English
+370 5 205 5502 sales@monovm.com

In this article, we are going to explain in general the commands and the items that are available in .htaccess to get familiar with them

17

Mar, 19

.htaccess Tips & Tricks

  • by Elizabet J
  • in Server
  • View 1658

.htaccess Tips & Tricks

As you know, the .htaccess file is a hidden file in the main directory of the Web (Public_html), which specifies some general web server settings and the type of web server behavior with your site. .htaccess is a non-extension text file that has the ability to be placed in any directory of the web and adjusts the behavior of each directory individually to the web server.

In this article, we are going to explain in general the commands and the items that are available in Htaccess to get familiar with them. By the end of this article, you will have the know-how to make this file completely and custom for your website.

Note that there may be some configurations in the server's shared hosts in the PHP configuration files or the lack of some modules on the server which might make the codes to not work properly. The best solution is to put the codes into .htaccess one by one and after each function of the site, enter the other codes as desired.

Continue down below to get fully acquainted with .htaccess. 


Getting fully acquainted with .htaccess

The .htaccess file has many capabilities for controlling, handling the web server, and accessing websites and clients in different sections. We will continue to go through all the respective sections.

Restricting access from specific IPs using .htaccess

Sometimes sites face unrealistic hits and many requests from a specific IP address, which altogether reduces site loading times. To get this fixed you have the possibility to deny access to that IP address from the .htaccess file.

deny from 1.2.3.4
allow from all

Note: Be sure to enter the desired IP address instead of 1.2.3.4.


Avoid stealing internal files and folders

Some information, such as your dedicated template files that are hosted on your site or zipped files are stored on your web site. These files can easily be detected and stolen by others browsing your web pages. In order to prevent this from happening place the followin code on the .htaccess file.

Options All -Indexes

Change the title and file format of the main index file

You can use this code to change the name and format of your site's original file.

DirectoryIndex file.php file.htm

Increase file security in htaccess

You can use the following code in .htaccess to prevent visitors and profits from accessing some of your important site files, such as configuration files and configurations.

order allow, deny
deny from all

You can enter the file name you want instead of mono.php.

Cached site on the browser with htaccess code

As you know, caching some of your static information on the browser will cause additional load on server resources such as CPU, RAM and the speed of your site and server will increase.

To do this, you can enter the following code at the end of the .htaccess file.

# Enables browser caching

ExpiresActive On
ExpiresByType image / jpg "access 1 year"
ExpiresByType image / jpeg "access 1 year"
ExpiresByType image / gif "access 1 year"
ExpiresByType image / png "access 1 year"
ExpiresByType text / css "access 1 month"
ExpiresByType application / pdf "access 1 month"
ExpiresByType text / x-javascript "access 1 month"
ExpiresByType application / x-shockwave-flash "access 1 month"
ExpiresByType image / x-icon "access 1 year"
ExpiresDefault "access 2 days"

Add mime-type via htaccess

Sometimes it's clicked on a site and the server asks you to open or download the file. In this situation, you can enter the following code so that wherever these extensions are viewed, submit the file without asking the user to download to the visitor.

AddType application / octet-stream .pdf
AddType application / octet-stream .zip
AddType application / octet-stream .mov

Hide directory list

One of the problems that may occur for any site is to list all the directories and files uploaded to the site, whereby profitable individuals can download and use your files to your liking. You can enter the following code in the Htaccess file to close the status bar and prevent it from being viewed by the attendees.

Options -Indexes

Restrict the type of executable files and display

To protect the security of your site's information and data, some of the extensions can be blocked on the site to prevent them from running. To do this, you can enter the following code in your Htaccess file.

Options + FollowSymlinks
RewriteEngine On
rewritecond% {REQUEST_FILENAME}! ^ (. +). css $
rewritecond% {REQUEST_FILENAME}! ^ (. +) .js $
rewritecond% {REQUEST_FILENAME}! file.php $
RewriteRule ^ (. +) $ / Deny / [nc]

Limit on file upload size

You should be aware that when you work with your content management system, there is a limitation to upload, and this limitation will sometimes help you to not upload bulky files so your server does not run out of stock. In this way, you can specify the amount of upload by using the following code.

php_value upload_max_filesize 20M

Note: In the above code, the amount of upload is set to 20 MB and you can change it to the desired level.

 

Set memory limit

The PHP Exit Limit is one of the most important things you can do to control how much server resources you use. You can set this amount by using the following code.

php_value memory limit 128M

Create constraint on post volume

The following code can be used to maximize the size of each post by 3 MB.

php_value post_max_size 3M

Change the default page

Using the following code in the .htaccess file, you can specify which files to load at the start of your site, and which file is the priority.

#Alternate default index pages
DirectoryIndex first.html index.htm index.html index.php

Create default error pages

Setting default error pages means if a server has an error like 404 when the site is online, which page will the server display to the user. For this you can design the pages for these errors and put them in the directory you want to call them through the following codes when an error occurs.

ErrorDocument 401 /error_pages/401.html
ErrorDocument 404 /error_pages/404.html
ErrorDocument 500 /error_pages/500.html

How to prevent hotlink operation in the htaccess file

The Hotlink Protection feature in the cPanel control panel also allows a site to prevent the use of files and images on other sites.

For example, if there is a direct download link on your site, another site will not use your direct link and cannot use it.

Using .htaccess, you can prevent this abuse. But you should keep in mind that your server must have the functionality of Mod_rewrite enabled in order for it to work correctly.

RewriteEngine is
RewriteCond% {HTTP_REFERER}! ^ $
RewriteCond% {HTTP_REFERER}! ^ Http: // (www \.)? yourdomain.com /.*$ [NC]
RewriteRule \. (Gif | jpg | css) $ - [F]

Note: In the above code, the gif, jpg, and CSS extensions are protected and you can add or replace your extensions, and also enter your domain name instead of yourdomain.com.


Block XSS attacks


XSS attacks are one of the most popular and popular attacks between Web site attacks, which are done by injecting codes into various files. To prevent this kind of attack on your site, you can use the following code on your .htaccess file to create a crush bar for XSS attacks.

# Blocks some XSS attacks


RewriteCond% {QUERY_STRING} (\ |% 3E) [NC, OR]
RewriteCond% {QUERY_STRING} GLOBALS (= | \ [| \% [0-9A-Z] {0.2}) [OR]
RewriteCond% {QUERY_STRING} _REQUEST (= | \ [| \% [0-9A-Z] {0.2})
RewriteRule. * Index.php [F, L]
</ IfModule>

.htaccess protection

So far you saw that you can do very important things with the htaccess file. So protecting yourself from this file is very important and you have to prevent this file from falling to the wrong hands. As security measures enter this inside .htaccess file to protect it.

<files ".htaccess">
order allow, deny
deny from all
</ files>

This way, you can configure your Htaccess file over the site.

You can also find out how to redirect the pages by visiting Htaccess's redirect tutorial.

In order to build your .htaccess we recommend using htaccesseditor.com. This site is one of the most authoritative sites for making htaccess files where you will get to set it all graphically and after doing the edits copy the codes back to your own .htaccess file. 

Congratz! You now know how to use htaccess file without going through a hassle.

Elizabet J

One OF my major goals is getting new experiences about ICT and what’s more making progress through this field.