUEST (= | \ [| \% [0-9A-Z] {0.2})
RewriteRule. * Index.php [F, L]
</ IfModule>

.htaccess protection

So far you saw that you can do very important things with the htaccess file. So protecting yourself from this file is very important and you have to prevent this file from falling to the wrong hands. As security measures enter this inside .htaccess file to protect it.

<files ".htaccess">
order allow, deny
deny from all
</ files>

This way, you can configure your Htaccess file over the site.

You can also find out how to redirect the pages by visiting Htaccess's redirect tutorial.

In order to build your .htaccess we recommend using htaccesseditor.com. This site is one of the most authoritative sites for making htaccess files where you will get to set it all graphically and after doing the edits copy the codes back to your own .htaccess file.

Congratz! You now know how to use htaccess file without going through a hassle.

Category: Server

Elizabet J

One OF my major goals is getting new experiences about ICT and what’s more making progress through this field.

Zak

2021, Feb, 21

What's up, I check your new stuff on a regular basis. Your writing style is witty, keep it up!

Margarette

2021, Feb, 21

I was wondering if you ever considered changing the layout of your website? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having one or two pictures. Maybe you could space it out better?

Susith Nonis

2021, Feb, 21

Thanks for the feedback, Margarette. We are currently working on a new interface for our blogs and it will be up and running very soon.

Jacques

2021, Feb, 21

We stumbled over here different page and thought I might check things out. I like what I see so now i am following you. Look forward to looking over your web page for a second time.

Jack

2021, Feb, 21

I was recommended this blog by my cousin. I'm not sure whether this post is written by him as nobody else know such detailed about my difficulty. You are incredible! Thanks!

Chelsey

2021, Feb, 21

Simply want to say your article is as amazing. The clarity in your post is just cool and i could assume you are an expert on this subject. Fine with your permission allow me to grab your feed to keep up to date with forthcoming post. Thanks a million and please keep up the enjoyable work.

Noah Keebler

2024, Jul, 24

This article is packed with practical tips on how to manage your .htaccess file effectively! Each section is clearly explained, making it easy for both beginners and experienced users to implement these configurations. Thank you for breaking down complex commands into understandable steps. This will definitely help enhance my site's security and performance. Great job!

Werner Braun

2024, Aug, 24

Thank you for this incredibly detailed guide on .htaccess! It's a treasure trove of useful tips for anyone managing a website. I especially appreciate the sections on caching and security. Breaking down each command and explaining their purposes really helps in understanding how to fine-tune our server settings. I'll definitely be trying out some of these configurations to optimize my site. Great job!

Dr. Xander Jacobi

2024, Oct, 24

This post is a fantastic resource for anyone looking to optimize their website and improve security with .htaccess. It's detailed yet easy to understand, providing step-by-step guidance on various useful functions like restricting access, enhancing security, and improving loading times. The inclusion of example codes makes it very practical. A must-read for web developers looking to get the most out of their site's performance!

Herminio Metz MD

2025, Mar, 25

This is a fantastic resource for anyone looking to harness the power of .htaccess files! The detailed guidance on security measures and performance optimizations can be a game-changer for site administrators. Breaking down complex commands into understandable snippets is incredibly helpful. I love how this covers everything from restricting access by IP to caching and hotlink protection. Thanks for making .htaccess management so accessible and straightforward!