Apache .htaccess tweaking tutorial

26 Feb, 2006 Applications, English, Informatica, Technology, Tutorial, Webdesign

Technorati Tags: access, apache, configuration, control, howto, htaccess, networking, rewrite, rules, syntax, Tutorial, web, webserver

In this tutorial we are going to improve our website by tweaking out the .htaccess file. Why I wrote this article? Because on the net I have found many articles about this little beast, but every one of them dealt with a specific issue and not look at the overall usage of these files, or they are just too big when you need to do a thing in little time. So I’m trying to collect all the useful bits of data in a monolithic but slim tutorial, which will be updated as I collect more information. But first, let’s see what .htaccess file is…

Here we have the definitions from Wikipedia:

.htaccess (Hypertext Access) is the default name of Apache’s directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccess context and the user needs appropriate permissions.

Let’s now deal with most common issues!

Tweaks Index

(Last updated 28th Feb 2006)

Folders Access Control
Folder Listing
Enable Compression
Hide your files
Customized HTTP 404 error page
Blocking bad referers - No hotlinking
Blocking Bad Bots | Fetchers
Do not show ‘www’
Hide scripting language extension
Various Tips & Tricks
Password Protection with htpasswd
Enabling SSI
Changing default page
Avoid 500 error
CheckSpelling directive
Add MD5 Digest
Sources
Tools

1) Folders Access Control

You may want to totally disable access in one folder (for example, you have a directory with programming libraries that are included in your main files: in this case only the main files will access these trought the filesystem, but no one from the web should be able to open it). Well, just create an .htaccess file in that folder and put this in it

#deny all access deny from all

If you’d like to allow access from one specific IP

#deny all access deny from all allow from 10.0.0.1

or from a specific IP range (which you enforce with a bit mask)

allow from 192.168.0.0/24

you can also block a specific file from access

<Files private.html> Order allow,deny Deny from all </Files>

./ Back to Index

2) Folder Listing

If you want to make your folders browsable, then you should add this line in .htaccess file

Options +Indexes +MultiViews +FollowSymlinks

And this one if you have the appropriate module installed on your webserver
<ifmodule mod_autoindex.c> IndexOptions FancyIndexing </ifmodule>

You may want to prevent folder listing

IndexIgnore *
./ Back to Index

3) Enable Compression

You can enable PHP’s built in data compression to save bandwidth

<ifModule mod_php4.c> php_value zlib.output_compression 16386 </ifModule>
./ Back to Index

4) Hide your files

To disable access to a particular file you can use a regular expression and the Files directive to deny access to any file beginning with .ht
You can modify it to deny a specific file (like configuration files, robots.txt, log files and whatever you want)
<Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files>
./ Back to Index

5) Customized HTTP 404 error page

If you’d like to redirect your visitors every time they catch into an HTTP 404 error, use this code:

ErrorDocument 404 /errors/notfound.html

This redirects the user to /errors/notfound.html whenever a 404 error happen. You can of course redefine also other http errors codes (403, 500… and so on). Read below what I’ve found here!

Tip: Internet Explorer has a lightly-documented “feature” that stops it from serving any custom 404 error page that is less than 512 bytes long. Your visitors will instead be sent to IE’s own 404 page (screenshot), which is generic and suggests they use an MSN search to “look for information on the Internet.” That’s one way to lose visitors! Make sure your custom 404 error page is over this limit — about 10 full lines of text and HTML should be enough.

./ Back to Index

6) Blocking bad referers - No hotlinking

If you want to block some parts of your site from any bad referer:

<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_REFERER} example\.com [NC,OR] RewriteCond %{HTTP_REFERER} otherexample\.com RewriteRule .* - [F] </ifModule>

Using rewrite engine, you will deny access to all your site from any visitor incoming from badguy.com or othernastywebsite.com
To prevent bandwidth stealing, you can also block access to particular files (images, zip, avi and so on)

<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://([-a-z0-9]+\.)?example\.com[NC] RewriteRule .*\.(zip|mp3|avi|wmv|mpg|mpeg)$ http://www.example.com/images/nohotlink.gif [R,NC,L] </ifModule>
This says: “If the visitor is not coming from mywebsite.net, then redirect all requests for (zip,mp3,avi,wmv,mpg,mpeg) files to a nice image that says “NO HOTLINKING HERE”. Got it? You can redirect to a page, or whatever you want, or you can modify the file extension list to include/exclude other files. CAUTION: when you decide to block image hotlinking, remember that you can potentially block ALL traffic outside your domain scope! For example, if you have a feedburner feed you have to modify the rule to let him get the images … or you feed will look quite nasty!
./ Back to Index

7) Blocking Bad Bots | Fetchers

In some cases you want to block some nasty spiders or site downloaders. Then we have to use mod_rewrite again. Usually bad bots ignore robots.txt directive so you may want to enforce them to a 403 error whenever they try to spider or fetch your website

<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus RewriteRule .* - [F] </ifModule>
(List taken from here)
./ Back to Index

8) Do not show ‘www’

To do this, you can usea simple rewrite rule

<IfModule mod_rewrite.c> Options +FollowSymlinks RewriteEngine on RewriteCond %{http_host} ^www\.example\.com[nc] RewriteRule ^(.*)$ http://example.com/$1 [r=301,nc] </IfModule>

Why removing www? You can read it here.

./ Back to Index

9) Hide scripting language extension

You can improve your security by changing script extensions so your visitors don’t know what scripting language you are using:

# Make PHP code look like unknown types AddType application/x-httpd-php .133t

This way the .133t files will be parsed as PHP files. You must rename your files with the new extension.
./ Back to Index

10) Various Tips & Tricks

Keep .htaccess small: the file is processed by the webserver at EACH request (performance issues)
Keep your .htaccess organized. Use comments (# lines) and keep it logically consistent. Is very difficult to understand a untidy .htaccess file once it grows in size
When using URL rewriting rules, add the flag [L] to the rules that redirects the users to a last page (like no hotlinking rules and so on). You will tell the server to not process any more the rules (performance issues)
Beware of inheritance: root level .htaccess files are applied also in folders, and any htaccess rule in the folder can override the root rules

./ Back to Index

11) Password Protection with htpasswd

This is useful if you want to add password protection to some pages/folders

Create a .htpasswd file in the folder you want to protect
The file will contain login data in the form username:password. Username is plain text. Password should be encrypted or it won’t work! Use this tool to get your string to add
If you create the file on your local pc, be sure to upload it on the webserver in ASCII mode
Now you can modify your .htaccess file. The authentication will apply to the folder where you place it and its subfolders:
AuthUserFile /home/pathto/.htpasswd AuthType Basic AuthName "My Secret Folder"
<LIMIT GET POST> require valid-user </LIMIT>
You can protect a single file by placing this into a <Files> directive.
Be sure to protect your .htaccess file from viewing using the 1) tip

./ Back to Index

12) Enabling SSI

Use this instructions to enable SSI parsing

AddType text/html .html AddType text/html .shtml AddHandler server-parsed .html AddHandler server-parsed .shtml

./ Back to Index

13) Changing default page

You can use these instructions to change default page (order is important!)

DirectoryIndex home.html index.htm index.html index.php

./ Back to Index

.htaccess password generator

./ Back to Index

Post simili

Opzioni Post

Social<bookmark>this!
Stampa questo post
(3 votes, average: 5 out of 5)

72 Commenti so far »

Darksky said

Febbraio 26 2006 @ 3:53 pm

Braddocchi, un uccellino mi ha detto che tradurrai l’intero articolo in italiano per rendere meno sbatti la lettura…………………………….VERO ????????
Vortexmind said

Febbraio 26 2006 @ 4:22 pm

Eh beh certo … ma che sbatto … dai non dirmi che non è comprensibile! Comunque SE ci saranno abbastanza richieste e SE qualcuno sarà cosi gentile da diggare l’articolo … potrei anche valutare la cosa. Se vedo che c’è interesse farò il possibile per accontentare tutti
Darksky said

Febbraio 26 2006 @ 7:55 pm

Bhe tra italiano e inglese per me rimane sempre più comodo l’italiano oh.
Che vordì diggare ?

Oh leggi l’email e facciamo scambio di icone ! yarf yarf yarf
Vortexmind said

Febbraio 26 2006 @ 8:14 pm

Clicca su diggare e capirai
baldo said

Febbraio 26 2006 @ 9:18 pm

ti ho diggato!!!
TW said

Febbraio 26 2006 @ 9:43 pm

Very good. Thank you for this. I look forward to more updates.

Can I suggest more on the mod_rewrite as that tends to cause the most problems. A good one would be something about how to make your pages all appear to not have an exension.
Vortexmind said

Febbraio 26 2006 @ 11:15 pm

Good suggestions TW. Ah, I like your history site
Webhosting v2.0 said

Febbraio 27 2006 @ 12:05 am

.Htaccess Tweaks

For those of you that host websites on Unix based servers, your probably fully aware of what a .htaccess file is. Well here are some excellent tweaks to help you use it to it's fullest abilities and you can …
dsom said

Febbraio 27 2006 @ 12:57 am

wow, finalmente un diggers italiano, bravo picciotto
Ambrand said

Febbraio 27 2006 @ 2:33 am

Very well written, a useful guide. Thanks.
passenger said

Febbraio 27 2006 @ 3:12 am

The following directive

require valid-user

is very very danger.

i’d be happy if you consider this.
Mark said

Febbraio 27 2006 @ 3:13 am

Thanks for this excellent guide! I wish I’d had this yesterday as I was trying to upgrade to WordPress 2…
passenger said

Febbraio 27 2006 @ 3:15 am

sorry but I want to write like this:

<LIMIT GET POST>
require valid-user
</LIMIT>
nitroburn said

Febbraio 27 2006 @ 3:58 am

Nice and all, but its faster to keep this all in the httpd.conf as using .htaccess will add another file accessed for every page load and that will add another disk seek.
James Carlos said

Febbraio 27 2006 @ 5:21 am

I have a fairly large .htaccess filled with rewrite rules, how would I go about moving them to my httpd.conf?
Josh Powell said

Febbraio 27 2006 @ 6:40 am

Good summary.

For some reason the CheckSpelling directive causes ALL pages in my site to return a 500 error.
Vortexmind said

Febbraio 27 2006 @ 7:11 am

Thanks for the feedback guys, I will get back to you as soon as possible
Mark J said

Febbraio 27 2006 @ 9:16 am

Got a typo here:
<ifmodule mod_autoindex.c<
dan said

Febbraio 27 2006 @ 9:36 am

Very usefull!

maybe do you know, how to set .htaccess to

set password for specicic IP address only, and allow unrestricted access to whole Internet?
The.RSS.Reporter said

Febbraio 27 2006 @ 10:15 am

=?utf-8?B?ZGVsLmljaW8udXMvcG9wdWxhcg==?=

Thinking in Web 2.0: Sixteen Ways (web2.wsj2.com)
http://web2.wsj2.com/thinking_in_web_20_sixteen_ways.htm  

weird 4D game … like the Rubik Cube
http://www.superliminal.com/cube/applet.html &n...
Darksky said

Febbraio 27 2006 @ 12:25 pm

Yes spaghetto ammeregano mai provogado e mo me te magno.
Quand you traducing estas guidas, baby ? I diggato you!
Matt R said

Febbraio 27 2006 @ 3:25 pm

Josh — Apache will throw a 500 error anytime it processes a .htaccess file with rules it doesn’t understand. Almost certainly what’s happening for you is that mod_speling (yes, that’s what it’s called — bad joke from the Apache team) isn’t compiled in your Apache, so it doesn’t recognize the request.
Jessica Burns said

Febbraio 27 2006 @ 3:35 pm

That was really interesting! Thanks!
A great resource
Vortexmind said

Febbraio 27 2006 @ 6:18 pm
Josh & Matt R: you’re right, if the module is missing we have 500 error. So I’ve modified the tutorial … just adding a IfModule directive makes it portable even to servers without the module. Shame on Apache Group for spelling error

Another nice things to know about CheckSpelling (from Apache 2.0 Docs)
This directive enables or disables the spelling module. When enabled, keep in mind that
- the directory scan which is necessary for the spelling correction will have an impact on the server’s performance when many spelling corrections have to be performed at the same time.
- the document trees should not contain sensitive files which could be matched inadvertently by a spelling “correction”.
- the module is unable to correct misspelled user names (as in http://my.host/~apahce/), just file names or directory names
- spelling corrections apply strictly to existing files, so a request for the may get incorrectly treated as the negotiated file “/stats.html”.
So … use it with caution!

Dan: I will try to do that
Lou said

Febbraio 27 2006 @ 10:47 pm

In “Blocking Bad Bots” you end in:
RewriteRule ^.* - [F,L]

[L] is redundant when used with [F]. You can read more about the flags at the Apache Module mod_rewrite guide.

You can also remove the ^ as you don’t need to start-anchor a wildcarded pattern. I would make the final code like this:

RewriteRule .* - [F]

Nitroburn is correct in stating that putting most of your htaccess code into httpd.conf is faster because it only has to load once during Apache startup, but it takes some tweaking if you are using virtual hosts. I block bad bots using one httpd.conf file for 40 virtual hosts (we host 40 or so web sites) instead of 40 separate .htaccess files.

You list each bot in a separate line. Writing each robot name on its own line is faster in httpd.conf, but slower in htaccess. htaccess will parse it faster (not by much) if you combine them into one line. There is an interesting article about this at Webmasterworld (see message #75).
Vortexmind said

Febbraio 27 2006 @ 11:01 pm

And consider that not all hosting plans let you modify httpd.conf
wanagi said

Febbraio 28 2006 @ 12:03 pm

great straight forward tutorial . thanks for the work.
meneame.net said

Marzo 3 2006 @ 2:14 am

Recetas para optimizar Apache usando htaccess

Una serie de pequeños trucos que permiten mejorar el rendimiento y la seguridad del servidor apache. Aunque curiosamente uno de los primeros trucos que ellos no recomiendan sea no utilizar htaccess (en inglés)
Randal L. Schwartz said

Marzo 3 2006 @ 5:31 am

Don’t limit the LIMITs. Remove the lines with LIMIT and /LIMIT. Almost every use of LIMIT is wrong, as is this one.

It’s amazing how much cargo-culting there is around this issue. Go read the Apache docs… they confirm what I’m saying.
Mastblau said

Marzo 12 2006 @ 6:52 pm

Apache .htaccess Tutorial

Webdesigner, welche zwr Content management Systeme installieren können, aber keine suchmaschinenfreundliche URLs, erledigen nur einen Teil ihres Jobs. Heutzutage sind suchmaschinenfreundliche URLs fast Pflicht, und können auf Apache Systemen mit der…
John said

Marzo 15 2006 @ 10:18 pm

Well, I copied and pasted the exact code from here and it gives me this:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

I then included the line from your tutorial to get rid of the 500 error (which I think is the internal server error, correct?):

AddDefaultCharset utf-8

Hoping that would fix it, but still get the same error. I emailed my provider and they said mod_rewrite was definitely on. ANy ideas?
Thanks.
j.
John said

Marzo 15 2006 @ 10:21 pm

Oops, sorry meant to post the code that I used-it was the hotlinking code to block certain sites:

RewriteEngine on
RewriteCond %{HTTP_REFERER} myspace\.com [NC,OR]
RewriteCond %{HTTP_REFERER} xanga\.com
RewriteRule .* - [F]

J.
Vortexmind said

Marzo 15 2006 @ 10:32 pm

Uhm, you should check out the logs of the webserver. In many cases there is a precise reason written there, even if the page shows a generic 500 error. Do you have access to log files or can you tell your provider to check out them?
John said

Marzo 16 2006 @ 11:29 pm

I’ll contact my provider about the logs. Thanks!
Oh, and after emailing them with the same code that I posted above, they told me what I was doing should work.
John
Ron said

Marzo 20 2006 @ 7:33 am

Very helpful stuff! Great job!
More questions than answers said

Marzo 20 2006 @ 6:54 pm

More .htaccess

So today it’s the turn of htaccess. I thought I had this worked out with password protecting directories but there’s a number of ways of achieving the result. Using htpasswd to create a password file and adding users is one…
Matías said

Aprile 5 2006 @ 4:24 am

Thanks a lot for letting me translate it. You can find the Spanish version of this tutorial at: http://www.enespanol.com.ar/2006/04/03/tutorial-de-htaccess/
burnz's blog @ wordpress.com said

Aprile 13 2006 @ 9:20 am

Apache .htaccess tweaking tutorial

A list of tips about the .htaccess file and its tweaking. It will be updated as more tips become available. Just solutions, with no long explaining!
Link: Apache .htaccess tweaking tutorial

…
Luca M. said

Maggio 5 2006 @ 1:19 pm

complimenti per il lavoro…
Briaa said

Maggio 26 2006 @ 9:28 pm

I don’t know what to name the file or where to place the file in my root directory to get any mistypes back to my main page.

if someong tyes in NewHotMusic.com/j
and ther is no j or anything that is undefined, I’d like the page to route back to the index…how do I save and where do I place your script?

ErrorDocument 404 /errors/notfound.html
Vortexmind said

Maggio 27 2006 @ 12:43 pm

You have to create an .htaccess file in your root dir of the website, and then you must place that line in that file
Mose said

Maggio 31 2006 @ 6:45 pm

Thank you Vortex, your tutorial helped me a lot with my website http://www.portagalera.com !!!
Darksky said

Maggio 31 2006 @ 10:00 pm

Yes, it helped me also on my website http://www.netwargamingitalia.net, thanks a lot !

*indicizz*, *indicizz*, *indicizz*, *indicizz*

( e qui ci va l’ASDone faccione a schermo intero )
Jill said

Luglio 21 2006 @ 9:02 pm

I used the hot-link prevention code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.atthewell.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.atthewell.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://atthewell.com/.*$ [NC]
RewriteRule .*\.(gif|jpg|wma|wmx|wax|asx|asf|rpm|rm|swf|mid)$ - [F]

It works to prevent gif and jpg, but allows wma, wmx, swf.

I tried adding the line last, but it gave my entire site a 500 error:

http://www.atthewell.com/audio/bandwidth_theft.jpg [R,NC,L]

Any help is appreciated.
hariharan said

Settembre 1 2006 @ 1:37 pm

hi,
its very useful and excellent guide for me to learn some new things about url rewriting but i have faced some problem when i am trying to show my profile,i have given the url as below
http://www.i-netsolution.com/hariharan
pls guide me to do this!!!
bob said

Novembre 29 2006 @ 5:48 pm

Hi! I setup SSL/TLS on apache 2.0.
Its working fine apache only listen on 443 port for incoming connections. My question is:
How to config apache , for example when user type http://www.dome.com to automatic redirect him to port 443 and https connection. Now when i use http://www.domain.com he dont display anything because apache don listen on 80.
Can you help me, please? Thanx
Chistemaniaco said

Dicembre 21 2006 @ 8:52 pm

Thank you Vortex, your tutorial is very good
Gerald Deaner said

Gennaio 5 2007 @ 4:39 pm

Nice article, very short and helpful.

You should add this site: this site as a source.. bye
MusicMan said

Gennaio 9 2007 @ 12:19 am

Hi VortexMind,
Great article, could use some help though.
I wish to protect a 200mb wmv video file (Im using for education purposes in my business) from being hotlinked and accessed “other” than from my own site (virtual hosted), hopefully without the need for someone to enter password etc. I can afford bandwidth on my own site, but not if others in my business nationally tap into my video. So far, I am successfull in preventing hotlinks (see code below) but if someone types in the direct URL they get access. They could frame that direct url and Im in trouble bandwidth cost wise. Please take a moment and look see what Im doing wrong or to make suggestions. Thanks again for all the great work you do to help others. God Bless.

.htaccess code saved (ascii file) in a subdirectory holding wmv and flv files

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?MyWebsiteURLhere.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpe?g|png|bmp|wmv|flv)$ [F,NC]

All the best,
MusicMan
Vortexmind said

Gennaio 9 2007 @ 2:54 pm

MusicMan: AFAIK you cannot do what you ask with htaccess file. If you want to restrict resource usage to some user group, you must authenticate them in some way before letting them access the resource.
MusicMan said

Gennaio 9 2007 @ 5:07 pm

Thanks Vortexmind for your prompt reply. Please excuse my ignorance on the subject, but it just seems odd that if a webmaster wishes to only allow access to content from only their own website and not allow others to hotlink or page frame the content, they could only do so by means of using passwords. Maybe htaccess isnt the vehicle to accomplish the task at hand. I’m sure I am not the only one who has a need for such a request. I will continue on with my quest for answers and feel free to contact me anytime with suggestions.
All the best to you and your fellow bloggers.
MusicMan
Cybercopia said

Gennaio 9 2007 @ 9:20 pm

Found this tutorial very useful. My focus was a custom 404 page, which left me with a question. Is there a way to include users getting the custom page when they enter a .php extension? My custom page works fine as long as they’re looking for http://somepage.html, but if they enter http://somepage.php they get the standard IE 404 page not found response.
rh said

Gennaio 29 2007 @ 5:15 pm

I just downloaded Apache latest version on my windows xp platform.
I am trying to protect my website with username and password.
In the httpd.conf file I added line for my directory
…/htdocs/test
Allowoverride AuthConfig
order allow deny
options none
This is what is configured.
.htaccess file is created with
AuthConfig private
AuthAccessFile ……/password.txt ( eventhough I generated password using htpasswd changed it to password.txt file moved it ot another directory.)
…. basic
… require valid-user.

When I restart apache I get 403 error. Never get user prompt.
If I add one more line under my dir. in httpd file saying allow all, I can access my site without being prompted for username etc.
Can someone help me please?
Thanks,
RH
Jenny said

Marzo 15 2007 @ 6:22 am

Wow you sure have a lot of new info for me..

htaccess can be way overwhelming for a newbiw like me.. SO just wanted to say I appreciate your tutorial!

Have you seen this one?
http://www.askapache.com/2006/htaccess/htaccesselite-ultimate-htaccess-article.html
Avinash said

Marzo 29 2007 @ 5:34 pm

Real cool one ! Thanks !!
fletcher mak said

Aprile 10 2007 @ 1:41 pm

I am just trying to learn more about htaccess file and this is good info for me. I gather lot of info..
DanKe said

Aprile 13 2007 @ 5:41 pm

Just wanted to let everyone know, if you kill your www with:

”
Options FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^www\.example\.com[nc]
RewriteRule ^(.*)$ http://example.com/1 [r=301,nc]
”

and, for example, are passing variables from say http to https, you must rewrite your code without the www or you will get a permission error…

well.. I did…
Newbie said

Aprile 20 2007 @ 1:35 pm

Can someone please help me?
I would like my Apache web server to only serve html, php, jpg & png file extensions!
ie. http://www.example.com/a.html
http://www.example.com/a.php
http://www.example.com/a.jpg
http://www.example.com/a.png

I have tried this command so far in my httpd.conf:

Order deny,allow
Allow from all

Can you someone please reply with a solution thanks!
Newbie said

Aprile 21 2007 @ 4:44 am

PS. i used the FilesMatch Directive with the following inside the tag:
“\.(html|php|jpg|png$”
theshark said

Giugno 19 2007 @ 11:57 am

Good work and very helpfull tweak…… thanks a lot!!!
airjordan said

Giugno 28 2007 @ 8:07 pm

I don’t know what to name the file or where to place the file in my root directory to get any mistypes back to my main page.

if someong tyes in NewHotMusic.com/j
and ther is no j or anything that is undefined, I’d like the page to route back to the index…how do I save and where do I place your script?

ErrorDocument 404 /errors/notfound.html
Htaccess Dosya Nedir? Htaccess dosyası ne işe yarar ve işlevleselliği nedir ? said

Luglio 20 2007 @ 1:20 am

[...] engelleyebileceğinizi, hatta zararlı bot’lardan korunabileceğinizi biliyor muydunuz? Bu yazı Apache .htaccess tweaking tutorial makalesinin Türkçe çevirisi olup açıkbilgi sitesinden bazı eklemeler ve değişiklikler [...]
Want Your Own Website? « alll about linux said

Luglio 28 2007 @ 11:42 am

[...] Full Story [...]
.htaccess Kullanımı ve İpuçları - alonon.net said

Luglio 28 2007 @ 5:25 pm

[...] engelleyebileceğinizi, hatta zararlı bot’lardan korunabileceğinizi biliyor muydunuz? Bu yazı Apache .htaccess tweaking tutorial makalesinin Türkçe çevirisi olup bazı eklemeler ve değişiklikler [...]
.htaccess Kullanımı ve İpuçları | Bilişim Sözlük said

Agosto 8 2007 @ 3:50 pm

[...] engelleyebileceğinizi, hatta zararlı bot’lardan korunabileceğinizi biliyor muydunuz? Bu yazı Apache .htaccess tweaking tutorial makalesinin Türkçe çevirisi olup bazı eklemeler ve değişiklikler içerebilir.Not: .htaccess [...]
En Español » Tutorial de .htaccess said

Agosto 22 2007 @ 4:00 am

[...] Artículo Original: Apache .htaccess tweaking tutorial [...]
VagabondoDigitale said

Settembre 7 2007 @ 11:52 pm

Molto interessante…vedrò di riusare queste info, Grazie della segnalazione.
khalifa said

Ottobre 28 2007 @ 3:59 am

nice tuto
Amit Patil said

Dicembre 3 2007 @ 7:07 pm

Thank you for this excellent tutorial….hope u will post another tutorials also.
Welcome to Paradise said

Febbraio 1 2008 @ 5:13 pm

Thank you for this article.
data entry said

Aprile 12 2008 @ 11:59 am

it is working well….
Nike Dunks said

Aprile 20 2008 @ 4:57 pm

htaccess can be way overwhelming for a newbiw like me.. SO just wanted to say I appreciate your tutorial!

Have you seen this one?