Hazem
Member
htaccess Cheatsheet
Here is a simple cheat sheet for the .htaccess file:
Enable Directory Browsing
Disable Directory Browsing
Customize Error Messages
Get SSI working with HTML/SHTML
Change Default Page (order is followed!)
Block Users from accessing the site
order deny,allow
deny from all
allow from 192.168.0.0/24
[/code]
Redirect Visitors to New Page/Directory
Block site from specific referrers
Block Hot Linking/Bandwidth hogging
Add this below the Hot Link Blocking code:
Stop .htaccess (or any other file) from being viewed
Avoid the 500 Error
Grant CGI Access in a directory
Password Protecting Directories
Use the .htaccess Password Generator and follow the brief instructions!
Change Script Extensions
gne will now be treated as PHP files! Similarly, x-httpd-cgi for CGI files, etc.
Use MD5 Digests
Performance may take a hit but if that's not a problem, this is a nice option to turn on.
The CheckSpelling Directive
From Jens Meiert: CheckSpelling corrects simple spelling errors (for example, if someone forgets a letter or if any character is just wrong). Just add
to your htaccess file.
The ContentDigest Directive
.
Turn off magic_quotes_gpc
Set an Expires header and enable Cache-Control
http://www.thejackol.com/htaccess-cheatsheet/
Here is a simple cheat sheet for the .htaccess file:
Enable Directory Browsing
Code:
Options +Indexes
## block a few types of files from showing
IndexIgnore *.wmv *.mp4 *.avi
Code:
Options All -Indexes
Code:
ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notfound.html
ErrorDocument 500 /servererror.html
Code:
AddType text/html .html
AddType text/html .shtml
AddHandler server-parsed .html
AddHandler server-parsed .shtml
# AddHandler server-parsed .htm
Code:
DirectoryIndex myhome.htm index.htm index.php
Code:
<limit GET POST PUT>
order deny,allow
deny from 202.54.122.33
deny from 8.70.44.53
deny from .spammers.com
allow from all
</limit>
[code]
[b]Allow only LAN users[/b]
deny from all
allow from 192.168.0.0/24
[/code]
Redirect Visitors to New Page/Directory
Code:
Redirect oldpage.html http://www.domainname.com/newpage.html
Redirect /olddir http://www.domainname.com/newdir/
Code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} site-to-block\.com [NC]
RewriteCond %{HTTP_REFERER} site-to-block-2\.com [NC]
RewriteRule .* - [F]
Code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
Add this below the Hot Link Blocking code:
Code:
RewriteRule \.(gif|jpg)$ http://www.mydomain.com/dontsteal.gif [R,L]
Code:
<files file-name>
order allow,deny
deny from all
</files>
Code:
# Avoid 500 error by passing charset
AddDefaultCharset utf-8
Code:
Options +ExecCGI
AddHandler cgi-script cgi pl
# To enable all scripts in a directory use the following
# SetHandler cgi-script
Use the .htaccess Password Generator and follow the brief instructions!
Change Script Extensions
Code:
AddType application/x-httpd-php .gne
Use MD5 Digests
Performance may take a hit but if that's not a problem, this is a nice option to turn on.
Code:
ContentDigest On
From Jens Meiert: CheckSpelling corrects simple spelling errors (for example, if someone forgets a letter or if any character is just wrong). Just add
Code:
CheckSpelling On
The ContentDigest Directive
Code:
ContentDigest On
Code:
# BEGIN GZIP
<ifmodule mod_deflate.c>
# Combine the below two lines - I've split it up for presentation
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css
application/x-javascript application/javascript
</ifmodule>
# END GZIP
Turn off magic_quotes_gpc
Code:
# Only if you use PHP
<ifmodule mod_php4.c>
php_flag magic_quotes_gpc off
</ifmodule>
Code:
<ifmodule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 7200 seconds"
ExpiresByType image/gif "access plus 518400 seconds"
ExpiresByType image/jpeg "access plus 518400 seconds"
ExpiresByType image/png "access plus 518400 seconds"
ExpiresByType text/css "access plus 518400 seconds"
ExpiresByType text/javascript "access plus 216000 seconds"
ExpiresByType application/x-javascript "access plus 216000 seconds"
</ifmodule>
<ifmodule mod_headers.c>
# Cache specified files for 6 days
<filesmatch "\.(ico|flv|jpg|jpeg|png|gif|css|swf)$">
Header set Cache-Control "max-age=518400, public"
</filesmatch>
# Cache HTML files for a couple hours
<filesmatch "\.(html|htm)$">
Header set Cache-Control "max-age=7200, private, must-revalidate"
</filesmatch>
# Cache PDFs for a day
<filesmatch "\.(pdf)$">
Header set Cache-Control "max-age=86400, public"
</filesmatch>
# Cache Javascripts for 2.5 days
<filesmatch "\.(js)$">
Header set Cache-Control "max-age=216000, private"
</filesmatch>
</ifmodule>
http://www.thejackol.com/htaccess-cheatsheet/