Wat je moet weten over HTACCESS
.htaccess is a configuration file used on web server. The .htaccess file is placed in a directory which is in turn ‘loaded via the Apache Web Server’, then the .htaccess file is detected and executed by the Apache Web Server.The .htaccess file can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. Here is going to demonstrate the thirteen most useful features of .htaccess.
1) Create custom error page
Custom error pages give your website an professional look and catch those visitors who reach your website following a back link. And this can be accomplish by simply editing .htaccess file.
| Code | Description | |
| 301 | Moved Permanently | ErrorDocument 301 /error/301.php |
| 302 | Moved Temporarily | ErrorDocument 302 /error/302.php |
| 400 | Bad Request | ErrorDocument 400 /error/400.php |
| 401 | Unauthorized | ErrorDocument 401 /error/401.php |
| 403 | Forbidden | ErrorDocument 403 /error/403.php |
| 404 | Not Found | ErrorDocument 404 /error/404.php |
| 408 | Request Time-Out | ErrorDocument 408 /error/408.php |
| 500 | Server Error | ErrorDocument 500 /error/500.php |
| 502 | Bad Gateway | ErrorDocument 502 /error/502.php |
| 503 | Out of Resources | ErrorDocument 503 /error/503.php |
| 504 | Gateway Time-Out | ErrorDocument 504 /error/504.php |
2) Set Timezone on Web Server
3)Block IPs Using htaccessallow from all
Sometime you may want to allow certain IPs to accessing your site or a directory. Some of those may think of implement at application level; however, it can be easily be implemented by using .htaccess.
deny from 145.186.14.122
deny from 124.15
For those visitor coming from the IP address, they will get a 403 error. If you have configurated with your custom error page of 403, then they will be redirect to your destinated error page.
4) SEO Friendly permanent redirect
If you need to change the URL of a page and show it in search engine result, 301 permanent redirect is recommended to use.
And 301 redirect re useful in the following suitations:
- You website moved to a new domain, and you want to make seamless transition.
- Visitor access your site from different URLs. For example, your home page can be access in multiple ways. Such as: http://domain-a.tk or http://www.domain-a.tk or http://blog.domain-a.tk or http://www.blog.domain-a.tk . And you can choose a URL as your prefered URL, and implment 301 permanent redirect other URLs traffic to your preferred URL.
- Perviously, you have published some articles or pages. However, they are removed. And you can use 301 redirect those expired link to your preferred destination.
Implment 301 Permanent redirect is simple.
5) Hotlinking protection
Anyone can hot link your images and publish on there website for any purpose, however, it will consume a lot of brandwidth of your server. And we can prevent it by implementing hotlink protection in .htaccess. Here is the example code to implement it.
# Protect Hotlinking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domainname.com/ [nc]
RewriteRule .*.(gif|jpg|png)$ http://domainname.com/img/hotlink_f_o.png [nc]
6) Block request from user agent
Web server is highly vulnerability to various kind of attack. By using .htacces, it can block all of unwanted user agents that keep loading your server.
## Block Bad Bots by user-Agent
SetEnvIfNoCase user-Agent ^FrontPage [NC,OR]
SetEnvIfNoCase user-Agent ^Java.* [NC,OR]
SetEnvIfNoCase user-Agent ^Microsoft.URL [NC,OR]
SetEnvIfNoCase user-Agent ^MSFrontPage [NC,OR]
SetEnvIfNoCase user-Agent ^Offline.Explorer [NC,OR]
SetEnvIfNoCase user-Agent ^[Ww]eb[Bb]andit [NC,OR]
SetEnvIfNoCase user-Agent ^Zeus [NC]
<Limit GET POST HEAD>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</Limit>
## .htaccess Code :: END
7) Don’t want to display download request
A lot of time, when you try to download file from web server. You would get a request asking whether you want to save the file or open it. To avoid this, you can implement the following code on your .htaccess file.
AddType application/octet-stream .zip
AddType application/octet-stream .mov
8)Block access to your .htaccess file
Until now, you understand the power of .htaccess file. Due to security reason, you do not want you .htaccess file to be accessible by public. By adding following code to your .htaccess file, it will prevent any unauthorized attempts to access your .htaccess file. Any unauthorized access would return 403 error.
<Files .htaccess>
 order allow,deny
 deny from all
</Files>
9) Password protect your directories and files
In your web server, some of the directory or files may want to be accessible by authorized person only. Expect from blocking from IP address, you can password protect it. The following example shows a example to password protection for a single file and a entire directory.
<Files secure.php>
AuthType Basic
AuthName “Prompt”
AuthUserFile /home/path/.htpasswd
Require valid-user
</Files>
# password-protect a directory
resides
AuthType basic
AuthName “This directory is protected”
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user
10) Prevent unauthorized access to your PHP includes files
In PHP development, you would sepeate the DB connection settings in a seperate PHP file and include it when needed. Due to security reason, you do not wish any unauthorized access to these files. And htaccess can protect it by adopting following code.
RewriteEngine On
RewriteBase /
## Test for access to includes directory
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\\ /includes/ .*$ [NC]
## Test that file requested has php extension
RewriteCond %{REQUEST_FILENAME} ^.+\\.php$
## Forbid Access
RewriteRule .* – [F,NS,L]
The /includes/ is the includes directory.
11) Prevent access to php.ini
If you run the risk of someone accessing your php.ini or php.cgi files directly through their browsers, you can limit access to them using .htaccess.
To enable this, create a .htaccess file following the main instructions and guidance, and include the following text:
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>
12) Enable SSI
SSI represent “Server Side Includes” and these are special HTML tags which enable your HTML documents to call other HTML content. And this is very useful in many suitation. For example: include a navigation menu in your HTML documents. It allows you to use one document to display the navigation menu in all your other documents. This saves disk space and means if you need to update the content, you only need to modify one file.
This example would call the HTML document ‘document.html’ which is located in the ‘files’ directory. It is important to use a relative URL, not a path or full URL.
It is likely SSI will work on your web server, but you will probably need to use ‘.shtml’ file extensions rather than ‘.html’. This can be frustrating if you already have a web site setup which uses ‘.html’ extensions. In this case, you can enable SSI by following the instructions below.
To enable SSI, create a .htaccess file following the main instructions and guidance which includes the following text:
The above lines tell the Apache Web Server to allow server side includes in documents with the file extension ‘.html’.
To enable SSI for multiple file extensions, create a .htaccess file following the main instructions and guidance which includes the following text:
AddHandler server-parsed .shtml
AddHandler server-parsed .htm
The above lines tell the Apache Web Server to allow server side includes in documents with the file extension ‘.html’, ‘.shtml’ and ‘.htm’.
13) Prevent access to unauthorized browsing
Protecting specific directory browsing can be done by intructing the server to serve a Forbidden and Authorization required message while anyone requests to view that particular directory. Usually if you site doesn’t have a default index page any files within that directory is accessible to the visitors. To avoid that use the following code in the .htaccess file.
Options All -Indexes
