Apache .htaccess tweaking tutorial
Technorati Tags: access, apache, configuration, control, howto, htaccess, networking, rewrite, rules, syntax, Tutorial, web, webserver
In this tutorial we are going to improve our website by tweaking out the .htaccess file. Why I wrote this article? Because on the net I have found many articles about this little beast, but every one of them dealt with a specific issue and not look at the overall usage of these files, or they are just too big when you need to do a thing in little time. So I’m trying to collect all the useful bits of data in a monolithic but slim tutorial, which will be updated as I collect more information. But first, let’s see what .htaccess file is…
Here we have the definitions from Wikipedia:
.htaccess (Hypertext Access) is the default name of Apache’s directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccess context and the user needs appropriate permissions.
Let’s now deal with most common issues!
Tweaks Index
(Last updated 28th Feb 2006)
- Folders Access Control
- Folder Listing
- Enable Compression
- Hide your files
- Customized HTTP 404 error page
- Blocking bad referers - No hotlinking
- Blocking Bad Bots | Fetchers
- Do not show ‘www’
- Hide scripting language extension
- Various Tips & Tricks
- Password Protection with htpasswd
- Enabling SSI
- Changing default page
- Avoid 500 error
- CheckSpelling directive
- Add MD5 Digest
- Sources
- Tools
1) Folders Access Control
You may want to totally disable access in one folder (for example, you have a directory with programming libraries that are included in your main files: in this case only the main files will access these trought the filesystem, but no one from the web should be able to open it). Well, just create an .htaccess file in that folder and put this in it
#deny all access
deny from all
If you’d like to allow access from one specific IP
#deny all access
deny from all
allow from 10.0.0.1
or from a specific IP range (which you enforce with a bit mask)
allow from 192.168.0.0/24
you can also block a specific file from access
<Files private.html>
Order allow,deny
Deny from all
</Files>
2) Folder Listing
If you want to make your folders browsable, then you should add this line in .htaccess file
Options +Indexes +MultiViews +FollowSymlinks
And this one if you have the appropriate module installed on your webserver
<ifmodule mod_autoindex.c>
IndexOptions FancyIndexing
</ifmodule>
You may want to prevent folder listing
IndexIgnore *
./ Back to Index
3) Enable Compression
You can enable PHP’s built in data compression to save bandwidth
<ifModule mod_php4.c>
php_value zlib.output_compression 16386
</ifModule>
./ Back to Index
4) Hide your files
To disable access to a particular file you can use a regular expression and the Files directive to deny access to any file beginning with .ht
You can modify it to deny a specific file (like configuration files, robots.txt, log files and whatever you want)
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
./ Back to Index
5) Customized HTTP 404 error page
If you’d like to redirect your visitors every time they catch into an HTTP 404 error, use this code:
ErrorDocument 404 /errors/notfound.html
This redirects the user to /errors/notfound.html whenever a 404 error happen. You can of course redefine also other http errors codes (403, 500… and so on). Read below what I’ve found here!
Tip: Internet Explorer has a lightly-documented “feature” that stops it from serving any custom 404 error page that is less than 512 bytes long. Your visitors will instead be sent to IE’s own 404 page (screenshot), which is generic and suggests they use an MSN search to “look for information on the Internet.” That’s one way to lose visitors! Make sure your custom 404 error page is over this limit — about 10 full lines of text and HTML should be enough.
6) Blocking bad referers - No hotlinking
If you want to block some parts of your site from any bad referer:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} otherexample\.com
RewriteRule .* - [F]
</ifModule>
Using rewrite engine, you will deny access to all your site from any visitor incoming from badguy.com or othernastywebsite.com
To prevent bandwidth stealing, you can also block access to particular files (images, zip, avi and so on)
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([-a-z0-9]+\.)?example\.com[NC]
RewriteRule .*\.(zip|mp3|avi|wmv|mpg|mpeg)$ http://www.example.com/images/nohotlink.gif [R,NC,L]
</ifModule>
This says: “If the visitor is not coming from mywebsite.net, then redirect all requests for (zip,mp3,avi,wmv,mpg,mpeg) files to a nice image that says “NO HOTLINKING HERE”. Got it? You can redirect to a page, or whatever you want, or you can modify the file extension list to include/exclude other files. CAUTION: when you decide to block image hotlinking, remember that you can potentially block ALL traffic outside your domain scope! For example, if you have a feedburner feed you have to modify the rule to let him get the images … or you feed will look quite nasty!
./ Back to Index
7) Blocking Bad Bots | Fetchers
In some cases you want to block some nasty spiders or site downloaders. Then we have to use mod_rewrite again. Usually bad bots ignore robots.txt directive so you may want to enforce them to a 403 error whenever they try to spider or fetch your website
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule .* - [F]
</ifModule>
(List taken from here)
./ Back to Index
8) Do not show ‘www’
To do this, you can usea simple rewrite rule
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^www\.example\.com[nc]
RewriteRule ^(.*)$ http://example.com/$1 [r=301,nc]
</IfModule>
Why removing www? You can read it here.
9) Hide scripting language extension
You can improve your security by changing script extensions so your visitors don’t know what scripting language you are using:
# Make PHP code look like unknown types
AddType application/x-httpd-php .133t
This way the .133t files will be parsed as PHP files. You must rename your files with the new extension.
./ Back to Index
10) Various Tips & Tricks
- Keep .htaccess small: the file is processed by the webserver at EACH request (performance issues)
- Keep your .htaccess organized. Use comments (# lines) and keep it logically consistent. Is very difficult to understand a untidy .htaccess file once it grows in size
- When using URL rewriting rules, add the flag [L] to the rules that redirects the users to a last page (like no hotlinking rules and so on). You will tell the server to not process any more the rules (performance issues)
- Beware of inheritance: root level .htaccess files are applied also in folders, and any htaccess rule in the folder can override the root rules
11) Password Protection with htpasswd
This is useful if you want to add password protection to some pages/folders
- Create a .htpasswd file in the folder you want to protect
- The file will contain login data in the form username:password. Username is plain text. Password should be encrypted or it won’t work! Use this tool to get your string to add
- If you create the file on your local pc, be sure to upload it on the webserver in ASCII mode
- Now you can modify your .htaccess file. The authentication will apply to the folder where you place it and its subfolders:
AuthUserFile /home/pathto/.htpasswd
AuthType Basic
AuthName "My Secret Folder"<LIMIT GET POST>
require valid-user
</LIMIT>
You can protect a single file by placing this into a <Files> directive. - Be sure to protect your .htaccess file from viewing using the 1) tip
12) Enabling SSI
Use this instructions to enable SSI parsing
AddType text/html .html
AddType text/html .shtml
AddHandler server-parsed .html
AddHandler server-parsed .shtml
13) Changing default page
You can use these instructions to change default page (order is important!)
DirectoryIndex home.html index.htm index.html index.php
14) Avoid 500 Error
By passing the charset you avoid the 500 error display
AddDefaultCharset utf-8
15) CheckSpelling directive
This directive can be useful to auto-correct simple spelling errors in the URL
<IfModule mod_speling.c>
CheckSpelling On
</IfModule>
16) Add MD5 Digest
If you aren’t worried about performance issues, you can add a MD5 hash calculation to attach a MIC (Message Integrity Check) on each request. This is useful to check the integrity of the message.
ContentDigest On
A) Sources
- http://corz.org/serv/tricks/htaccess.php
- http://underscorebleach.net/jotsheet/2004/06/htaccess-prevent-hotlinking
- http://brainstormsandraves.com/archives/2005/10/09/htaccess/
- http://www.usphp.com/security.hiding.html





Darksky said
Febbraio 26 2006 @ 3:53 pm
Braddocchi, un uccellino mi ha detto che tradurrai l’intero articolo in italiano per rendere meno sbatti la lettura…………………………….VERO ????????
Vortexmind said
Febbraio 26 2006 @ 4:22 pm
Eh beh certo … ma che sbatto … dai non dirmi che non è comprensibile! Comunque SE ci saranno abbastanza richieste e SE qualcuno sarà cosi gentile da diggare l’articolo … potrei anche valutare la cosa. Se vedo che c’è interesse farò il possibile per accontentare tutti
Darksky said
Febbraio 26 2006 @ 7:55 pm
Bhe tra italiano e inglese per me rimane sempre più comodo l’italiano oh.
Che vordì diggare ?
Oh leggi l’email e facciamo scambio di icone ! yarf yarf yarf
Vortexmind said
Febbraio 26 2006 @ 8:14 pm
Clicca su diggare e capirai
baldo said
Febbraio 26 2006 @ 9:18 pm
ti ho diggato!!!
TW said
Febbraio 26 2006 @ 9:43 pm
Very good. Thank you for this. I look forward to more updates.
Can I suggest more on the mod_rewrite as that tends to cause the most problems. A good one would be something about how to make your pages all appear to not have an exension.
Vortexmind said
Febbraio 26 2006 @ 11:15 pm
Good suggestions TW. Ah, I like your history site
Webhosting v2.0 said
Febbraio 27 2006 @ 12:05 am
.Htaccess Tweaks
For those of you that host websites on Unix based servers, your probably fully aware of what a .htaccess file is. Well here are some excellent tweaks to help you use it to it's fullest abilities and you can …
dsom said
Febbraio 27 2006 @ 12:57 am
wow, finalmente un diggers italiano, bravo picciotto
Ambrand said
Febbraio 27 2006 @ 2:33 am
Very well written, a useful guide. Thanks.
passenger said
Febbraio 27 2006 @ 3:12 am
The following directive
require valid-user
is very very danger.
i’d be happy if you consider this.
Mark said
Febbraio 27 2006 @ 3:13 am
Thanks for this excellent guide! I wish I’d had this yesterday as I was trying to upgrade to WordPress 2…
passenger said
Febbraio 27 2006 @ 3:15 am
sorry but I want to write like this:
<LIMIT GET POST>
require valid-user
</LIMIT>
nitroburn said
Febbraio 27 2006 @ 3:58 am
Nice and all, but its faster to keep this all in the httpd.conf as using .htaccess will add another file accessed for every page load and that will add another disk seek.
James Carlos said
Febbraio 27 2006 @ 5:21 am
I have a fairly large .htaccess filled with rewrite rules, how would I go about moving them to my httpd.conf?
Josh Powell said
Febbraio 27 2006 @ 6:40 am
Good summary.
For some reason the CheckSpelling directive causes ALL pages in my site to return a 500 error.
Vortexmind said
Febbraio 27 2006 @ 7:11 am
Thanks for the feedback guys, I will get back to you as soon as possible
Mark J said
Febbraio 27 2006 @ 9:16 am
Got a typo here:
<ifmodule mod_autoindex.c<dan said
Febbraio 27 2006 @ 9:36 am
Very usefull!
maybe do you know, how to set .htaccess to
set password for specicic IP address only, and allow unrestricted access to whole Internet?
The.RSS.Reporter said
Febbraio 27 2006 @ 10:15 am
=?utf-8?B?ZGVsLmljaW8udXMvcG9wdWxhcg==?=
Thinking in Web 2.0: Sixteen Ways (web2.wsj2.com)
http://web2.wsj2.com/thinking_in_web_20_sixteen_ways.htm
weird 4D game … like the Rubik Cube
http://www.superliminal.com/cube/applet.html &n...
Darksky said
Febbraio 27 2006 @ 12:25 pm
Yes spaghetto ammeregano mai provogado e mo me te magno.
Quand you traducing estas guidas, baby ? I diggato you!
Matt R said
Febbraio 27 2006 @ 3:25 pm
Josh — Apache will throw a 500 error anytime it processes a .htaccess file with rules it doesn’t understand. Almost certainly what’s happening for you is that mod_speling (yes, that’s what it’s called — bad joke from the Apache team) isn’t compiled in your Apache, so it doesn’t recognize the request.
Jessica Burns said
Febbraio 27 2006 @ 3:35 pm
That was really interesting! Thanks!
A great resource
Vortexmind said
Febbraio 27 2006 @ 6:18 pm
Josh & Matt R: you’re right, if the module is missing we have 500 error. So I’ve modified the tutorial … just adding a IfModule directive makes it portable even to servers without the module. Shame on Apache Group for spelling error
Another nice things to know about CheckSpelling (from Apache 2.0 Docs)
So … use it with caution!
Dan: I will try to do that
Lou said
Febbraio 27 2006 @ 10:47 pm
In “Blocking Bad Bots” you end in:
RewriteRule ^.* - [F,L][L] is redundant when used with [F]. You can read more about the flags at the Apache Module mod_rewrite guide.
You can also remove the
^as you don’t need to start-anchor a wildcarded pattern. I would make the final code like this:RewriteRule .* - [F]Nitroburn is correct in stating that putting most of your htaccess code into httpd.conf is faster because it only has to load once during Apache startup, but it takes some tweaking if you are using virtual hosts. I block bad bots using one httpd.conf file for 40 virtual hosts (we host 40 or so web sites) instead of 40 separate .htaccess files.
You list each bot in a separate line. Writing each robot name on its own line is faster in httpd.conf, but slower in htaccess. htaccess will parse it faster (not by much) if you combine them into one line. There is an interesting article about this at Webmasterworld (see message #75).
Vortexmind said
Febbraio 27 2006 @ 11:01 pm
And consider that not all hosting plans let you modify httpd.conf
wanagi said
Febbraio 28 2006 @ 12:03 pm
great straight forward tutorial . thanks for the work.
meneame.net said
Marzo 3 2006 @ 2:14 am
Recetas para optimizar Apache usando htaccess
Una serie de pequeños trucos que permiten mejorar el rendimiento y la seguridad del servidor apache. Aunque curiosamente uno de los primeros trucos que ellos no recomiendan sea no utilizar htaccess
(en inglés)
Randal L. Schwartz said
Marzo 3 2006 @ 5:31 am
Don’t limit the LIMITs. Remove the lines with LIMIT and /LIMIT. Almost every use of LIMIT is wrong, as is this one.
It’s amazing how much cargo-culting there is around this issue. Go read the Apache docs… they confirm what I’m saying.
Mastblau said
Marzo 12 2006 @ 6:52 pm
Apache .htaccess Tutorial
Webdesigner, welche zwr Content management Systeme installieren können, aber keine suchmaschinenfreundliche URLs, erledigen nur einen Teil ihres Jobs. Heutzutage sind suchmaschinenfreundliche URLs fast Pflicht, und können auf Apache Systemen mit der…
John said
Marzo 15 2006 @ 10:18 pm
Well, I copied and pasted the exact code from here and it gives me this:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
I then included the line from your tutorial to get rid of the 500 error (which I think is the internal server error, correct?):
AddDefaultCharset utf-8
Hoping that would fix it, but still get the same error. I emailed my provider and they said mod_rewrite was definitely on. ANy ideas?
Thanks.
j.
John said
Marzo 15 2006 @ 10:21 pm
Oops, sorry meant to post the code that I used-it was the hotlinking code to block certain sites:
RewriteEngine on
RewriteCond %{HTTP_REFERER} myspace\.com [NC,OR]
RewriteCond %{HTTP_REFERER} xanga\.com
RewriteRule .* - [F]
J.
Vortexmind said
Marzo 15 2006 @ 10:32 pm
Uhm, you should check out the logs of the webserver. In many cases there is a precise reason written there, even if the page shows a generic 500 error. Do you have access to log files or can you tell your provider to check out them?
John said
Marzo 16 2006 @ 11:29 pm
I’ll contact my provider about the logs. Thanks!
Oh, and after emailing them with the same code that I posted above, they told me what I was doing should work.
John
Ron said
Marzo 20 2006 @ 7:33 am
Very helpful stuff! Great job!
More questions than answers said
Marzo 20 2006 @ 6:54 pm
More .htaccess
So today it’s the turn of htaccess. I thought I had this worked out with password protecting directories but there’s a number of ways of achieving the result. Using htpasswd to create a password file and adding users is one…
Matías said
Aprile 5 2006 @ 4:24 am
Thanks a lot for letting me translate it. You can find the Spanish version of this tutorial at: http://www.enespanol.com.ar/2006/04/03/tutorial-de-htaccess/
burnz's blog @ wordpress.com said
Aprile 13 2006 @ 9:20 am
Apache .htaccess tweaking tutorial
A list of tips about the .htaccess file and its tweaking. It will be updated as more tips become available. Just solutions, with no long explaining!
Link: Apache .htaccess tweaking tutorial
…
Luca M. said
Maggio 5 2006 @ 1:19 pm
complimenti per il lavoro…
Briaa said
Maggio 26 2006 @ 9:28 pm
I don’t know what to name the file or where to place the file in my root directory to get any mistypes back to my main page.
if someong tyes in NewHotMusic.com/j
and ther is no j or anything that is undefined, I’d like the page to route back to the index…how do I save and where do I place your script?
ErrorDocument 404 /errors/notfound.html
Vortexmind said
Maggio 27 2006 @ 12:43 pm
You have to create an .htaccess file in your root dir of the website, and then you must place that line in that file
Mose said
Maggio 31 2006 @ 6:45 pm
Thank you Vortex, your tutorial helped me a lot with my website http://www.portagalera.com !!!
Darksky said
Maggio 31 2006 @ 10:00 pm
Yes, it helped me also on my website http://www.netwargamingitalia.net, thanks a lot !
*indicizz*, *indicizz*, *indicizz*, *indicizz*
( e qui ci va l’ASDone faccione a schermo intero )
Jill said
Luglio 21 2006 @ 9:02 pm
I used the hot-link prevention code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.atthewell.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.atthewell.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://atthewell.com/.*$ [NC]
RewriteRule .*\.(gif|jpg|wma|wmx|wax|asx|asf|rpm|rm|swf|mid)$ - [F]
It works to prevent gif and jpg, but allows wma, wmx, swf.
I tried adding the line last, but it gave my entire site a 500 error:
http://www.atthewell.com/audio/bandwidth_theft.jpg [R,NC,L]
Any help is appreciated.
hariharan said
Settembre 1 2006 @ 1:37 pm
hi,
its very useful and excellent guide for me to learn some new things about url rewriting but i have faced some problem when i am trying to show my profile,i have given the url as below
http://www.i-netsolution.com/hariharan
pls guide me to do this!!!
bob said
Novembre 29 2006 @ 5:48 pm
Hi! I setup SSL/TLS on apache 2.0.
Its working fine apache only listen on 443 port for incoming connections. My question is:
How to config apache , for example when user type http://www.dome.com to automatic redirect him to port 443 and https connection. Now when i use http://www.domain.com he dont display anything because apache don listen on 80.
Can you help me, please? Thanx
Chistemaniaco said
Dicembre 21 2006 @ 8:52 pm
Thank you Vortex, your tutorial is very good
Gerald Deaner said
Gennaio 5 2007 @ 4:39 pm
Nice article, very short and helpful.
You should add this site: this site as a source.. bye
MusicMan said
Gennaio 9 2007 @ 12:19 am
Hi VortexMind,
Great article, could use some help though.
I wish to protect a 200mb wmv video file (Im using for education purposes in my business) from being hotlinked and accessed “other” than from my own site (virtual hosted), hopefully without the need for someone to enter password etc. I can afford bandwidth on my own site, but not if others in my business nationally tap into my video. So far, I am successfull in preventing hotlinks (see code below) but if someone types in the direct URL they get access. They could frame that direct url and Im in trouble bandwidth cost wise. Please take a moment and look see what Im doing wrong or to make suggestions. Thanks again for all the great work you do to help others. God Bless.
.htaccess code saved (ascii file) in a subdirectory holding wmv and flv files
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?MyWebsiteURLhere.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpe?g|png|bmp|wmv|flv)$ [F,NC]
All the best,
MusicMan
Vortexmind said
Gennaio 9 2007 @ 2:54 pm
MusicMan: AFAIK you cannot do what you ask with htaccess file. If you want to restrict resource usage to some user group, you must authenticate them in some way before letting them access the resource.
MusicMan said
Gennaio 9 2007 @ 5:07 pm
Thanks Vortexmind for your prompt reply. Please excuse my ignorance on the subject, but it just seems odd that if a webmaster wishes to only allow access to content from only their own website and not allow others to hotlink or page frame the content, they could only do so by means of using passwords. Maybe htaccess isnt the vehicle to accomplish the task at hand. I’m sure I am not the only one who has a need for such a request. I will continue on with my quest for answers and feel free to contact me anytime with suggestions.
All the best to you and your fellow bloggers.
MusicMan
Cybercopia said
Gennaio 9 2007 @ 9:20 pm
Found this tutorial very useful. My focus was a custom 404 page, which left me with a question. Is there a way to include users getting the custom page when they enter a .php extension? My custom page works fine as long as they’re looking for http://somepage.html, but if they enter http://somepage.php they get the standard IE 404 page not found response.
rh said
Gennaio 29 2007 @ 5:15 pm
I just downloaded Apache latest version on my windows xp platform.
I am trying to protect my website with username and password.
In the httpd.conf file I added line for my directory
…/htdocs/test
Allowoverride AuthConfig
order allow deny
options none
This is what is configured.
.htaccess file is created with
AuthConfig private
AuthAccessFile ……/password.txt ( eventhough I generated password using htpasswd changed it to password.txt file moved it ot another directory.)
…. basic
… require valid-user.
When I restart apache I get 403 error. Never get user prompt.
If I add one more line under my dir. in httpd file saying allow all, I can access my site without being prompted for username etc.
Can someone help me please?
Thanks,
RH
Jenny said
Marzo 15 2007 @ 6:22 am
Wow you sure have a lot of new info for me..
htaccess can be way overwhelming for a newbiw like me.. SO just wanted to say I appreciate your tutorial!
Have you seen this one?
http://www.askapache.com/2006/htaccess/htaccesselite-ultimate-htaccess-article.html
Avinash said
Marzo 29 2007 @ 5:34 pm
Real cool one ! Thanks !!
fletcher mak said
Aprile 10 2007 @ 1:41 pm
I am just trying to learn more about htaccess file and this is good info for me. I gather lot of info..
DanKe said
Aprile 13 2007 @ 5:41 pm
Just wanted to let everyone know, if you kill your www with:
”
Options FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^www\.example\.com[nc]
RewriteRule ^(.*)$ http://example.com/1 [r=301,nc]
”
and, for example, are passing variables from say http to https, you must rewrite your code without the www or you will get a permission error…
well.. I did…
Newbie said
Aprile 20 2007 @ 1:35 pm
Can someone please help me?
I would like my Apache web server to only serve html, php, jpg & png file extensions!
ie. http://www.example.com/a.html
http://www.example.com/a.php
http://www.example.com/a.jpg
http://www.example.com/a.png
I have tried this command so far in my httpd.conf:
Order deny,allow
Allow from all
Can you someone please reply with a solution thanks!
Newbie said
Aprile 21 2007 @ 4:44 am
PS. i used the FilesMatch Directive with the following inside the tag:
“\.(html|php|jpg|png$”
theshark said
Giugno 19 2007 @ 11:57 am
Good work and very helpfull tweak…… thanks a lot!!!
airjordan said
Giugno 28 2007 @ 8:07 pm
I don’t know what to name the file or where to place the file in my root directory to get any mistypes back to my main page.
if someong tyes in NewHotMusic.com/j
and ther is no j or anything that is undefined, I’d like the page to route back to the index…how do I save and where do I place your script?
ErrorDocument 404 /errors/notfound.html
Htaccess Dosya Nedir? Htaccess dosyası ne işe yarar ve işlevleselliği nedir ? said
Luglio 20 2007 @ 1:20 am
[...] engelleyebileceğinizi, hatta zararlı bot’lardan korunabileceğinizi biliyor muydunuz? Bu yazı Apache .htaccess tweaking tutorial makalesinin Türkçe çevirisi olup açıkbilgi sitesinden bazı eklemeler ve değişiklikler [...]
Want Your Own Website? « alll about linux said
Luglio 28 2007 @ 11:42 am
[...] Full Story [...]
.htaccess Kullanımı ve İpuçları - alonon.net said
Luglio 28 2007 @ 5:25 pm
[...] engelleyebileceğinizi, hatta zararlı bot’lardan korunabileceğinizi biliyor muydunuz? Bu yazı Apache .htaccess tweaking tutorial makalesinin Türkçe çevirisi olup bazı eklemeler ve değişiklikler [...]
.htaccess Kullanımı ve İpuçları | Bilişim Sözlük said
Agosto 8 2007 @ 3:50 pm
[...] engelleyebileceğinizi, hatta zararlı bot’lardan korunabileceğinizi biliyor muydunuz? Bu yazı Apache .htaccess tweaking tutorial makalesinin Türkçe çevirisi olup bazı eklemeler ve değişiklikler içerebilir.Not: .htaccess [...]
En Español » Tutorial de .htaccess said
Agosto 22 2007 @ 4:00 am
[...] Artículo Original: Apache .htaccess tweaking tutorial [...]
VagabondoDigitale said
Settembre 7 2007 @ 11:52 pm
khalifa said
Ottobre 28 2007 @ 3:59 am
nice tuto
Amit Patil said
Dicembre 3 2007 @ 7:07 pm
Thank you for this excellent tutorial….hope u will post another tutorials also.
Welcome to Paradise said
Febbraio 1 2008 @ 5:13 pm
Thank you for this article.
data entry said
Aprile 12 2008 @ 11:59 am
it is working well….
Nike Dunks said
Aprile 20 2008 @ 4:57 pm
htaccess can be way overwhelming for a newbiw like me.. SO just wanted to say I appreciate your tutorial!
Have you seen this one?