htaccess tips and tricks

  1. Creating a custom error page with .htaccess on a linux apache is a very simple task. Using you a text editor like notepad you create an .htaccess files. Custom error pages give your website an professional look and catch those visitors who reach your website following a back link.

ErrorDocument 401 /error/401.php

ErrorDocument 403 /error/403.php

ErrorDocument 404 /error/404.php

ErrorDocument 500 /error/500.php

  1. How to set the timezone on your server

SetEnv TZ America/Houston

  1. Block IPs Using htaccess

Sometime you need to block certain IPs from accessing your entire site or directory. Its pretty simple task. All you have to do is inside the .htaccess file is put the following code.

allow from all

deny from

deny from 124.15

If you use the whole IP or a part of the IP to block and add the new ones in a new line. When someone trying to access your site from the banned ip they will get a 403 error access forbidden message.

  1. SEO Friendly 301 permanent redirects for bad/old links and moved links

Redirect 301 /d/file.html

  1. Set the Email Address for the Server Administrator – Using this code you can specifying the default email address for the server administrator.

ServerSignature EMail


  1. Hotlinking protection with .htaccess is very important because anyone can hot link to your images and eat up all your bandwith of your server. The following code will help you to prevent that.

Options +FollowSymlinks

# Protect Hotlinking

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www.)? [nc]

RewriteRule .*.(gif|jpg|png)$ [nc]

  1. Block all requests from user agent – by creating a perfect .htaccess ban list, you can block all of unwanted user agents that will keep your server load down. Also Check out this interesting thread on webmaster world about the 228 user agents ban list.

## .htaccess Code :: BEGIN

## Block Bad Bots by user-Agent

SetEnvIfNoCase user-Agent ^FrontPage [NC,OR]

SetEnvIfNoCase user-Agent ^Java.* [NC,OR]

SetEnvIfNoCase user-Agent ^Microsoft.URL [NC,OR]

SetEnvIfNoCase user-Agent ^MSFrontPage [NC,OR]

SetEnvIfNoCase user-Agent ^Offline.Explorer [NC,OR]

SetEnvIfNoCase user-Agent 1eb[Bb]andit [NC,OR]

SetEnvIfNoCase user-Agent ^Zeus [NC]

Order Allow,Deny

Allow from all

Deny from env=bad_bot

## .htaccess Code :: END

  1. Redirect everyone to different site except few IP -If you want to redirect all the visitors to a different IP. Also give access to certain few IPs. You can use the code below

ErrorDocument 403

Order deny,allow

Deny from all

Allow from

Allow from

  1. Don’t want to display download request – Usually when you try to download something from a web server you get a request asking whether you want to save the file or open it. To avoid that you can use the below code on your .htaccess file.

AddType application/octet-stream .pdf

AddType application/octet-stream .zip

AddType application/octet-stream .mov

  1. Change the file type – Make any file be a certain kind of file type Makes image.jpg, index.html, default.cgi all act as php

ForceType application/x-httpd-php

SetHandler application/x-httpd-php

  1. Block access to your .htaccess file – By adding he following code to your htaccess file will prevent attempts to access your htaccess file. This extra layer of security protects your htaccess file by displaying a 403 error message on the browser.

# secure htaccess file

 order allow,deny

 deny from all

  1. Protect access to certain specific file on your server – this can be done by adding the below mentioned code. For example you want to block with the file name default.jpg This will prevent the viewing of this file.

# prevent access of a certain file order allow,deny

 deny from all

  1. Prevent access to unauthorized browsing – Protecting specific directory browsing can be done by intructing the server to serve a Forbidden and Authorization required message while anyone requests to view that particular directory. Usually if you site doesn’t have a default index page any files within that directory is accessible to the visitors. To avoid that use the following code in the .htaccess file.


# disable directory browsing

Options All -Indexes

  1. Setting the default page – You can set the default page of a directory to any page you like. For example in this code the default page is set as about.html instead of index.html

# serve alternate default index page

DirectoryIndex about.html

  1. Password protect your directories and files – You can create authentication for certain files and directories from being access. The code has examples of both password protection for a single file and password protection for a entire directory.

# to protect a file

AuthType Basic

AuthName “Prompt”

AuthUserFile /home/path/.htpasswd

Require valid-user

# password-protect a directory


AuthType basic

AuthName “This directory is protected”

AuthUserFile /home/path/.htpasswd

AuthGroupFile /dev/null

Require valid-user

  1. Redirect an old domain to a new domain – Using htaccess file you can redirect a old domain name to a new domain by adding the following code into the htaccess file. Basically what it does is it will remap the old domain to the new one.

# redirect from old domain to new domain

RewriteEngine On

RewriteRule ^(.*)$$1 [R=301,L]