Apache .htaccess

From HaFrWiki
Revision as of 17:23, 2 October 2018 by Hjmf (talk | contribs) (Reference)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The Apache Webserver file .htaccess is a powerful tool for managing the access and navigation to your webserver.
Unfortunately, the working is not very intuitive and not very simple.

There are many websites that tell they do understand/know htaccess, but little is true.
I do not pretend to know/understand htaccess, but I have some useful tips tricks.
Please review them carefully and let me know what you think.

This website uses several references, such as

  • Queness.com useful htaccess tricks and tips [1],
  • the Apache Docs on htaccess [2].
  • and more ...


SEO Friendly 301

SEO content is any content created with the goal of attracting search engine traffic. [3]

  • SEO refers to search engine optimization, or the process of optimizing a website so that people can easily find it via search engines like Google.
  • By content, we mean any information that lives on the web and can be consumed on the web.

Nowadays, some modern search engine has the capability to detect 301 Permanent Redirects and update its existing record. <syntaxhighlight lang="bash" line start="1"> Redirect 301 https://www.harmfrielink.nl/home https://www.harmfrielink.nl </syntaxhighlight>

Block Access to htaccess

Do not let everybody have access to all your files, protect them! <syntaxhighlight lang="bash" line start="1">

  1. Secures htaccess file

<Files .htaccess> order allow,deny deny from all </Files>

  1. Prevents viewing of a specific file

<Files secretfile.jpg>

order allow,deny
deny from all


  1. Prevents multiple file types

<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">

Order Allow,Deny
Deny from all

</FilesMatch> </syntaxhighlight>

Prevent PHP-Directory Access

The usage of a special PHP-include directory is a common implementation paradigm.
But you don't want anyone to have access to that directory except the program/application. This snippet prevents the access to the directory file with extension php.

<syntaxhighlight lang="bash" line>

    1. Enable Mod Rewrite, this is only required once in each .htaccess file

RewriteEngine On RewriteBase /

    1. Test for access to the include directory

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /phpinclude/.*$ [NC]

    1. Test that file requested has php extension

RewriteCond %{REQUEST_FILENAME} ^.+\.php$

    1. Forbid Access

RewriteRule .* - [F,NS,L] </syntaxhighlight>

  • Line 01-03: Needs to be set once and enables the RewriteCond and RewriteRule.
  • Line 05-06: Tests case insensitive ([NC]=No Case) if the directory is ../phpinclude at the end ($).
  • Line 08-09: Tests if the file name has the extension .php at the end ($).
  • Line 11-12: Forbids access to the found file.
    • F: Returns a 403 FORBIDDEN response to the client browser.
    • NS: Causes a rule to be skipped if the current request is an internal sub-request.
    • L: Stop the rewriting process immediately and don't apply any more rules.

Source: https://httpd.apache.org/docs/current/mod/mod_rewrite.html [2].

See also




  1. Queness htaccess, Queness.com htaccess post Tips and Tricks.
  2. 2.0 2.1 Apache Docs, Description mod_rewrite module: Rewrite(s) condition and rules.
  3. WordStream, SEO Content Beginners Guide.