Heres the actual code that I use when I'm developing sites for clients
This lets google crawl the page, lets me access the whole site (24.205.23.222) without a password, and lets my client access the page WITH a password. It also allows for XHTML and CSS validation! (w3.org)
# ELITE HTACCESS FOR WEBDEVELOPERS
##############################################
AuthName "SiteName Administration"
AuthUserFile /home/sitename.com/.htpasswd
AuthType basic
Require valid-user
Order deny,allow
Deny from all
Allow from 24.205.23.222
Allow from w3.org htmlhelp.com
Allow from googlebot.com
Satisfy AnyEach code snippet has been copied from htaccesselite. Additional and detailed info on each htaccess code snippet can be found at askapache.com
NOTE: Most of these snippets can be used with a Files or Filesmatch directive to only apply to certain files.
NOTE: Any htaccess rewrite examples should always begin with:
Options +FollowSymLinks
RewriteEngine On
RewriteBase /Apache Documentation: 1.3 | 2.0 | 2.2 | Current
Make any file be a certain filetype (regardless of name or extension)
#Makes image.gif, blah.html, index.cgi all act as php
ForceType application/x-httpd-phpRedirect non-https requests to https server fixing double-login problem and ensuring that htpasswd authorization can only be entered using HTTPS
Additional https/ssl information and Apache SSL in htaccess examples
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.comSEO Friendly redirects for bad/old links and moved links
For single moved file
Redirect 301 /d/file.html http://www.htaccesselite.com/r/file.htmlFor multiple files like a blog/this.php?gh
RedirectMatch 301 /blog(.*) http://www.askapache.com/$1different domain name
Redirect 301 / http://www.newdomain.comRequire the www
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/robots\.txt$
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L] Require the www without hardcoding
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/robots\.txt$ [NC]
RewriteCond %{HTTP_HOST} !^www\.[a-z-]+\.[a-z]{2,6} [NC]
RewriteCond %{HTTP_HOST} ([a-z-]+\.[a-z]{2,6})$ [NC]
RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]Require no subdomain
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/robots\.txt$
RewriteCond %{HTTP_HOST} \.([a-z-]+\.[a-z]{2,6})$ [NC]
RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]Require no subdomain
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} \.([^\.]+\.[^\.0-9]+)$
RewriteCond %{REQUEST_URI} !^/robots\.txt$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]Redirect everyone to different site except 1 IP address (useful for web-development)
ErrorDocument 403 http://www.someothersite.com
Order deny,allow
Deny from all
Allow from 24.33.65.6CHMOD your files
chmod .htpasswd files 640 chmod .htaccess files 644 chmod php files 600 chmod files that you really dont want people to see as 400 NEVER chmod 777, if something requires write access use 766
Variable (mod_env) Magic
Set the Timezone of the server:
SetEnv TZ America/Indianapolis Set the Server Administrator Email:
SetEnv SERVER_ADMIN webmaste@htaccesselite.comTurn off the ServerSignature
ServerSignature OffAdd a "en-US" language tag and "text/html; UTF-8" headers without meta tags
Article: Setting Charset in htaccess
Article: Using FilesMatch and Files in htaccess
AddDefaultCharset UTF-8
# Or AddType 'text/html; charset=UTF-8' html
DefaultLanguage en-USUsing the Files Directive
<Files ~ "\.(htm|html|css|js|php)$">
AddDefaultCharset UTF-8
DefaultLanguage en-US
</Files>Using the FilesMatch Directive (preferred)
<FilesMatch "\.(htm|html|css|js|php)$">
AddDefaultCharset UTF-8
DefaultLanguage en-US
</FilesMatch>Use a custom php.ini with mod_php or php as a cgi
Article: Custom PHP.ini tips and tricks
When php run as Apache Module (mod_php) in root .htaccess SetEnv PHPRC /location/todir/containing/phpinifile When php run as CGI Place your php.ini file in the dir of your cgi’d php, in this case /cgi-bin/ htaccess might look something like this AddHandler php-cgi .php .htm Action php-cgi /cgi-bin/php5.cgi When cgi’d php is run with wrapper (for FastCGI) You will have a shell wrapper script something like this: #!/bin/sh export PHP_FCGI_CHILDREN=3 exec /user3/x.com/htdocs/cgi-bin/php5.cgi Change To #!/bin/sh export PHP_FCGI_CHILDREN=3 exec /x.com/cgi-bin/php.cgi -c /abs/path/to/php.ini
Securing directories: Remove the ability to execute scripts
Heres a couple different ways I do it
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGIThis is cool, you are basically categorizing all those files that end in those extensions so that they fall under the jurisdiction of the -ExecCGI command, which also means -FollowSymLinks (and the opposite is also true, +ExecCGI also turns on +FollowSymLinks)
Only allow GET and PUT request methods to your server.
Options -ExecCGI -Indexes -All +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} !^(GET|PUT)
RewriteRule .* - [F]Processing All gif files to be processed through a cgi script
Action image/gif /cgi-bin/filter.cgiProcess request/file depending on the request method
Script PUT /cgi-bin/upload.cgiForce Files to download, not be displayed in browser
AddType application/octet-stream .avi
AddType application/octet-stream .mpgThen in your HTML you could just link directly to the file..
<a href="http://www.askapache.com/movies/mov1.avi">Download Movie1</a>And then you will get a pop-up box asking whether you want to save the file or open it.
Show the source code of dynamic files
If you'd rather have .pl, .py, or .cgi files displayed in the browser as source rather than be executed as scripts, simply create a .htaccess file in the relevant directory with the following:
RemoveHandler cgi-script .pl .py .cgiDramatically Speed up your site by implementing Caching!
Article: Speed Up Sites with htaccess Caching
# MONTH
<FilesMatch "\.(flv|gif|jpg|jpeg|png|ico|swf)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>
# WEEK
<FilesMatch "\.(js|css|pdf|txt)$">
Header set Cache-Control "max-age=604800"
</FilesMatch>
# DAY
<FilesMatch "\.(html|htm)$">
Header set Cache-Control "max-age=43200"
</FilesMatch>Prevent Files image/file hotlinking and bandwidth stealing
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?askapache.com/.*$ [NC]
RewriteRule \.(gif|jpg|swf|flv|png)$ http://www.askapache.com/feed.gif [R=302,L]ErrorDocuments
Article: Additional ErrorDocument Info and Examples
ErrorDocument 404 /favicon.ico
ErrorDocument 403 https://secure.htaccesselite.com
ErrorDocument 404 /cgi-bin/error.php
ErrorDocument 400 /cgi-bin/error.php
ErrorDocument 401 /cgi-bin/error.php
ErrorDocument 403 /cgi-bin/error.php
ErrorDocument 405 /cgi-bin/error.php
ErrorDocument 406 /cgi-bin/error.php
ErrorDocument 409 /cgi-bin/error.php
ErrorDocument 413 /cgi-bin/error.php
ErrorDocument 414 /cgi-bin/error.php
ErrorDocument 500 /cgi-bin/error.php
ErrorDocument 501 /cgi-bin/error.phpNote: You can also do an external link, but don't do an external link to your site or you will cause a loop that will hurt your SEO.
Authentication Magic
Require password for 1 file:
<Files login.php>
AuthName "Prompt"
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Require valid-user
</Files>Protect multiple files:
<FilesMatch "^(exec|env|doit|phpinfo|w)\.*$">
AuthName "Development"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
</FilesMatch>Example uses of the Allow Directive:
# A (partial) domain-name
Allow from 10.1.0.0/255.255.0.0
# Full IP address
Allow from 10.1.2.3
# More than 1 full IP address
Allow from 192.168.1.104 192.168.1.205
# Partial IP addresses
# first 1 to 3 bytes of IP, for subnet restriction.
Allow from 10.1
Allow from 10 172.20 192.168.2
# network/netmask pair
Allow from 10.1.0.0/255.255.0.0
# network/nnn CIDR specification
Allow from 10.1.0.0/16
# IPv6 addresses and subnets
Allow from 2001:db8::a00:20ff:fea7:ccea
Allow from 2001:db8::a00:20ff:fea7:ccea/10Using visitor dependent environment variables:
Article: Additional SetEnvIf examples
SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
Order Deny,Allow
Deny from all
Allow from env=let_me_inAllow from apache.org but deny from foo.apache.org
Order Allow,Deny
Allow from apache.org
Deny from foo.apache.orgAllow from IP address with no password prompt, and also allow from non-Ip address with password prompt:
AuthUserFile /home/www/site1-passwd
AuthType Basic
AuthName MySite
Require valid-user
Allow from 172.17.10
Satisfy Anyblock access to files during certain hours of the day
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
# If the hour is 16 (4 PM) Then deny all access
RewriteCond %{TIME_HOUR} ^16$
RewriteRule ^.*$ - [F,L]A good default example .htaccess file
I use this when I start a new site, and uncomment or delete parts of the file depending on the sites needs
# DEFAULT SETTINGS
##############################################
Options +ExecCGI -Indexes
DirectoryIndex index.php index.html index.htm
### DEFAULTS ###
ServerSignature Off
AddType video/x-flv .flv
AddType application/x-shockwave-flash .swf
AddType image/x-icon .ico
AddDefaultCharset UTF-8
DefaultLanguage en-US
SetEnv TZ America/Indianapolis
SetEnv SERVER_ADMIN webmaster@askapache.com
### FAST-CGI ###
AddHandler fastcgi-script fcgi
AddHandler php-cgi .php
Action php-cgi /cgi-bin/php5-wrapper.fcgi
# HEADERS and CACHING
##############################################
#### CACHING ####
# YEAR
<FilesMatch "\.(flv|gif|jpg|jpeg|png|ico)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>
# WEEK
<FilesMatch "\.(js|css|pdf|swf)$">
Header set Cache-Control "max-age=604800"
</FilesMatch>
# 10 minutes
<FilesMatch "\.(html|htm|txt)$">
Header set Cache-Control "max-age=600"
</FilesMatch>
# DONT CACHE
<FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
Header unset Cache-Control
</FilesMatch>
# REWRITES AND REDIRECTS
##############################################
### SEO REDIRECTS ###
Redirect 301 /2006/uncategorized/htaccesselitecom-aboutus.html http://www.^^SITE^^.^^TLD^^
### REWRITES ###
RewriteEngine On
RewriteBase /
### WORDPRESS ###
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# AUTHENTICATION
##############################################
AuthName "askapache.com"
Require valid-user
AuthUserFile /askapache/.htpasswd
AuthType basic