Posts Tagged ‘apache’

Most Common .Htaccess Tweaks

Tuesday, November 13th, 2007

For those of you that host websites on Unix/Linux based servers, your probably fully aware of what a .htaccess file is. Well here are some most common tweaks to increase your web site security, and customize the way your web site behaves.

Most common usage of .htaccess files are folder access control, redirect visitors to custom error pages, stop directory listings, blocking bad robots that consume bandwidth, ban visitors from certain countries and IP addresses, protect your web site from hot linking images and bandwidth theft, redirect visitors from a requested page to a new web page, and to password protect directories.

  1. Custom Error Pages - Custom error pages allow you to have personal error pages instead of displaying your web host's generic error pages. If you’d like to redirect your visitors every time they encounter error codes (400,401,403,404,500), use this code:

    ErrorDocument 400 /errors/badrequest.htm
    ErrorDocument 401 /errors/authreqd.htm
    ErrorDocument 403 /errors/forbidden.htm
    ErrorDocument 404 /errors/notfound.htm
    ErrorDocument 500 /errors/intserver.htm

  2. Folder Access Control - If you want to totally disable an access to specific folder, create the .htaccess files in that folder and put this directives/commands .

    #deny all access
    deny from all

    or if you’d like to allow access from one specific IP

    #deny all access
    deny from all
    allow from 127.0.0.1

    or a specific range of IP

    #deny all access
    deny from all
    allow from 192.168.0.0/24

  3. No HotLinking - Blocking Bad Referrer - If you want to block bad referrer.

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} example.com [NC,OR]
    RewriteCond %{HTTP_REFERER} otherexample.com
    RewriteRule .* - [F]

    Prevent bandwidth stealing, and access to specific file like .zip, .mp3, .avi, .wmv, etc.

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://([-a-z0-9]+.)?example.com[NC]
    RewriteRule .*.(zip|mp3|avi|wmv|mpg|mpeg)$ http://www.example.com/images/nohotlink.gif [R,NC,L]

  4. Changing Default Page - Sets the file that Apache will serve if a directory is requested. This directive tell apache to make home.html to be the default page.

    DirectoryIndex home.html index.htm index.html index.php

This blog topic will be updated regularly....

Tags: apache, htaccess
Posted in Web Development | No Comments »