Jump to content

Simple htaccess directives that may assist you.


Recommended Posts

This example is to not allow access to directories that have no index defined. A sloppy way of doing this is to manually create index.html files in these directories. This one line in your htaccess may help more.


Options +FollowSymlinks


Now this produces a nasty looking 403 Forbidden page, so lets define some error page redirects, this is a great way to style these error pages, but an even better way to stop specific users from trying to access your data with a simple redirect that states every error as a 404 type page


ErrorDocument 400 /404.php
ErrorDocument 401 /404.php
ErrorDocument 403 /404.php
ErrorDocument 404 /404.php
ErrorDocument 414 /404.php
ErrorDocument 500 /404.php


This above code redirects these error messages to 404.php which could contain code like this which tells a 403 forbidden error to say "Does not exist" which would make a user assume the directory is invalid/


 if($http_status == 403) { $error="Does not exist."; }
 echo $error;


Also in a game type situation you could have someone trying to discover tricks or cheats in your game, so this file would be a great place to log some sessions into a database table called error_pages and maybe only log the important ones such as 403 and 500 (for debugging).



Moving on, lets say you have a login.php page and you simply want to hide the php extension, so users could visit domain.com/login or want that to display in the browser. This htaccess directive would assist with this.


## only need RewriteEngine on if it is not set already
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php



If your server supports gzip compression (mod_deflate) then this is great way to send compressed documents to the end users web browser, which is almost a trade off because the browser has to decompress it, but helps with the server. If you have a cPanel this could also be accomplished easily through Optimize Website. If mod_deflate is compiled on your server , this option would automatically show in cPanel depending on your hosts configuration. There are many different ways to write these, this is your basic example.


# compress text,html,js,css,xml
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript



This next example shows how you can satisfy gtmetrix and yslow while getting some premium caching done on the end users browser. This assumes mod_expires is complied on your server.


<ifmodule mod_expires.c>
 <filesmatch "\.(jpg|gif|png|css|js)$">
      ExpiresActive on
      ExpiresDefault "access plus 1 month"


This tells the browser to keep common images like jpg,gif,png and files like css,js for 1 month. This should in no way be enabled on a dev site as you might be asking your users to clear cache a lot.


Thats all for now. Feel free to improve upon these in your replies to help future readers or even googlers.

Link to comment
Share on other sites

<ifmodule mod_expires.c>
 <filesmatch "\.(jpg|gif|png|css|js)$">
      ExpiresActive on
      ExpiresDefault "access plus 1 month"


For this example you are using I did some googleing and came across this:

# 1 YEAR
<filesMatch "\.(ico|pdf|flv)$">
Header set Cache-Control "max-age=29030400, public"
# 1 WEEK
<filesMatch "\.(jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=604800, public"
# 2 DAYS
<filesMatch "\.(xml|txt|css|js)$">
Header set Cache-Control "max-age=172800, proxy-revalidate"
# 1 MIN
<filesMatch "\.(html|htm|php)$">
Header set Cache-Control "max-age=60, private, proxy-revalidate"
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...