Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
e>
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Htaccess_Scop
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Directory_Pro
tection>
2. Password Protect wp-login.php
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Password_Prot
ect_wp-login-php>
3. Password Protect wp-admin
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Password_Prot
ect_wp-admin>
4. Protect wp-content
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Protect_wp-co
ntent>
5. Protect wp-includes
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Protect_wp-in
cludes>
6. Common Exploits
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Common_Exploi
ts>
7. Stop Hotlinking
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Stop_Hotlinki
ng>
8. Safe Request Methods
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Safe_Request_
Methods>
9. Forbid Proxies
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Forbid_Proxie
s>
10. Real wp-comments-post.php
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Real_wp-comme
nts-post-php>
11. HTTP PROTOCOL
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#HTTP_PROTOCOL
>
12. SPECIFY CHARACTERS
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#SPECIFY_CHARA
CTERS>
13. BAD Content Length
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#BAD_Content_L
ength>
14. BAD Content Type
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#BAD_Content_T
ype>
15. Missing HTTP_HOST
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Missing_HTTP_
HOST>
16. Bogus Graphics Exploit
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Bogus_Graphic
s_Exploit>
17. No UserAgent, Not POST
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#UserAgent_POS
T>
18. No Referer, No Comment
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Referer_Comme
nt>
19. Trackback Spam
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Trackback_Spa
m>
20. Map all URIs except those corresponding to existing files to a
handler
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Map_URIs_exis
ting_files_handler>
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#SSL_htaccess>
13. SetEnvIf and SetEnvIfNoCase in .htaccess
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#SetEnvIf_SetE
nvIfNoCase_htaccess>
14. Site Security with .htaccess
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Site_Security
_htaccess>
15. Merging Notes
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Merging_Notes
>
* My Favorite .htaccess Links
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Favorite_htaccess
_Links>
* Htaccess Directives
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Htaccess_Directiv
es-s0>
* Htaccess Modules
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Htaccess_Modules>
* Htaccess Software
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Htaccess_Software
>
* Technical Look at .htaccess
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Technical_htacces
s>
1. Per-directory configuration structures
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Per-directory
_configuration_structures>
2. Command handling
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Command_handl
ing>
1. mod_autoindex
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#mod_autoi
ndex>
2. mod_rewrite
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#mod_rewri
te>
3. Side notes --- per-server configuration, virtual servers, etc.
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Side_notes_pe
r-server_configuration_virtual>
4. Litespeed Htaccess support
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Litespeed_Hta
ccess_support>
Htaccess - Evolved
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Htaccess_Evolved>
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
The Hyper Text Transfer Protocol (HTTP) was initiated at the CERN in
Geneve (Switzerland), where it emerged (together with the HTML
presentation language) from the need to exchange scientific information
on a computer network in a simple manner. The first public HTTP
implementation only allowed for plain text information, and almost
instantaneously became a replacement of the GOPHER service. One of the
first text-based browsers was LYNX which still exists today; a graphical
HTTP client appeared very quickly with the name NCSA Mosaic. Mosaic was
a popular browser back in 1994. Soon the need for a more rich multimedia
experience was born, and the markup language provided support for a
growing multitude of media types.
Make your
Allow you
Make your
Allow you
What Is .htaccess
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#What_Is_htaccess>
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
e> ^
Htaccess Scope
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Htaccess_Scop
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Main_Server_Confi
g_Examples> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Now lets take a look at some htaccess examples to get a feel for the
syntax and some general ideas at the capabilities. Some of the best
examples for .htaccess files are included with Apache for main server
config <http://httpd.apache.org/docs/trunk/configuring.html> files, so
lets take a quick look at a couple of them on our way down to the actual
.htaccess examples further down the page (this site has thousands, take
your time). The basic syntax is *a line starting with # is a comment,
everything else are directives followed by the directive argument*.
*httpd-multilang-errordoc.conf
<http://uploads.askapache.com/2008/08/httpd-multilang-errordocconf.in>*:
The configuration below implements multi-language error documents
through content-negotiation
Here are the rest of them if you wanna take a look. (httpd-mpm.conf
<http://uploads.askapache.com/2008/08/httpd-mpmconf.in>,
httpd-default.conf
<http://uploads.askapache.com/2008/08/httpd-defaultconf.in>,
httpd-ssl.conf <http://uploads.askapache.com/2008/08/httpd-sslconf.in>,
httpd-info.conf
<http://uploads.askapache.com/2008/08/httpd-infoconf.in>,
httpd-vhosts.conf
<http://uploads.askapache.com/2008/08/httpd-vhostsconf.in>,
httpd-dav.conf <http://uploads.askapache.com/2008/08/httpd-davconf.in>)
-----------------------------------------------------------------------Example .htaccess Code Snippets
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#htaccess_Code_Sni
ppets> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Here are some specific examples, this is the most popular section of
this page. Updated frequently.
Redirect Everyone Except IP address to alternate page
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Redirect_IP_a
lternate_page> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
ErrorDocument 403 http://www.yahoo.com/
Order deny,allow
Deny from all
Allow from 208.113.134.190
tes> ^
This lets google crawl the page, lets me access without a password, and
lets my client access the page WITH a password. It also allows for XHTML
and CSS validation! (w3.org)
DefaultLanguage en-US
Disallow Script Execution
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Disallow_Scri
pt_Execution> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Options -ExecCGI
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Deny Request Methods
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Deny_Request_
Methods> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|OPTIONS|POST|PUT)
RewriteRule .* - [F]
Force "File Save As" Prompt
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Force_File_Sa
ve_Prompt> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
AddType application/octet-stream .avi .mpg .mov .pdf .xls .mp4
> ^
w> ^
Rewrite to www
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Rewrite_to_ww
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
File> ^
p-cgi> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>
Set Cookie based on Request
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Set_Cookie_ba
sed_Request> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
This code sends the |Set-Cookie| header to create a cookie on the client
with the value of a matching item in 2nd parantheses.
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)(de|es|fr|it|ja|ru|en)/$ - [co=lang:$2:.askapache.com:7200:/]
Set Cookie with env variable
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Set_Cookie_en
v_variable> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Header set Set-Cookie "language=%{lang}e; path=/;" env=lang
Custom ErrorDocuments
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Custom_ErrorD
ocuments> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
100
101
102
200
201
202
203
204
205
206
207
300
301
302
303
304
305
307
400
401
402
403
404
/100_CONTINUE
/101_SWITCHING_PROTOCOLS
/102_PROCESSING
/200_OK
/201_CREATED
/202_ACCEPTED
/203_NON_AUTHORITATIVE
/204_NO_CONTENT
/205_RESET_CONTENT
/206_PARTIAL_CONTENT
/207_MULTI_STATUS
/300_MULTIPLE_CHOICES
/301_MOVED_PERMANENTLY
/302_MOVED_TEMPORARILY
/303_SEE_OTHER
/304_NOT_MODIFIED
/305_USE_PROXY
/307_TEMPORARY_REDIRECT
/400_BAD_REQUEST
/401_UNAUTHORIZED
/402_PAYMENT_REQUIRED
/403_FORBIDDEN
/404_NOT_FOUND
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
ErrorDocument
405
406
407
408
409
410
411
412
413
414
415
416
417
422
423
424
426
500
501
502
503
504
505
506
507
510
/405_METHOD_NOT_ALLOWED
/406_NOT_ACCEPTABLE
/407_PROXY_AUTHENTICATION_REQUIRED
/408_REQUEST_TIME_OUT
/409_CONFLICT
/410_GONE
/411_LENGTH_REQUIRED
/412_PRECONDITION_FAILED
/413_REQUEST_ENTITY_TOO_LARGE
/414_REQUEST_URI_TOO_LARGE
/415_UNSUPPORTED_MEDIA_TYPE
/416_RANGE_NOT_SATISFIABLE
/417_EXPECTATION_FAILED
/422_UNPROCESSABLE_ENTITY
/423_LOCKED
/424_FAILED_DEPENDENCY
/426_UPGRADE_REQUIRED
/500_INTERNAL_SERVER_ERROR
/501_NOT_IMPLEMENTED
/502_BAD_GATEWAY
/503_SERVICE_UNAVAILABLE
/504_GATEWAY_TIME_OUT
/505_VERSION_NOT_SUPPORTED
/506_VARIANT_ALSO_VARIES
/507_INSUFFICIENT_STORAGE
/510_NOT_EXTENDED
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
# year
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|mp3|mp4)$">
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
</FilesMatch>
#2 hours
<FilesMatch "\.(html|htm|xml|txt|xsl)$">
Header set Cache-Control "max-age=7200, must-revalidate"
</FilesMatch>
<FilesMatch "\.(js|css)$">
SetOutputFilter DEFLATE
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
</FilesMatch>
Password Protect single file
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Password_Prot
ect_single_file> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
<Files login.php>
AuthName "Prompt"
AuthType Basic
AuthUserFile /web/askapache.com/.htpasswd
Require valid-user
</Files>
Password Protect multiple files
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Password_Prot
ect_multiple_files> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
<FilesMatch "^(private|phpinfo).*$">
AuthName "Development"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
</FilesMatch>
Send Custom Headers
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Send_Custom_H
eaders> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Header
Header
Header
Header
set
set
set
set
P3P "policyref="/w3c/p3p.xml""
X-Pingback "/xmlrpc.php"
Content-Language "en-US"
Vary "Accept-Encoding"
php> ^
cgi> ^
ng> ^
Stop hotlinking
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Stop_hotlinki
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?askapache\.com/.*$ [NC]
RewriteRule \.(gif|jpg|swf|flv|png)$ /feed.gif [R=302,L]
IP> ^
IP-s0> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
TYPES
video/x-flv .flv
application/x-shockwave-flash .swf
image/x-icon .ico
## PARSE AS CGI
AddHandler cgi-script .cgi .pl .spl
## RUN PHP AS APACHE MODULE
AddHandler application/x-httpd-php .php .htm
## RUN PHP AS CGI
AddHandler php-cgi .php .htm
## CGI PHP WRAPPER FOR CUSTOM PHP.INI
AddHandler phpini-cgi .php .htm
Action phpini-cgi /cgi-bin/php5-custom-ini.cgi
## FAST-CGI SETUP WITH PHP-CGI WRAPPER FOR CUSTOM PHP.INI
AddHandler fastcgi-script .fcgi
AddHandler php-cgi .php .htm
Action php-cgi /cgi-bin/php5-wrapper.fcgi
## CUSTOM PHP CGI BINARY SETUP
AddHandler php-cgi .php .htm
Action php-cgi /cgi-bin/php.cgi
## PROCESS SPECIFIC FILETYPES WITH CGI-SCRIPT
Action image/gif /cgi-bin/img-create.cgi
## CREATE CUSTOM HANDLER FOR SPECIFIC FILE EXTENSIONS
AddHandler custom-processor .ssp
Action custom-processor /cgi-bin/myprocessor.cgi
### HEADER CACHING
# /htaccess/speed-up-sites-with-htaccess-caching.html
<FilesMatch "\.(flv|gif|jpg|jpeg|png|ico)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>
<FilesMatch "\.(js|css|pdf|swf)$">
Header set Cache-Control "max-age=604800"
</FilesMatch>
<FilesMatch "\.(html|htm|txt)$">
Header set Cache-Control "max-age=600"
</FilesMatch>
<FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
Header unset Cache-Control
</FilesMatch>
## ALTERNATE EXPIRES CACHING
# htaccesselite.com/d/use-htaccess-to-speed-up-your-site-discussion-vt67.html
ExpiresActive On
ExpiresDefault A604800
ExpiresByType image/x-icon A2592000
ExpiresByType application/x-javascript A2592000
ExpiresByType text/css A2592000
ExpiresByType text/html A300
<FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
ExpiresActive Off
</FilesMatch>
## META HTTP-EQUIV REPLACEMENTS
<FilesMatch "\.(html|htm|php)$">
Header set imagetoolbar "no"
</FilesMatch>
Here are some default MOD_REWRITE code examples.
## REWRITE DEFAULTS
RewriteEngine On
RewriteBase /
## REQUIRE SUBDOMAIN
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^subdomain\.askapache\.com$ [NC]
RewriteRule ^/(.*)$ http://subdomain.askapache.com/$1 [L,R=301]
## SEO REWRITES
RewriteRule ^(.*)/ve/(.*)$ $1/voluntary-employee/$2 [L,R=301]
RewriteRule ^(.*)/hsa/(.*)$ $1/health-saving-account/$2 [L,R=301]
## WORDPRESS
RewriteCond %{REQUEST_FILENAME} !-f # Existing File
RewriteCond %{REQUEST_FILENAME} !-d # Existing Directory
RewriteRule . /index.php [L]
## ALTERNATIVE ANTI-HOTLINKING
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(subdomain\.)?askapache\.com/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ - [F]
## REDIRECT
RewriteCond
RewriteCond
RewriteRule
HOTLINKERS
%{HTTP_REFERER} !^$
%{HTTP_REFERER} !^http://(subdomain\.)?askapache\.com/.*$ [NC]
^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ http://google.com [R]
## REDIRECT UPLOADS
RewriteCond %{REQUEST_METHOD} ^(PUT|POST)$ [NC]
RewriteRule ^(.*)$ /cgi-bin/form-upload-processor.cgi?p=$1 [L,QSA]
## REQUIRE SSL EVEN WHEN MOD_SSL IS NOT LOADED
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
### ALTERNATATIVE TO USING ERRORDOCUMENT
# http://www.htaccesselite.com/d/htaccess-errordocument-examples-vt11.html
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /error.php [L]
## SEO REDIRECTS
Redirect 301 /2006/oldfile.html http://subdomain.askapache.com/newfile.html
RedirectMatch 301 /o/(.*)$ http://subdomain.askapache.com/s/dl/$1
Examples of protecting your files and securing with password protection.
#
# Require (user|group|valid-user) (username|groupname)
#
## BASIC PASSWORD PROTECTION
AuthType basic
AuthName "prompt"
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
Require valid-user
## ALLOW FROM IP OR VALID PASSWORD
Require valid-user
Allow from 192.168.1.23
Satisfy Any
## PROTECT FILES
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
Order Allow,Deny
Deny from all
</FilesMatch>
## PREVENT HOTLINKING
SetEnvIfNoCase Referer "^http://subdomain.askapache.com/" good
SetEnvIfNoCase Referer "^$" good
<FilesMatch "\.(png|jpg|jpeg|gif|bmp|swf|flv)$">
Order Deny,Allow
Deny from all
Allow from env=good
ErrorDocument 403 http://www.google.com/intl/en_ALL/images/logo.gif
ErrorDocument 403 /images/you_bad_hotlinker.gif
</FilesMatch>
## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK
#bytes, 0-2147483647(2GB)
LimitRequestBody 10240000
## MOST SECURE WAY TO REQUIRE SSL
# /htaccess/apache-ssl-in-htaccess-examples.html
SSLOptions +StrictRequire
SSLRequireSSL
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Enable the DirectoryIndex Protection, preventing directory index
listings and defaulting. [Disable
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html>]
Options -Indexes
DirectoryIndex index.html index.php /index.php
Password Protect wp-login.php
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Password_Protec
t_wp-login-php> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Requires a valid user/pass to access the login page[401
<http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
#status-401>]
<Files wp-login.php>
Order Deny,Allow
Deny from All
Satisfy Any
AuthName "Protected By AskApache"
AuthUserFile /web/askapache.com/.htpasswda1
AuthType Basic
Require valid-user
</Files>
Password Protect wp-admin
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Password_Protec
t_wp-admin> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Requires a valid user/pass to access any non-static (css, js, images)
file in this directory.[401
<http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
#status-401>]
Options -ExecCGI -Indexes +FollowSymLinks -Includes
DirectoryIndex index.php /index.php
Order Deny,Allow
Deny from All
Satisfy Any
AuthName "Protected By AskApache"
AuthUserFile /web/askapache.com/.htpasswda1
AuthType Basic
Require valid-user
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)
$">
Allow from All
</FilesMatch>
<FilesMatch "(async-upload)\.php$">
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>
Allow from All
</FilesMatch>
Protect wp-content
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Protect_wp-cont
ent> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Denies any Direct request for files ending in .php with a 403
Forbidden.. May break plugins/themes [401
<http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
#status-401>]
RewriteCond
RewriteCond
RewriteCond
RewriteRule
Protect wp-includes
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Protect_wp-incl
udes> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Denies any Direct request for files ending in .php with a 403
Forbidden.. May break plugins/themes [403
<http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
#status-403>]
RewriteCond
RewriteCond
RewriteCond
RewriteRule
> ^
Common Exploits
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Common_Exploits
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Block common exploit requests with 403 Forbidden. These can help alot,
may break some plugins. [403
<http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
#status-403>]
RewriteCond %{REQUEST_URI}
ludes/).* [NC]
RewriteCond %{THE_REQUEST}
RewriteCond %{THE_REQUEST}
[NC,OR]
RewriteCond %{THE_REQUEST}
RewriteCond %{THE_REQUEST}
RewriteCond %{THE_REQUEST}
TTP/ [NC]
RewriteRule .* - [F,NS,L]
> ^
!^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-inc
^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]
^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/
^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]
^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]
^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ H
Stop Hotlinking
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Stop_Hotlinking
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Denies any request for static files (images, css, etc) if referrer is
not local site or empty. [403
<http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
#status-403>]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-inc
ludes/).* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.askapache.com.*$ [NC]
RewriteRule \.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$
- [F,NS,L]
Safe Request Methods
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Safe_Request_Me
thods> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD
<http://www.askapache.com/online-tools/request-method-scanner/>[403
<http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
#status-403>]
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]
RewriteRule .* - [F,NS,L]
Forbid Proxies
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Forbid_Proxies>
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Denies any POST Request using a Proxy Server. Can still access site, but
not comment. See Perishable Press
<http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htac
cess/>
[403
<http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
#status-403>]
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_
FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIE
NT_IP} !^$
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-inc
ludes/).* [NC]
RewriteRule .* - [F,NS,L]
Real wp-comments-post.php
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Real_wp-comment
s-post-php> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Denies any POST attempt made to a non-existing wp-comments-post.php[403
<http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
#status-403>]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC]
RewriteRule .* - [F,NS,L]
HTTP PROTOCOL
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#HTTP_PROTOCOL>
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1
only[403
<http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
#status-403>]
RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]
RewriteRule .* - [F,NS,L]
SPECIFY CHARACTERS
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#SPECIFY_CHARACT
ERS> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
gth> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
e> ^
%{REQUEST_METHOD} =POST
%{HTTP:Content-Length} ^$
%{REQUEST_URI} !^/(wp-admin/|wp-content/plugins/|wp-includes/).* [NC
.* - [F,NS,L]
ST> ^
Missing HTTP_HOST
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Missing_HTTP_HO
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
> ^
No Referer, No Comment
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Referer_Comment
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Trackback Spam
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Trackback_Spam>
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
%{REQUEST_METHOD} =POST
%{HTTP_USER_AGENT} ^.*(opera|mozilla|firefox|msie|safari).*$ [NC]
%{THE_REQUEST} ^[A-Z]{3,9}\ /.+/trackback/?\ HTTP/ [NC]
.* - [F,NS,L]
ng_files_handler-s0> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f
RewriteCond %{REQUEST_URI} !=/script.php
RewriteRule .* /script.php
If the existing files you wish to have handled by your script have a
common set of file extensions distinct from that of the hander, you can
bypass mod_rewrite and use instead mod_actions. Let's say you want all
.html and .tpl files to be dealt with by your script:
Action foo-action /script.php
AddHandler foo-action html tpl
Deny access if var=val contains the string foo.
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Deny_access_var
val_string_foo> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
RewriteCond %{QUERY_STRING} foo
RewriteRule ^/url - [F]
Removing the Query String
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Removing_Query_
String> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
RewriteRule ^/url /url?
Adding to the Query String
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Adding_Query_St
ring> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Keep the existing query string using the Query String Append flag, but
add var=val to the end.
RewriteRule ^/url /url?var=val [QSA]
Rewriting For Certain Query Strings
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Rewriting_Query
_Strings> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Rewrite URLs like http://askapache.com/url1?var=val to
http://askapache.com/url2?var=val but don't rewrite if val isn't present.
RewriteCond %{QUERY_STRING} val
RewriteRule ^/url1 /url2
Modifying the Query String
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Modifying_Query
_String> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Change any single instance of val in the query string to other_val when
accessing /path. Note that %1 and %2 are back-references to the matched
part of the regular expression in the previous RewriteCond.
RewriteCond %{QUERY_STRING} ^(.*)val(.*)$
RewriteRule /path /path?%1other_val%2
------------------------------------------------------------------------
> ^
<http://www.askapache.com/htaccess/modrewrite-tips-tricks.html#redirect-word
press-feed>
301 Redirects without mod_rewrite
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#301_Redirects_m
od_rewrite> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
* Redirect single url
<http://www.askapache.com/htaccess/seo-search-engine-friendly-redirects-with
out-mod_rewrite.html#seo-301-redirect-single-file>
* Redirect to new Domain
<http://www.askapache.com/htaccess/seo-search-engine-friendly-redirects-with
out-mod_rewrite.html#seo-301-redirect-new-domain>
Secure PHP with .htaccess
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Secure_PHP_htac
cess> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Locking down your php.ini and php cgi with .htaccess
<http://www.askapache.com/htaccess/php-cgi-redirect_status.html>If you
have a php.cgi or php.ini file in your /cgi-bin/ directory or other pub
directory, try requesting them from your web browser. If your php.ini
shows up or worse you are able to execute your php cgi, you'll need to
secure it ASAP. This shows several ways to secure these files, and other
interpreters like perl, fastCGI, bash, csh, etc.
.htaccess Cookie Manipulation
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#htaccess_Cookie
_Manipulation> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Cookie Manipulation in .htaccess with RewriteRule
<http://www.askapache.com/htaccess/htaccess-fresh.html>*Fresh .htaccess
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html> code* for
you! Check out the Cookie Manipulation and environment variable usage
with mod_rewrite! I also included a couple Mod_Security .htaccess
examples. *Enjoy!*
* Mod_Rewrite .htaccess Examples
<http://www.askapache.com/htaccess/htaccess-fresh.html#modrewrite1>
* Cookie Manipulation and Tests with mod_rewrite
<http://www.askapache.com/htaccess/htaccess-fresh.html#modrewrite2>
* Setting Environment Variables
<http://www.askapache.com/htaccess/htaccess-fresh.html#modrewrite3>
* Using the Environment Variable
<http://www.askapache.com/htaccess/htaccess-fresh.html#modrewrite4>
* Mod_Security .htaccess Examples
<http://www.askapache.com/htaccess/htaccess-fresh.html#modrewrite5>
g> ^
.htaccess Caching
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#htaccess_Cachin
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
>
ps> ^
Merging Notes
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Merging_Notes>
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
detail about some of the rarer security applications for .htaccess files.
*SAMAXES*
Some very detailed and helpful .htaccess articles, such as the
".htaccess - gzip and cache your site for faster loading and bandwidth
saving."
<http://www.samaxes.com/2008/04/20/htaccess-gzip-and-cache-your-site-for-fasterloading-and-bandwidth-saving/>
*PerishablePress*
Stupid .htaccess tricks
<http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/> is
probably the *best explanation online* for many of the best .htaccess
solutions, including many from this page. Unlike me they are fantastic
writers, even for technical stuff they are very readable, so its a good
blog to kick back on and read. They also have a fantastic article
<http://perishablepress.com/press/2009/02/03/eight-ways-to-blacklist-with-apache
s-mod_rewrite/>
detailing how to block/deny specific requests using mod_rewrite.
*BlogSecurity*
Mostly a site for... blog security (which is really any web-app
security) this blog has a few really impressive articles full of solid
information for Hardening WordPress with .htaccess among more advanced
topics that can be challenging but effective. This is a good site to
subscribe to their feed, they publish plugin exploits and wordpress core
vulnerabilities quite a bit.
*Check-These*
Oldschool security/unix dude with some incredibly detailed mod_rewrite
tutorials, helped me the most when I first got into this, and a great
guy too. See: Basic Mod_Rewrite Guide
<http://check-these.info/mod_rewrite-basic.html>, and Advanced
Mod_Rewrite Tutorial <http://check-these.info/RewriteRule.html>
*Reaper-X*
Alot of .htaccess tutorials and code. See: Hardening Wordpress with Mod
Rewrite and htaccess
<http://www.reaper-x.com/2007/09/01/hardening-wordpress-with-mod-rewrite-and-hta
ccess/>
*jdMorgan*
jdMorgan
<http://www.webmasterworld.com/profilev4.cgi?action=view&member=jdMorgan> is
the Moderator of the Apache Forum
<http://www.webmasterworld.com/apache/> at WebmasterWorld, a great place
for answers. In my experience he can answer any tough question
pertaining to advanced .htaccess usage, haven't seen him stumped yet.
*The W3C*
Setting Charset in .htaccess
<http://www.w3.org/International/questions/qa-htaccess-charset> is very
informative.
*Holy Shmoly!*
A great blogger with analysis of attacks and spam. See: More ways to
stop spammers and unwanted traffic.
*Apache Week*
A partnership with Red Hat back in the 90's that produced some excellent
documentation <http://www.apacheweek.com/features/userauth>.
*Corz*
Here's a resource that I consider to have some of the most creative and
ingenious ideas for .htaccess files, although the author is somewhat of
a character ;) Its a trip trying to navigate around the site, a fun
trip. Its like nothing I've ever seen. There are only a few articles on
the site, but the htaccess articles are very original and well-worth a
look. See: htaccess tricks and tips
<http://corz.org/serv/tricks/htaccess.php>.
-----------------------------------------------------------------------Htaccess Directives
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Htaccess_Directiv
es-s0> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
This is an AskApache.com exclusive /you won't find this anywhere else/.
Directory, DirectoryMatch, Files, FilesMatch, IfDefine, IfVersion,
IfModule, Limit, LimitExcept, Location, LocationMatch, Proxy,
ProxyMatch, VirtualHost, AcceptMutex, AcceptPathInfo, AccessFileName,
Action, AddCharset, AddDefaultCharset, AddDescription, AddEncoding,
AddHandler, AddInputFilter, AddLanguage, AddOutputFilter,
AddOutputFilterByType, AddType, Alias, AliasMatch, AllowCONNECT,
AllowOverride, Anonymous, Anonymous_Authoritative, Anonymous_LogEmail,
Anonymous_MustGiveEmail, Anonymous_NoUserId, Anonymous_VerifyEmail,
AuthAuthoritative, AuthDBMAuthoritative, AuthDBMGroupFile, AuthDBMType,
AuthDBMUserFile, AuthDigestAlgorithm, AuthDigestDomain, AuthDigestFile,
AuthDigestGroupFile, AuthDigestNcCheck, AuthDigestNonceFormat,
AuthDigestNonceLifetime, AuthDigestQop, AuthDigestShmemSize,
AuthGroupFile, AuthName, AuthType, AuthUserFile, BS2000Account,
BrowserMatch, BrowserMatchNoCase, CacheNegotiatedDocs, CharsetDefault,
CharsetOptions, CharsetSourceEnc, CheckSpelling, ContentDigest,
CookieDomain, CookieExpires, CookieName, CookieStyle, CookieTracking,
CoreDumpDirectory, DAV, DAVDepthInfinity, DAVMinTimeout, DefaultIcon,
DefaultLanguage, DefaultType, DocumentRoot, ErrorDocument, ErrorLog,
ExtFilterDefine, ExtFilterOptions, FancyIndexing, FileETag,
ForceLanguagePriority, ForceType, GprofDir, Header, HeaderName,
HostnameLookups, IdentityCheck, ImapBase, ImapDefault, ImapMenu,
Include, IndexIgnore, LanguagePriority, LimitRequestBody,
LimitRequestFields, LimitRequestFieldsize, LimitRequestLine,
LimitXMLRequestBody, LockFile, LogLevel, MaxRequestsPerChild,
MultiviewsMatch, NameVirtualHost, NoProxy, Options, PassEnv, PidFile,
Port, ProxyBlock, ProxyDomain, ProxyErrorOverride, ProxyIOBufferSize,
ProxyMaxForwards, ProxyPass, ProxyPassReverse, ProxyPreserveHost,
ProxyReceiveBufferSize, ProxyRemote, ProxyRemoteMatch, ProxyRequests,
ProxyTimeout, ProxyVia, RLimitCPU, RLimitMEM, RLimitNPROC, ReadmeName,
Redirect, RedirectMatch, RedirectPermanent, RedirectTemp, RemoveCharset,
RemoveEncoding, RemoveHandler, RemoveInputFilter, RemoveLanguage,
RemoveOutputFilter, RemoveType, RequestHeader, Require, RewriteCond,
RewriteRule, SSIEndTag, SSIErrorMsg, SSIStartTag, SSITimeFormat,
SSIUndefinedEcho, Satisfy, ScoreBoardFile, Script, ScriptAlias,
ScriptAliasMatch, ScriptInterpreterSource, ServerAdmin, ServerAlias,
ServerName, ServerPath, ServerRoot, ServerSignature, ServerTokens,
SetEnv, SetEnvIf, SetEnvIfNoCase, SetHandler, SetInputFilter,
SetOutputFilter, Timeout, TypesConfig, UnsetEnv, UseCanonicalName,
XBitHack, allow, deny, order, CGIMapExtension, EnableMMAP,
Htaccess Modules
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Htaccess_Modules>
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Here are most of the modules that come with Apache. Each one can have
new commands that can be used in .htaccess file scopes.
mod_actions <http://www.askapache.com/servers/mod_actions.c.html>,
mod_alias <http://www.askapache.com/servers/mod_alias.c.html>, mod_asis
<http://www.askapache.com/servers/mod_asis.c.html>, mod_auth_basic
<http://www.askapache.com/servers/mod_auth_basic.c.html>,
mod_auth_digest
<http://www.askapache.com/servers/mod_auth_digest.c.html>,
mod_authn_anon <http://www.askapache.com/servers/mod_authn_anon.c.html>,
mod_authn_dbd <http://www.askapache.com/servers/mod_authn_dbd.c.html>,
mod_authn_dbm <http://www.askapache.com/servers/mod_authn_dbm.c.html>,
mod_authn_default
<http://www.askapache.com/servers/mod_authn_default.c.html>,
mod_authn_file <http://www.askapache.com/servers/mod_authn_file.c.html>,
mod_authz_dbm <http://www.askapache.com/servers/mod_authz_dbm.c.html>,
mod_authz_default
<http://www.askapache.com/servers/mod_authz_default.c.html>,
mod_authz_groupfile
<http://www.askapache.com/servers/mod_authz_groupfile.c.html>,
mod_authz_host <http://www.askapache.com/servers/mod_authz_host.c.html>,
mod_authz_owner
<http://www.askapache.com/servers/mod_authz_owner.c.html>,
mod_authz_user <http://www.askapache.com/servers/mod_authz_user.c.html>,
mod_autoindex <http://www.askapache.com/servers/mod_autoindex.c.html>,
mod_cache <http://www.askapache.com/servers/mod_cache.c.html>,
mod_cern_meta <http://www.askapache.com/servers/mod_cern_meta.c.html>,
mod_cgi <http://www.askapache.com/servers/mod_cgi.c.html>, mod_dav
<http://www.askapache.com/servers/mod_dav.c.html>, mod_dav_fs
<http://www.askapache.com/servers/mod_dav_fs.c.html>, mod_dbd
<http://www.askapache.com/servers/mod_dbd.c.html>, mod_deflate
<http://www.askapache.com/servers/mod_deflate.c.html>, mod_dir
<http://www.askapache.com/servers/mod_dir.c.html>, mod_disk_cache
<http://www.askapache.com/servers/mod_disk_cache.c.html>, mod_dumpio
<http://www.askapache.com/servers/mod_dumpio.c.html>, mod_env
<http://www.askapache.com/servers/mod_env.c.html>, mod_expires
<http://www.askapache.com/servers/mod_expires.c.html>, mod_ext_filter
<http://www.askapache.com/servers/mod_ext_filter.c.html>, mod_file_cache
<http://www.askapache.com/servers/mod_file_cache.c.html>, mod_filter
<http://www.askapache.com/servers/mod_filter.c.html>, mod_headers
<http://www.askapache.com/servers/mod_headers.c.html>, mod_ident
<http://www.askapache.com/servers/mod_ident.c.html>, mod_imagemap
<http://www.askapache.com/servers/mod_imagemap.c.html>, mod_include
<http://www.askapache.com/servers/mod_include.c.html>, mod_info
<http://www.askapache.com/servers/mod_info.c.html>, mod_log_config
<http://www.askapache.com/servers/mod_log_config.c.html>,
mod_log_forensic
<http://www.askapache.com/servers/mod_log_forensic.c.html>, mod_logio
<http://www.askapache.com/servers/mod_logio.c.html>, mod_mem_cache
<http://www.askapache.com/servers/mod_mem_cache.c.html>, mod_mime
<http://www.askapache.com/servers/mod_mime.c.html>, mod_mime_magic
<http://www.askapache.com/servers/mod_mime_magic.c.html>,
mod_negotiation
<http://www.askapache.com/servers/mod_negotiation.c.html>, mod_proxy
<http://www.askapache.com/servers/mod_proxy.c.html>, mod_proxy_ajp
<http://www.askapache.com/servers/mod_proxy_ajp.c.html>,
mod_proxy_balancer
<http://www.askapache.com/servers/mod_proxy_balancer.c.html>,
mod_proxy_connect
<http://www.askapache.com/servers/mod_proxy_connect.c.html>,
mod_proxy_ftp <http://www.askapache.com/servers/mod_proxy_ftp.c.html>,
mod_proxy_http <http://www.askapache.com/servers/mod_proxy_http.c.html>,
mod_rewrite <http://www.askapache.com/servers/mod_rewrite.c.html>,
mod_setenvif <http://www.askapache.com/servers/mod_setenvif.c.html>,
mod_speling <http://www.askapache.com/servers/mod_speling.c.html>,
mod_ssl <http://www.askapache.com/servers/mod_ssl.c.html>, mod_status
<http://www.askapache.com/servers/mod_status.c.html>, mod_substitute
<http://www.askapache.com/servers/mod_substitute.c.html>, mod_unique_id
<http://www.askapache.com/servers/mod_unique_id.c.html>, mod_userdir
<http://www.askapache.com/servers/mod_userdir.c.html>, mod_usertrack
<http://www.askapache.com/servers/mod_usertrack.c.html>, mod_version
<http://www.askapache.com/servers/mod_version.c.html>, mod_vhost_alias
<http://www.askapache.com/servers/mod_vhost_alias.c.html>
------------------------------------------------------------------------
> ^
Htaccess Software
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Htaccess_Software
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
|apxs|
APache eXtenSion tool
|dbmmanage|
Create and update user authentication files in DBM format for basic
authentication
|fcgistarter|
Start a FastCGI program
|htcacheclean|
Clean up the disk cache
|htdigest|
Create and update user authentication files for digest authentication
|htdbm|
Manipulate DBM password databases.
|htpasswd|
Create and update user authentication files for basic authentication
|httxt2dbm|
Create dbm files for use with RewriteMap
|logresolve|
Resolve hostnames for IP-addresses in Apache logfiles
log_server_status
Periodically log the server's status
|rotatelogs|
Rotate Apache logs without having to kill the server
split-logfile
Split a multi-vhost logfile into per-host logfiles
|suexec|
Switch User For Exec
Technical Look at .htaccess
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Technical_htacces
s> ^
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
which this configuration information applies (or NULL for srm.conf), and
a pointer to a resource pool in which the allocation should happen.
(If we are reading a .htaccess file, that resource pool is the
per-request resource pool for the request; otherwise it is a resource
pool which is used for configuration data, and cleared on restarts.
Either way, it is important for the structure being created to vanish
when the pool is cleared, by registering a cleanup on the pool if
necessary).
For the MIME module, the per-dir config creation function just
ap_pallocs the structure above, and a creates a couple of tables to fill
it. That looks like this:
void *create_mime_dir_config (pool *p, char *dummy)
mime_dir_config *new = (mime_dir_config *) ap_palloc (p, sizeof(mime_dir_config)
);
new->forced_types = ap_make_table (p, 4);
new->encoding_types = ap_make_table (p, 4);
Now, suppose we've just read in a .htaccess file. We already have the
per-directory configuration structure for the next directory up in the
hierarchy. If the .htaccess file we just read in didn't have any AddType
or AddEncoding commands, its per-directory config structure for the MIME
module is still valid, and we can just use it. Otherwise, we need to
merge the two structures somehow.
To do that, the server invokes the module's per-directory config merge
function, if one is present. That function takes three arguments: the
two structures being merged, and a resource pool in which to allocate
the result. For the MIME module, all that needs to be done is overlay
the tables from the new per-directory config structure with those from
the parent:
void *merge_mime_dir_configs (pool *p, void *parent_dirv, void *subdirv)
mime_dir_config *parent_dir = (mime_dir_config *)parent_dirv;
mime_dir_config *subdir = (mime_dir_config *)subdirv;
mime_dir_config *new = (mime_dir_config *)ap_palloc (p, sizeof(mime_dir_config)
);
new->forced_types = ap_overlay_tables (p, subdir->forced_types, parent_dir->forc
ed_types);
new->encoding_types = ap_overlay_tables (p, subdir->encoding_types, parent_dir->
encoding_types);
As a note --- if there is no per-directory merge function present, the
server will just use the subdirectory's configuration info, and ignore
the parent's. For some modules, that works just fine (e.g., for the
includes module, whose per-directory configuration information consists
solely of the state of the XBITHACK), and for those modules, you can
just not declare one, and leave the corresponding structure slot in the
module itself NULL.
g> ^
Command handling
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#Command_handlin
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
Now that we have these structures, we need to be able to figure out how
ex> ^
mod_autoindex
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#mod_autoind
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
> ^
mod_rewrite
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#mod_rewrite
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#toc>
// mod_rewrite
RewriteEngine, cmd_rewriteengine, OR_FILEINFO, On or Off to enable or disable (d
efault)
RewriteOptions, cmd_rewriteoptions, OR_FILEINFO, List of option strings to set
RewriteBase, cmd_rewritebase, OR_FILEINFO, the base URL of the per-directory con
text
RewriteCond, cmd_rewritecond, OR_FILEINFO, an input string and a to be applied r
egexp-pattern
RewriteRule, cmd_rewriterule, OR_FILEINFO, an URL-applied regexp-pattern and a s
ubstitution URL
RewriteMap, cmd_rewritemap, RSRC_CONF, a mapname and a filename
RewriteLock, cmd_rewritelock, RSRC_CONF, the filename of a lockfile used for int
er-process synchronization
RewriteLog, cmd_rewritelog, RSRC_CONF, the filename of the rewriting logfile
RewriteLogLevel, cmd_rewriteloglevel, RSRC_CONF, the level of the rewriting logf
ile verbosity (0=none, 1=std, .., 9=max)
RewriteLog, fake_rewritelog, RSRC_CONF, [DISABLED] the filename of the rewriting
logfile
RewriteLogLevel, fake_rewritelog, RSRC_CONF, [DISABLED] the level of the rewriti
ng logfile verbosity
The entries in these tables are:
* The name of the command
* The function which handles it a (void *) pointer, which is passed in
the cmd_parms structure to the command handler --- this is useful in
case many similar commands are handled by the same function.
* A bit mask indicating where the command may appear. There are mask
bits corresponding to each AllowOverride option, and an additional
mask bit, RSRC_CONF, indicating that the command may appear in the
server's own config files, but not in any .htaccess file.
* A flag indicating how many arguments the command handler wants
pre-parsed, and how they should be passed in. TAKE2 indicates two
pre-parsed arguments. Other options are TAKE1, which indicates one
pre-parsed argument, FLAG, which indicates that the argument should
be On or Off, and is passed in as a boolean flag, RAW_ARGS, which
causes the server to give the command the raw, unparsed arguments
tenstar
That's perfect summary, very valuable for my next job of doing SEO
friendly urls through htaccess. Thank you.
Liam McDermott
Thanks for this article, it's great.
Joost
Great list, it helps clear up much of the htacess mystery and
confusion that comes from creating such files.
htaccess
this does not seem to work ?
AuthName "htaccess password prompt"
AuthUserFile /web/askapache.com/.htpasswd
AuthType Basic
Require valid-user
Allow from 172.17.10.1
Satisfy Any
It lets me in from any ip address ? I've managed to get it to work
like this (although may not be correct)
AuthName "htaccess password prompt"
AuthUserFile /web/askapache.com/.htpasswd
AuthType Basic
Satisfy Any
order deny,allow
deny from all
Require valid-user
Allow from 172.17.10.1
I'm not sure if this is optimal however.
http://www.askapache.com/ AskApache
http://www.michiknows.com/2007/02/12/who-else-wants-to-hide-their-wordpressadmin-folder/
*
Grafikafe
very nice .htaccess doc, thank you man.
Jill
After three frustrating phone calls to the idiots at 1&1 hosting,
simply trying to help one of my clients get a redirect... I gave up
and asked my website hosting company, DreamHost for help. Their
article directed me to this site, which, solved the htaccess problem
with my client's site in a snap. Thank you so much for this!
Raymond S. Usbal
Thanks for putting this up. This htaccess guide is complete and
direct to the point. I like it!
Richard
This is very useful and powerful htaccess. It does help improve the
security of my wordpress. I will keep an eye of the updates.
John
Hey, I am using the following code for /redirecting non www url to
www url/. Please let me know what code to add?
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
It work fine for the folowing url type
|example.com/restaurant.html|, If I have to redirect the following
non www url to www url |example.com/cms/restaurant.html|. When I hit
this url I get the following response:
"The requested URL /index.php was not found on this server."
Thanks,
John
Wilvic
I found your site about htaccess interesting and could help me from
what I'm doing.
I just have some question regarding htaccess.
I need to edit a webpage that already has a 'Contact Webpage' which
you can send some suggestion/comments.
It seems like this is the place where the post is directed. I
checked the directory |_vti_bin/| but it didn't have |shtml.exe|
mike w
It it possible to *redirect a page when the url has spaces* ie.
|example.com/htaccess file.html| ?
htaccess redirect
Now this is a detailed guide on *redirecting with the htaccess
file*... excellent!
Wetter
*Nice .htaccess article.* It was very helpful for me.
Paul
Our website has been illegally copied by a Chinese website, and as a
result, when you type in our company name in Google, their illegal
website shows up on the first spot but with a 100% copy of our content.
What is a good way to block this Chinese website from our content?
Can we use htaccess files to do this?
allQoo
It is the *most comprehensive htaccess info page I ever read*. Rich
with lots of examples. Thumbs UP!
http://amuleineve.net Manasi
I am unsure if I am doing somethign wrong. I am hosted with Godaddy
but when the checking script runs it displays some errors and I am
unsure as to how to resolve them:
*Error 1*
.htaccess Capabilities
.htaccess files allowed [200] errors out and gives me:
HTTP/1.1 500 Internal Server Error
Date: Wed, 19 Nov 2008 15:59:46 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1
The others items in this list also turn yellow ( not red like the
first one but also give the same error )
*Second Error:*
HTTP Digest Authentication
Bummer... you don't have digest capabilities.
Is this critically needed?
*Third error:*
Basic
Basic
Basic
Basic
Authentication
Authentication
Authentication
Authentication
Encryption Algorithms
Attempt using Crypt Encryption
Attempt using MD5 Encryption
Attempt using SHA1 Encryption
Case Stevens
Hi, Great htaccess tutorial, learned a lot, but like Emi, I want to
redirect an affiliate link like
|site1.com/x.php?action=alink&id=15&link=3 |to
|site2.com/newproduct/| Is this possible using a rewrite rule?
Thanks for any advice
JAiro Gelvez
Exelente tutorial, he resuelt un complejo problema de cache gracias
a las infinitas alternativas de los .htaccess, en particular gracias
al mod_rewrite del apache y en ello este blog me ha sido de
muchisima ayuda. Gracias a todos
Great tutorial, I have solved a complex problem because of the
infinite cache of alternatives. Htaccess, particularly thanks to
the Apache mod_rewrite and so this blog I have been extremely
helpful. Thanks to all
kay
Hello,
Any idea about what can be wrong with a Drupal .htaccess file that
make it impossible to use my own error.php file on Dreamhost PS?
Dreamhost replied me that it must be because of the .htaccess file
but that's all.
Thanks a lot!
chaithu
Hi,
It's a very nice tutorial, but i have got a problem with apache
authentication modules. I have written an apache authentication
module and given the authentication type as basic. But, whenever a
GET request is coming, my authentication module is being invoked and
for each GET request, authentication is happening. But i wnt it to
be authenticated only once. how can i solve this problem and is
there any relation of this problem with .htaccess file
Conor
Hi thanks for the great info on creating a .htaccess file.
I just wanted to know, is it possible to use deny from all and at
the same time allow php from the same server to write to the directory?
Thanks
Naysweb
Hi, I hope you can help me, I would like for anyone who types site
(also have subdomain) without the "WWW" for it to add it. I really
hope you can help, I tried before but it went in a big rewrite
loop.. added lots of WWW's. Thanks
geo
Great htaccess things here askapache, keep up the Good Job ;)
Thank you
nowal
I am having problem on my WP blog and it has something to do with
the *htaccess*. I installed the plugin but was not able to figure
out the problem. The site was working fine but recently I am getting
tons of
page not found
As |?p=xx| is being added at the end of existing URL's. It has
something to do with |permalink|? URL Rewrite? Any hint as I am
clueless at the moment, will appreciate!
macc
Fantastic site! Thanks! Still as a newbee I need some help... I
would much appreciate if you could help me (eager to donate...) Here
is my .htaccess code:
RewriteEngine On
RewriteRule ^index.html$ index.php
RewriteRule ^browse-(.*)-videos.html$ category.php?cat=$1
RewriteRule
=$2&sortby=$3
RewriteRule
RewriteRule
RewriteRule
RewriteRule
RewriteRule
RewriteRule
RewriteRule
RewriteRule
^browse-(.*)-videos-([0-9]+)-(.*).html$ category.php?cat=$1&page
^favorites.html(.*)$ favorites.php$1
^favorites.html(.*)$ favorites.php$1
^playlist/(.*)$ myfavorites.php?u=$1
^memberlist.html(.*)$ memberlist.php$1
^tags/([^/]+)/$ tag.php?t=$1&page=1
^tags/([^/]+)/page-([0-9]+)(/)?$ tag.php?t=$1&page=$2
^(.*)/(.*)-video_(.*).html$ musicvideo.php?vid=$3
^rss.xml$ rss.php [L]
Krit
Hi, I have non-www to www redirect code as follows :
RewriteEngine On
##non-www to www
RewriteCond %{HTTP_HOST} !^(www.example.com)?$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
This works fine and redirects all non-www version of the url to its
corresponding www version. However when I have a
|https://www.example.com/mypage.asp|, it redirects the same to
|http://www.example.com/mypage.asp|. How can I prevent urls
beginning with https to be skipped by this re-write rule.
Tom Mc Carrick
Hi Dave
I found your site when I was researching a problem I have with
broken permalinks on my blog. The article on .htaccess is excellent.
Basically, some of my backlinks are pointing to posts and have the
format "postname.html" and they are giving "not found" errors. I
would like the requests for the .html links to be redirected to the
"clean" permalinks I am now using (i.e. "postname"). Could you
please explain how I can do this through .htaccess?
Thanks
Tom
Arvind
Thanks for the best tutorial all in one. that's great. I have
problem with two |.htaccess |
If there are two different |.htaccess| file in two different
directory, one that exists on root folder and other one exists in
sub directory called htaccesssearch.
I want to redirect website from non-www to www with 301 and I have
added code root |.htaccess| file as following
RewriteEngine on
Options +FollowSymlinks
Rewritecond %{http_host} ^baghel.in
Rewriterule ^(.*)$ http://www.baghel.in/$1 [r=301,nc]
This is working fine but if we access the |/htaccesssearch/abc.html|
it is not redirect to |/htaccesssearch/abc.html| because there is
another |.htaccess| in the htaccesssearch folder .
if we add the above code another .htaccess which is exist in
htaccesssearch then whole site is not working .
Please suggest me what should I do !
Thanks in advance
*
off1
Thank you man, I'm looking forward to implement all this to improve
my server's security
Rob
I'm having the same problem as Manasi. I don't know enough to know
what the
*.htaccess files allowed [200]*
error means or what to do about it. Either
my hosting provider to fix, fix myself, or
into including the feature. But if I don't
ask. Tried finding this on Google, this is
Joe Schmoe
*How Do I Make a Htaccess File?* You talked about how Creating a
Htaccess File, (without Htaccess Software) would work in Windows
Explorer.. But what program do you use?
I love your Examples of Htaccess Files, this is the best Htaccess
Tutorial, Htaccess Example, and resource IVe managed to find.
Tried the example to protect whole wp-admin folder but the result in
not as expected (still can't access any CSS file behind /wp-admin/
and authentification not working at all).
Thus, I'm assuming that either ruleset is incorrect, or that there
are some server specific stuff to take care off.
Thanks anyway for this unique guide.
Rgds
*
rif
A wonderful htaccess guide and very distinct
Larry Asuncion
How to cloak a domain redirected to a folder from another hosting
using .htaccess?
Scott C
Great job putting this together, thank you. You solved all my questions.
tim
Awesome guide. I will point our users to this :)
Sortins Technologies
Thank you for share a great and useful resource.
Rob Scott
Very good, comprehensive guide to .htaccess!
Fiona Tighe
Hi there,
Great article.. however I have a question, which I hope you don't
mind me asking.
I have built a web application and I have built a marketing site.
The app is built on the |.com| while the marketing is currently on
the |.ie|.
Anyhow, if somebody types |domain.com| I wish to redirect them to
|domain.ie|
Once on the |.ie|, a button brings them to |domain.com/login|.
So I don't wish to redirect everything...
Mia
Your site is absolutely great! I have been working on this for a
week and I finally understand this. I do not have a directory index
and I haven't figured out quite how to do this yet. My webhosting
site is Linux based so the code has to be either in Perl or Python.
I can access the .htaccess files but I can get past the first step
of creating the path.
Please help.
Mia
Andy
I realize this might be an older post, but I need some serious help.
I have Wordpress MU installed in my root directory and Moodle
installed in a subdirectory. These are interfering with each other.
I'm getting Internal Server Errors in the Moodle install. I'm pretty
sure it can be fixed with some .htaccess scripting. There is not a
.htaccess file in the Moodle directory. I copied the .htaccess from
the root directory over to the Moodle directory, but it didn't do
anything. Here's what's in the root directory. Is it possible the
php.ini is causing the errors?
# Use PHP5 as default
AddHandler application/x-httpd-php5s .php
RewriteEngine On
RewriteBase /
#uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteCond %{REQUEST_URI} ^.*/wp-admin$
RewriteRule ^(.+)$ $1/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule . - [L]
Sam Lavoie
I always found myself getting back to this .htaccess tutorial and
guide. Definitly the best and most complete one!
Sushant
This a really informative post. Directory Protection with .htaccess
files was all that i wanted.
Thank You
jay
help!
i can rewrite URLs just fine, but none of the images/css/js works
anymore!
i just get a plain-html view of the new target page
here is the .htaccess:
RewriteEngine On
RewriteBase /
RewriteRule ^somedirectory/page17 /index.php?id=17
Martin Shortpants
Probably not the best place to ask this, but don't where else.
Is there an htaccess comand(s) that would take ever call to any
occurrence of |wp-contentthemes| and make it read from |allthemes|
The idea is to get several wp installs on same server to use common
directories for their themes and plugins.
I have no success with |ln -s symlinks| but htaccess rewrites all
seem fine.
(p.s. my odd email addie is legit)
Jey Jey
Great resource, Thanks for sharing this great knowledge
Bernhard
Henry
Hi,
Great page, but in your /full |.htaccess| directives list/ you have
included the following:
o |Directory|
o |Location|
o |ErrorLog|
I have found that in Apache 2.2 these directives are not allowed.
Ben
This may seem like a very strange request, but i have know idea
where to start in writing my htaccess file.
When i installed my version of WP about 3 months ago, i was unable
to find my htaccess file, and i have looked many time and never
found it. Came to the conclusion that their wasnt one. Did i have to
write one myself?
Could you suggest some sites that give descriptions and code on how
to effectively write a good secure htaccess file.
I will continue to read through ur site which will def. give me some
ideas
Ben
Jun
Thank you very much for a very detailed guide. It's the best I've
found and one that gave me what I've been searching for.
are too large for the backups performed in the data directoy so I am
storing them in a subdirectoy of the html directory
How can I use .htaccess to only allow the videos to be retrieved by
the php scripts that call them. Would limit get work? If I use Limit
get to the ip of the local machine (localhost and/or static) will
the Moodle PHP scripts stioll be able to pull them?
Will a limit get prevent me from accessing the directory via ftp or
sftp or ssh?
html - videodir
- moodle - moodledata - topics - topic1
-topic 2
Thanx
*
misterfry
Thanks for all the info! I do have one question, say I want to use
the directive for protecting wp-config.php which would be this:
# protect wpconfig.php
order allow,deny
deny from all
Would that go before "|# BEGIN WordPress|", after "|# END
WordPress|", or in between them? Would the same apply to other
directives like this:
# secure htaccess file
order allow,deny
deny from all
Any help is greatly appreciated!
Val
I am trying to redirect a URL like the following to the home page:
http://www.site.com/?state=ma
to
http://www.site.com/
Is this possible with htaccess. It is important because google
thinks I have multiple copies of the same page, because right now
both of these pages display the home page, but I need the URL to
redirect to the index so there is no duplicate.
Any help is greatly appreciated.
webeno
Sometimes you just need to do the changes somewhere else than on
.htaccess, like when I tried to setup a subdomain, i read the above
documentation but couldn't find what I was looking for.
Akhilraj
*rewrite the url and hide extension*
RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^([^.]+)$ $1.php [NC,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /(.*).php HTTP/ [NC]
RewriteRule .+ http://site.com/%1 [R=301,QSA]
http://www.choosev.com/elbiler Bredbnd
Wow, this i such great info. thank you so much!
/Jack
cyrus
Hi
Any one has a Htaccess code that tell the server to treat the |.php|
files as |.php5| ( this is what my serve apparently recognise!)
Regards
Ashok
Is it possible to generate Custom ETag header so that the HTTPD
sends the ETag in reply with the value we set.
I tried this:
[Root @ /var/www/html ] cat .htaccess
FileETag None
Header unset ETag
Header set ETag "ABCDEFGhijk1234=="
But it didn't work :(
Someone pls help me how to send this Custom ETag header to the
client request.
http://CAFR1.com/Court/ WB
I am trying to find the right script for use in my .htaccess file to
have my file download directory pages list on the page the
Directories *first *and the files next. Right now they are all mixed
together.
The script in the .htaccess file now is:
Options +Indexes +MultiViews +FollowSymlinks
Kyle
Hi,
I'm trying to understand exactly what is going on with:
RewriteEngine on
RewriteRule
^$
RewriteRule
(.*)
site/webroot/
site/webroot/$1
[L]
[QSA,L]
Gilang
Hi, I am curious if there is clue using
a website that the same content by what
pasting? Let say similar like rejecting
htaccess with hotlink. does anyone know
gwmbox
Excellent resource.
For caching is it best to only use one of the caching options or
both? as in do I add caching like
### HEADER CACHING
Header set Cache-Control "max-age=2592000"
Header unset Last-Modified
Header set Cache-Control "max-age=604800"
SetOutputFilter DEFLATE
Header set Expires "Thu, 15 Apr 2011 20:00:00 GMT"
Header set Cache-Control "max-age=600, must-revalidate"
Header unset Cache-Control
as well as
ExpiresActive
ExpiresByType
ExpiresByType
ExpiresByType
ExpiresByType
ExpiresByType
ExpiresByType
ExpiresActive
On
image/gif "access plus 1 year"
image/jpeg "access plus 1 year"
image/png "access plus 1 year"
text/css "access plus 1 year"
text/javascript "access plus 1 year"
application/x-javascript "access plus 1 year"
Off
http://www.q-ballahmar.com/vb aowd25
That's perfect summary, very valuable for my next job of doing SEO
friendly urls through htaccess. Thank you
welson elias
Pessoal, a muito tempo eu venho tentando descobrir como encontrar
algum plugin ou algum script que eu escondo os diterrio wp-admin e
wp-content quando um usurio exibe o cdigo de fonte, ou seja, ele
j vai saber que o site feito no wordpress, ento pedindo ajuda
aqui eu gostaria de saber como fazer isso, quer um exemplo acesse
esse site: http://concursosnobrasil.com.br/
tente exibir o cdigo de fonte, como vcs podem perceber no mostra
os caminhos dos diretrios wp-admin e wp-content, se algum puder me
ajudar eu ficar grato por isso, obrigado!!!!
http://www.1stcustomsoftware.com Mark
Can I start out by saying your site is AWESOME!
Got a question? You mentioned "If even 1/10 of the sites on a
server-farm took advantage of what they are paying for, the
providers would go out of business." - can you elaborate on what
type of settings need to be changed to take enable more resources on
shared hosting?
Would same thing apply to VPS accounts too?
Thank you!!
Prasanna
Can we use something like this to disable http auth for a sub-directory?
Satisfy Any
AllowOverride All
samdix
I have a problem with my site, recently I moved to vps server, from
hostgator, I have many 404 errors in Google Webmaster Tools, about
13,000 of them. the 404's are because they were created by WP with :
|category| or |/page #|, or tags. not the post name which is my
permalink structure. The site has lots of content, (news site). The
other problem is: 302 redirects found in my AWstats: maybe this was
because of the move. But I wish to get the 404's fixed, any idea of
which ht access to use? Do you provide service for this? if I cannot
do it? thanks very much, need some help.
http://hn.k12.oh.us ajcke
I have the same problem as samdix. Any solutions?
"404's are because pages were created by WP with : category or /page
#, or tags. not the post name which is my permalink structure"
Sam
Bump, again is there a solution for this problem I posted? Also does
the built in short link in the post admin area have any value, or
can we disable it somehow, I want my posts only to show the postname
...? Help, anyone? thanks. Sam.
*
Sop
This is incredible, you have answered everything I needed to know!!
Extremely grateful
wel
Hi Sir,
Really appreciated this your post. A true manifestation of a what a
computer scientist is. Hard work.
Cheers.
http://none mleenen
I have a .htaccess with the following 3 lines:
Deny from all
ErrorDocument 404 "404 means not found."
ErrorDocument 403 "403 means forbidden."
This should block all access to any page. Right?
When I use: http://localhost/index.php, my own 403 is returned.
However, when I use http://localhost/index.php the 'standard' error
document is returned.
How can I make sure that in all cases, my own customized 403 is
returned?
http://www.klobirne.com/ klobirne
I'm extremely impressed with your writing skills as well as with the
layout on your weblog. Is this a paid theme or did you customize it
yourself? Either way keep up the excellent quality writing, it's
rare to see a nice blog like this one today.
https://www.tagmydoc.com/dl/64g8w/9nY Bridgette
Nice blog here! Also your site loads up fast! What web host are you
using?
Can I get your affiliate link to your host? I wish my site loaded up
as quickly as yours lol
Noah
This is a fantastic resource. Thank you for all of the work you've
http://URL Sholac
Hello I just find this website very useful! Thanks!
After I had problems with attacks htaccess resolve my problems. I
still got attacks but they are blocked.
I put some things to my htaccess file of my wordpress website.
Can you look over it and tell me is it good, so I can add it to all
my websites.
Here is code from htaccess
# directory browsing
Options All -Indexes
# QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} ../ [NC,OR]
RewriteCond %{QUERY_STRING} boot.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag= [NC,OR]
RewriteCond %{QUERY_STRING} ftp: [NC,OR]
RewriteCond %{QUERY_STRING} http: [NC,OR]
RewriteCond %{QUERY_STRING} https: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*([|]|(|)|| | |;|?|*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).*
[NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).*
[NC]
RewriteRule ^(.*)$ [F,L]
Cam
I was recommended this web site by a friend.
I am not sure whether this post is written by him as no one else know
such detailed about my difficulty. You are amazing!
Thanks!
Antonio Mineiro
Superb! Thanks
Casey Dwayne
Awesome article. Thanks for the great resource.
Casey Dwayne
Awesome article. Thanks for the great resource.
Kitty Halper
I'd like to have .htaccess look in a couple places for an image
before throwing an "image missing" image if it can't find it in
either place. Specifically...
if a request comes in for /images/**/*.png look there first
if that doesn't exist, look for /images/**/old/*.png
if neither exists, use /images/**/missing.png
I found the following code, but don t understand enough about it to
be able to rewrite it to suit the above needs.
# If requested resource exists as a file or directory, skip
next two rules
RewriteCond %{DOCUMENT_ROOT}/$1 -f [OR]
RewriteCond %{DOCUMENT_ROOT}/$1 -d
John
Great site! i have a question. I have a site with multiple, dated
.pdf files, with the filedate in the title of the URL, but googlebot
is having trouble assigning the correct date to some of those files.
I would like the date to be correct as I have Google site search in
place and would like the PDF files sorted properly when querying by
date. I thought one way of informing googlebot about the file las
modified date would be to serve this via httpd. Then googlebot would
better know the proper file creation date. Is there a way to do this
with .htaccess? Thanks. John
o
http://www.askapache.com/ AskApache
Hmm. As is the case almost always, yeah you can do this with
Htaccess, but this is a bit tricky. I would use a RewriteRule on
.pdf files and use a RewriteCond on it with sub patterns in the
reflex to capture the date from the file name and then set an
environment variable in the flags of that RewriteRule to contain
the validly formatted date. Then I would use a Header directive
below the rewrite to send the Last-Modified header with the
value being the environment variable.
But honestly if it were me I would use the Linux touch command
hasdeep
Hi, can you help me. I have a webpage by the name of |page.php?id=7|
and multiple dynamic links. I have written the following code in
htaccess file:
RewriteCond
RewriteCond
RewriteRule
RewriteRule
%{THE_REQUEST} ?
%{QUERY_STRING} id=([0-9]+)
^$ /page.php%1? [R=301,L]
^([0-9]+)$ page.php?id=$1 [L]
http://www.askapache.com/ AskApache
Paid themes suck.
Wolf
Hi, can you help me. I have a webpage with this link, example
|https://site.com/news?start=5|, i want to redirect this page if
user add characters or something to the original url, example
Original URL: |https://site.com/news?start=5|
Modified: |https://site.com/news?start=5??%22/%3E%3Ca%20href=%|
i want to redirect to the original webpage if they put that
character to the final line of the original url, all character after
start=(0-9) how can i do that with htaccess?
o
http://www.askapache.com/ AskApache
See above article.
Norm D Stokes
This is by far one of the best pages I have seen, very educational
but I am still suffering from a weird problem that maybe someone can
help me with. I have a very basic website and use very simple php
include statements on my website to do my menu and footer. Very
simple works very well, but, I am now seeing google reporting
strange things like duplicate pages with duplicate meta descriptions
such as:
/x/p/A-F-M.html/A-1-2.html
/x/p/A-F-M.html/B-1-2.html
/x/p/A-F-M.html/C-1-2.html
/x/p/A-F-M.html/D-1-2.htm
/x/p/A-F-M.html/E-1-2.html
/x/p/A-F-M.html/F-1.html
/x/p/A-F-M.html/G-1.html
By looking at this you can see that these are NOT "valid" URL's they
are two URL's in one. I can go to any page ending in .htm or .html
and add "/test" press my return and I will stay on the say page get
a 200 ok response and see the"/test" added to to the URL. What I
would expect is a 404 Error page to come up as it is a non valid page.
In testing I discovered that is I remove
|AddHandler application/x-httpd-php5 .php .html .htm .shtml|
from my .htacess I do get the correct 404 error BUT I lose all menus
and footers. I am not a php kind of guy and this is a simple site,
can anyone tell me what needs to be changed to fix this.
Again this is a great page, thanks for the hard work
o
http://www.askapache.com/ AskApache
Just do a simple redirect match like dis:
RedirectMatch 301 ^([^.]+.html?).+$ $1
http://seo.qalebfa.ir/
Goooooooooooooood Post
every thing about htaccess
thanks
http://www.askapache.com/ AskApache
Thanks for saying so!
http://www.askapache.com/ AskApache
Of course! Per my copyright anything on this site can be
republished, modified, sold, anything goes as long as you include a
link back to the original.
http://www.themesrefinery.com/ Themesrefinery
Really such a nice info.Thanks for this.
David Cunningham
Newbie: I am using web host's password protection (creates htaccess
for web folder/new directory on web server). Our company creates
inspection reports for the big oil companies storage tanks. We want
to allow each company to access their reports online. I can password
protect the directory for each company but I notice that if they
close web page or the web browser or hit back button to the initial
page in their directory it keeps the credentials. How do I force
them to always have to use their credentials when they access their
directory?
http://princetonweb.org//Neighbors/pmwiki.php?n=UnitedStates.UnitedStates?se
tskin=?setcolor=US
jagtig
I suspect that the htaccess script stopping hotlinking
my server's Apache module. They slow my site down, and
feature on one occasion. Who polices the Apache module
server-side? The hot-linking script would be the chief
targeted like that, for reasons that you may see.
*
are hacked in
have broken a
once it's
htaccess code
http://www.google.com DevilWearsPrada
hey all ,
wonder if someone can help with some urgent matter :(
Need to do this
IP matches X on SITE A gets redirected to SITE B
IP matches Y on SITE B gets redirected to SITE A
is it possible ?
i thought i had it but then it tells me the site has a redirect loop
thanx guys
*
Guest
Wow, what a definitive guide! I wonder if anyone could advice me on
a code to use for a site.
If people use https they will be forwarded to the log-in page of a
members-only Joomla site in a sub-directory of the same domain.
Everone else (unsecrured) gets sent to another URL on another domain.
Karl Andersson
Wow, what a definitive guide! I wonder if anyone could advice me on
a code to use for a non-profit site.
If people use https they will be forwarded to the log-in page of a
members-only Joomla site in a sub-directory of the same domain.
Everyone else (unsecured) gets sent to another URL on another domain.
jorge soares
Hi !
My .htaccess is working
Only one but...
I Prevent hotlinking of
local develops the site
There is some .htaccess
like a charm.
images, and I can't see those images when I
with my PhpDesigner.
directive in order to achieve this goal?
thanx guys
*
waveleh
Please ignore this query, I will found appropriate page of AA WP
plugin. Sorry for wrong posting.
--Very brilliant plugin!
I have two problems though:
1. Captcha stopped working
2. Mobile version of the theme is not working
Thanks
-----------------------------------------------------------------------Related Articles
-- Richard M. Stallman
<http://www.gnu.org/philosophy/linux-gnu-freedom.html>
----------------------------------------------------------------------------------------------------------------------------------------------Twitter
<http://twitter.com/askapache>
-----------------------------------------------------------------------* @askapache Nov 14
<https://twitter.com/askapache/status/533296675264409600>
t.co/A9j4tjBS89 <https://t.co/A9j4tjBS89>
* @askapache Nov 9
<https://twitter.com/askapache/status/531269409751318528>I asked a
bad coder, are u ignorant, or are u apathetic? He said, I don't
know, and I don't care.
* @askapache Nov 8
<https://twitter.com/askapache/status/530936583050895362>A hacker
only laughs at generous bribes. There is no exit.
* @askapache Nov 8
<https://twitter.com/askapache/status/530922550390300672>Pain and
Growth go hand-in-hand. Or take the easy way, use the shortcut, the
choice is yours.
* @askapache Nov 8
<https://twitter.com/askapache/status/530910480219774976>Endure the
pain, dig deep. Take the lead in front of everyone.
* @askapache Nov 2
<https://twitter.com/askapache/status/528932719787401216>So stoked
for the Movie Blackhat
* <http://pbs.twimg.com/media/B1Y9q_8CcAEpDoZ.jpg>Grand Central
Payfone, New York City t.co/oREBPBr9DJ <http://t.co/oREBPBr9DJ>
* <http://pbs.twimg.com/media/B1T55AsIcAEWwID.jpg>Grand Central. Where
Payphones are Fones. t.co/eMZrorOpVh <http://t.co/eMZrorOpVh>
* <http://pbs.twimg.com/media/B0gCGdjCIAEdASU.jpg>broke the rec for
fastest imports of WP xml export files. 2k imports/min, and not even
parallel. Also me tmux :) t.co/nlPe3UX8OL <http://t.co/nlPe3UX8OL>
* <http://pbs.twimg.com/media/BztttXpCcAAHekQ.jpg>Crypto, by Steven
Levy. An almost prescient read. t.co/stq9h8li7K
<http://t.co/stq9h8li7K>
* <http://pbs.twimg.com/media/Bzn3azGCEAAfbK4.jpg>How Google Works
t.co/tCvZDnRYki <http://t.co/tCvZDnRYki>
* <http://pbs.twimg.com/media/BywouShCQAACuvS.jpg>New wireless gear:
Nighthawk dd-wrt router, bluetooth & high-gain wifi USB adapters.
Adapters from @PwnieExpress t.co/yIfn0WfYxI <http://t.co/yIfn0WfYxI>
* <http://pbs.twimg.com/media/ByelwRvCQAI1bAa.jpg>Got me a pwn plug
from defcon t.co/Zo4XXcCFdj <http://t.co/Zo4XXcCFdj>
* <http://pbs.twimg.com/media/BxboWzaCIAAHsvZ.jpg>The Computers Boys
Take Over - t.co/fvQZiBgWSU <http://t.co/fvQZiBgWSU>
t.co/tr0yxBisW8 <http://t.co/tr0yxBisW8>
* <http://pbs.twimg.com/media/BxXZ6Q1CQAAL3e8.jpg>'10 Multiplex
t.co/Ons3wRPavj <http://t.co/Ons3wRPavj> t.co/d7lc0T93HS
<http://t.co/d7lc0T93HS>
* <http://pbs.twimg.com/media/BwxnFnFCUAAUDzl.jpg>Elite Log File
Scrolling with Color Syntax t.co/5EDSwAkGdC
<https://t.co/5EDSwAkGdC>
t.co/6YiMMUqQxC <http://t.co/6YiMMUqQxC>
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<http://www.fsf.org/register_form?referrer=7511>
-----------------------------------------------------------------------* AskApache <http://www.askapache.com/>
o Contact <http://www.askapache.com/about/contact/>
o About <http://www.askapache.com/about/>
o Site Map <http://www.askapache.com/about/site-map/>
o Htaccess Search <http://www.askapache.com/cse/>
o WireShark <http://wireshark.askapache.com/>
o GNU <http://gnu.askapache.com/>
o Non-GNU <http://nongnu.askapache.com/>
o Tor Project <http://tor.askapache.com/>
o TLDP - Documentation <http://tldp.askapache.com/>
o PUBLIC <http://www.askapache.com/pub/>
* Site Map <http://www.askapache.com/about/site-map/>
o CSS <http://www.askapache.com/category/css/>
o Google <http://www.askapache.com/category/google/>
o Hacking <http://www.askapache.com/category/hacking/>
o Htaccess <http://www.askapache.com/category/htaccess/>
o Javascript <http://www.askapache.com/category/javascript/>
o Linux <http://www.askapache.com/category/linux/>
o Optimization <http://www.askapache.com/category/optimize/>
o PHP <http://www.askapache.com/category/php/>
o Security <http://www.askapache.com/category/security/>
o SEO <http://www.askapache.com/category/seo/>
o Shell Scripting <http://www.askapache.com/category/shellscript/>
o WordPress <http://www.askapache.com/category/wordpress/>
* Online Tools <http://www.askapache.com/online-tools/>
o Raw HTTP Header Debugger
<http://www.askapache.com/online-tools/http-headers-tool/>
o Graphical ASCII Text Generator
<http://www.askapache.com/online-tools/figlet-ascii/>
o .htpasswd file Generator
<http://www.askapache.com/online-tools/htpasswd-generator/>
o Who Am I
Your IP Information
<http://www.askapache.com/online-tools/whoami/>
o Base64 Image Converter
<http://www.askapache.com/online-tools/base64-image-converter/>
o JavaScript Source Code Beautifier
<http://www.askapache.com/online-tools/javascript-beauty/>
o Compress CSS <http://www.askapache.com/online-tools/compress-css/>
o Mac Address Vendor Lookup
<http://www.askapache.com/online-tools/mac-lookup/>
o DNS Tracer <http://www.askapache.com/online-tools/dns-trace/>
o Request Method Security Scanner
<http://www.askapache.com/online-tools/request-method-scanner/>
o P3P Privacy File Generator
<http://www.askapache.com/online-tools/p3p-privacy-generator/>
o Flash crossdomain.xml Generator
<http://www.askapache.com/online-tools/flash-crossdomain-xml/>
Search
7ads6x98y
[hide]
It's very simple - you read the protocol and write the code. -Bill Joy
RSS
<http://feedvalidator.org/check.cgi?url=http://www.askapache.com/feed/>
| XHTML 1.1
<http://validator.w3.org/check/referer?ss=1;outline=1;sp=1;debug> | CSS
2.1 <http://jigsaw.w3.org/css-validator/check/referer?warning=0>
Except where otherwise noted, content on this site is licensed under a
Creative Commons Attribution 3.0 License
<http://creativecommons.org/licenses/by/3.0/>, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation
(ASF). All software and documentation produced by The ASF is licensed.
"Apache" is a trademark of The ASF. NCSA HTTPd
<http://hoohoo.ncsa.illinois.edu/>.
UNIX is a registered Trademark of The Open Group
<http://www.opengroup.org/>. POSIX is a registered Trademark of The
IEEE <http://standards.ieee.org/>.
+Askapache <https://plus.google.com/+Askapache> | askapache
<http://profiles.wordpress.org/askapache>
Site Map <http://www.askapache.com/about/site-map/> | Contact Webmaster
<http://www.askapache.com/about/contact/> | License and Disclaimer
<http://www.askapache.com/about/disclaimer-and-license/> | Terms of
Service <http://www.askapache.com/about/statements/>
TOP
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#logo>Main
<file:///tmp/maftemp-8ee24daf/1417061869000_504/index.html#ContentW><http://www.
quantcast.com/p-5e44cjdXWaqOA><http://www.alexa.com/data/details/main/www.askapa
che.com>