Some useful htaccess rules

htaccess is basically a directory level configuration file for Apache based web servers. It allows you to set different decentralized configuration directives per directory and all sub-directory wide. You can say it an access control configuration file. htaccess works differently in CGI, fCGI, and Apache Module modes.

Below are some useful htaccess rules that we need frequesntly.

Prevent directory listing:
<IfModule mod_autoindex.c>
Options -Indexes

Specify directory indexes:
DirectoryIndex index.php index.html

Re-write base path:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /live/

Follow / Un-Follow Symbolic Link:
Options +FollowSymLinks
Options -FollowSymLinks

non-www to www:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.domain\.com
RewriteRule (.*)$1 [R=301,L]

www to non-www:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.domain\.com
RewriteRule (.*)$1 [R=301,L]

Force HTTPS (SSL):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Force HTTPS (SSL) specific domain:
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$$1 [R=301,L]

Force HTTPS (SSL) specific directory:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} directory
RewriteRule ^(.*)$$1 [R=301,L]

Force HTTP (Non-SSL):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

URL redirect 301/302 (one:one or pattern match):
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^old-page-url.html [L,R=301]
RewriteRule ^page-url.html [L,R=302]
RewriteRule ^directory/(.*)$1 [L,R=301]
RedirectMatch 301 ^/old-directory/ [L,R=301]
RedirectMatch 301 ^(.*)$ [L,R=301]

Protect specific/system files:
Protect file & DB backup fils, config & ini files, or log files
<FilesMatch "(\.(bak|sql|config|ini|inc|log)|~)$">
Order allow,deny
Deny from all
Satisfy All

Block access to htaccess file
<files .htaccess>
Order allow,deny
Deny from all
Satisfy All

Protect static resource hot-linking:
You can generate hotlink prevention htaccess rule from here for your site.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

Header Robot Tag for Bot Access Management:
Robot directives for Document, Text, and PDF files
<FilesMatch ".(doc|docx|odt|txt|pdf)$">
<IfModule mod_headers.c>
Header append X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"

Robot directive for robots.txt file itself
<FilesMatch "robots.txt">
<IfModule mod_headers.c>
Header append X-Robots-Tag "noindex"

Robot directive for sitemap XML file
<FilesMatch "sitemap.xml">
<IfModule mod_headers.c>
Header append X-Robots-Tag "noindex"

Leverage Caching of Static Files:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css A3600
ExpiresByType text/javascript A3600
ExpiresByType text/x-component A3600
ExpiresByType text/x-js A3600
ExpiresByType application/x-javascript A3600
ExpiresByType application/javascript A3600
ExpiresByType text/html A3600
ExpiresByType text/richtext A3600
ExpiresByType text/plain A3600
ExpiresByType text/xsd A3600
ExpiresByType text/xsl A3600
ExpiresByType text/xml A3600
ExpiresByType image/x-icon A604800
ExpiresByType image/jpeg A604800
ExpiresByType image/gif A604800
ExpiresByType image/bmp A604800
ExpiresByType image/png A604800
ExpiresByType image/svg+xml A604800
ExpiresByType audio/mpeg A604800
ExpiresByType audio/wav A604800
ExpiresByType audio/wma A604800
ExpiresByType audio/ogg A604800
ExpiresByType audio/midi A604800
ExpiresByType audio/x-realaudio A604800
ExpiresByType video/mp4 A604800
ExpiresByType video/avi A604800
ExpiresByType video/mpeg A604800
ExpiresByType video/asf A604800
ExpiresByType video/divx A604800
ExpiresByType video/quicktime A604800
#MS Office/Open Office
ExpiresByType application/msword A604800
ExpiresByType application/ A604800
ExpiresByType application/ A604800
ExpiresByType application/ A604800
ExpiresByType application/ A604800
ExpiresByType application/ A604800
ExpiresByType application/vnd.oasis.opendocument.database A604800
ExpiresByType application/vnd.oasis.opendocument.chart A604800
ExpiresByType application/vnd.oasis.opendocument.formula A604800
ExpiresByType application/ A604800
ExpiresByType application/vnd.oasis.opendocument.presentation A604800
ExpiresByType application/vnd.oasis.opendocument.spreadsheet A604800
ExpiresByType application/vnd.oasis.opendocument.text A604800
ExpiresByType application/font-woff A604800
ExpiresByType application/x-font-ttf A604800
ExpiresByType application/ A604800
ExpiresByType application/ A604800
ExpiresByType application/x-font-otf A604800
ExpiresByType application/ A604800
#Compressed Files
ExpiresByType application/zip A604800
ExpiresByType application/x-gzip A604800
ExpiresByType application/x-tar A604800
#JSON/PDF etc.
ExpiresByType application/json A604800
ExpiresByType application/pdf A604800
ExpiresByType application/x-shockwave-flash A604800
ExpiresByType application/java A604800
ExpiresByType application/x-msdownload A604800

Add MIME Types:
<IfModule mod_mime.c>
AddType text/css .css
AddType application/x-javascript .js
AddType text/html .html .htm
AddType text/richtext .rtf .rtx
AddType image/svg+xml .svg .svgz
AddType text/plain .txt
AddType text/xsd .xsd
AddType text/xsl .xsl
AddType text/xml .xml
AddType video/avi .avi
AddType image/bmp .bmp
AddType application/msword .doc .docx
AddType image/gif .gif
AddType application/x-gzip .gz .gzip
AddType image/x-icon .ico
AddType image/jpeg .jpg .jpeg .jpe
AddType application/json .json
AddType application/ .mdb
AddType audio/midi .mid .midi
AddType video/quicktime .mov .qt
AddType audio/mpeg .mp3 .m4a
AddType video/mp4 .mp4 .m4v
AddType video/mpeg .mpeg .mpg .mpe
AddType application/vnd.oasis.opendocument.database .odb
AddType application/vnd.oasis.opendocument.presentation .odp
AddType application/vnd.oasis.opendocument.spreadsheet .ods
AddType application/vnd.oasis.opendocument.text .odt
AddType audio/ogg .ogg
AddType application/pdf .pdf
AddType image/png .png
AddType application/ .pot .pps .ppt .pptx
AddType application/x-shockwave-flash .swf
AddType image/tiff .tif .tiff
AddType application/x-font-ttf .ttf .ttc
AddType audio/wav .wav
AddType audio/wma .wma
AddType application/font-woff .woff
AddType application/ .xla .xls .xlsx .xlt .xlw
AddType application/zip .zip

File Entity Tag:
FileETag None
<IfModule mod_headers.c>
Header unset ETag

Default Charset + Language / MIME Specific Charset + Language:
AddDefaultCharset utf-8
AddLanguage en-US
<IfModule mod_mime.c>
AddCharset utf-8 .php .html .xml .css .js .json
AddLanguage en-US .html .htm .css .js

Allow Access Origin:
<FilesMatch "\.(ttf|otf|eot|woff)$">
<IfModule mod_headers.c>
Header append Access-Control-Allow-Origin ""

GZip Compression / Deflate Module:
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

But sometimes, based on the web server type, the above code may not work properly. Try using DEFLATE module instead.

<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

Basic HTTP Authentication:
Doesn’t work properly when in fCGI mode
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /absolute/directory/path/to/.htpasswd
Require valid-user

You can create a .htpasswd file from here. The file will look like below with user name as “username” and password as “password”.

Ban By IP Address:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{Remote_Addr} ^111\.222\.121\.212$
RewriteRule ^(.*) http://localhost/ [R,L]


Order Deny,Allow
Deny from

Block Bad Bots:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]

Error Documents:
ErrorDocument 404 page-not-found.html
ErrorDocument 410 page-gone.html
ErrorDocument 403 page-forbidden.html
ErrorDocument 500 server-error.html
ErrorDocument 401 unauthorized-access.html

I will try to continue adding more rules here whenever possible 🙂

By Supratim Roy

I'm a technology enthusiast with over fifteen years of hands-on work experience in the IT industry. My specialization in web development technology, allows me to quickly adopt innovative approaches and leading-edge technology solutions. After passing the HS, I joined B.Com. under the CU. From the second year, I started studying computer courses. After graduating in Computer Applications (BCA) from Indira Gandhi National Open University (IGNOU), I started my career as a Jr. Software Dev. in 2005. After four years, in 2009, I got the opportunity to pursue a master's degree. In 2011, I completed MCA from Sikkim Manipal University (SMU). I carried out the journey of my carrier as Jr. Software Dev., Sr. Software Dev., TL, and PM. Now I'm working as the VP of Technology & Product at CodeClouds. I use my technical knowledge, skill, expertise, and previous experience to analyze the requirements of the clients and understand their business philosophy. I try to deliver quality solutions and products in a timely manner with a high percentage of accuracy. I also prepare and manage project specifications, scope documentation, workflow, data diagram, and development documentation. I lead a team of around 50 highly talented members in a well-formed and structured way. I love listening to music and watching the action, adventure, thriller, horror movies, and Discovery, Animal Planet, and Nat Geo TV channels. Photography is also one of my hobbies, however, I'm really an amateur! I like to read technical articles, journals, and documentaries about Indian Himalayas and wildlife. I'm passionate about adventure sports. I encourage peoples to love adventure sports. I've traveled to many places and trekked in several parts of the Himalayas in India and Nepal. I'm a member of "MTG - Miles To Go" - a nature lover's association in Kolkata. I've done the Rock Climbing course from Parvat Abhiyatri Sangha affiliated with Anandabazar Patrika. I also participate in several community initiatives taken by an NGO.

1 comment

  1. Wow! These are amazing stuff! We generally search for some re-write rules or redirection rules. But here I found lots of other helpful rules, like file protection, hotlink protection, caching mechanism etc. Though I couldn’t understand all of the rules due to my lack of knowledge 🙁 , but having all these rules in one place is just great.

    Specially I liked the last line, where you told you are going to add more rules 🙂 You rocks Supratim!

Leave a comment

Your email address will not be published. Required fields are marked *