arrow_upward

Htaccess tips **EDITED 07/19/2021**
#1
One of the most mistakes I see new web devs or web sites owners make is forget to make and use an .htaccess file. one of the main functions for this is protecting your site and forcing simple rules to help either force users to go to a certain extension or force https. This is something that is just as important as the site it self. below are a few of the simple rules that I use on all sites I build.


#Force HTTPS
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} {L,R=301}



#Add www to any URLs that do not have them
Code:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]



#Remove www from any URLs that have them
Code:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ http://[i][size=small]example.com[/i]/$1 [R=301,L]



#Add Security Headers
Code:
<IfModule mod_headers.c> 
# Protect against XSS attacks 
Header set X-XSS-Protection "1; mode=block" 
</IfModule>



#Deny access to .htaccess
Code:
<Files .htaccess>
Order allow,deny
Deny from all
</Files>



#Disable directory browsing
Code:
Options -Indexes



#Hide files of type .png, .zip, .jpg, .gif and .doc from listing
Code:
[size=small]IndexIgnore *.png *.zip *.jpg *.gif *.doc



#Hide the contents of directories
Code:
IndexIgnore *



#Deny access to files with extensions .ini, .psd, .log, .sh
Code:
<FilesMatch "\.(ini|psd|log|sh)$">
Order allow,deny
Deny from all
</FilesMatch>



#Deny access to filenames starting with dot(.)
Code:
<FilesMatch "^\.">
Order allow,deny
Deny from all
</FilesMatch>



#Password protect files
Code:
<FilesMatch "^(execute|index|myfile|anotherfile)*$">
AuthType Basic
AuthName "Mypassword"
AuthUserFile [i]<Full Server Path to .htpasswd file>[/i]/.htpasswd
Require valid-user
</FilesMatch>



#Prevent Directory Listing
Code:
Options -Indexes



#Prevent Image Hotlinking
Code:
RewriteEngine ON
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpeg|png)$ - [F].


Do you use anything else that you may find useful? Have any questions or need any help? Let me know and ill do what I can to help out.


person_pin_circle Users browsing this thread: 1 Guest(s)