Apache htaccess File – How To Rewrite Redirect & Protect
Apache htaccess files can be a real bonus when working on your site, lets say you have just finished a major upgrade on your website / blog, during which time you felt it necessary to re-write several titles on pages or posts! The problem is that by now these pages have been indexed by the search engines and are also likely to be bookmarked by users & social networks alike. But before delving deeper into the htaccess file & it’s uses, lets use the following lines of code to prevent people from being able to see the contents of your htaccess file.
<Files .htaccess>
order deny, allow
deny from all
allow from xxx.xxx.xxx.xxx
</Files>
Note: xxx.xxx.xxx.xxx indicates your own IP address, after all you don’t want to block your own access.
Be sure to format that just as it is above, with each line on a new line as shown. There is every likelihood that your existing htaccess file, if you have one, includes those lines already.
Important Safe Guards
1.Always keep a backup of the original htaccess file. If things go pear shaped, then simply upload via FTP to overwrite the file that caused the error.
2.Always make certain you have an up to date backup of your database. If replacing the htaccess file with the original, does not cure the problem, then it is very likely you have corrupted your database! Restoring your database using an upto date backup will cure this error and return everything to as it was prior to your editing your htaccess file.
3.Your host may not support alteration of the .htaccess file; either contact them first and ask before you make changes or proceed with caution and be sure you have a backup of the original file in case of problems.
Please understand that any changes you make to your htaccess files, you do so at your own risk – I cannot be held responsible for any errors or problems it may cause, due to typing errors or your failure to follow the above guidelines.
Tip No.1: Redirect Files or Directories
You could use a redirect meta tag in the head of the old pages to bring users to the new ones, but some search engines may not follow the redirect and others frown upon it, add to that the fact it is a lot of messing around & time wasting, when we have our htaccess file waiting to do the work for us.
Enter this line in your htaccess file & lets be clear on the format here;
Redirect permanent /old-file-name.html http://www.domain.com/new-file-name.html
You can repeat that line for each file you need to redirect. Remember to include the directory name if the file is in a directory other than the root directory:
Redirect permanent /old-directory/old-file-name.html http://www.domain.com/new-directory/new-file-name.html
If you have just renamed a directory you can use just the directory name:
Redirect permanent /old-directory http://www.domain.com/new-directory
Note: The above commands should each be on a single line, they may be wrapping here but make sure they are on a single line when you copy them into your file.
Using this method of redirect has the advantage of minimizing the ever growing problem and build up of “dead links” on the Internet, as people change their sites. Now people who have linked to pages on your site will still have functioning links, even if the pages have changed location.
Tip No. 2: Change the Default Directory Page
In most cases the default directory page is index.htm or index.html. Many servers allow a range of pages called index, with a variety of extensions, to be the default page. Suppose though (for reasons of your own) you wish a page called startpage.html or homepage.html to be a directory home page?
No problem. Just put the following line in your htaccess file for that directory:
DirectoryIndex startpage.html
Or
DirectoryIndex homepage.html
You can also use this command to specify alternatives. If the first filename listed does not exist the server will look for the next and so on. So you might have:
DirectoryIndex index.html index.htm startpage.html homepage.html
Again, the above should all be on a single line
Tip No. 3: Allow / Prevent Directory Browsing
This one is a nice little security feature, most servers are configured so that directory browsing is not allowed, that is if people enter the URL to a directory that does not contain an index file they will not see the contents of the directory but will instead get an error message. However If your site is not configured this way you can prevent directory browsing by adding this simple line to your .htaccess file:
IndexIgnore */*
or
Options +Indexes
Would be the opposite command and could be used to allow access to downloads for example! However with the rise in off site hosting of files, I don’t think this particular command is worth noting.
Tip No 4: Stop the Email Collectors
While you positively want to encourage robot visitors from the search engines, there are other less benevolent robots you would prefer stayed away. Chief among these are those nasty ‘bots that crawl around the web sucking email addresses from web pages and adding them to spam mail lists. Use the following lines of code in your htaccess file to help prevent this practice. Should you be lucky enough to trace any more of these email siphon bots, simple add their name in the same format as the others, but before the last line!
RewriteCond %{HTTP_USER_AGENT} Wget [OR]
RewriteCond %{HTTP_USER_AGENT} CherryPickerSE [OR]
RewriteCond %{HTTP_USER_AGENT} CherryPickerElite [OR]
RewriteCond %{HTTP_USER_AGENT} EmailCollector [OR]
RewriteCond %{HTTP_USER_AGENT} EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ExtractorPro
RewriteRule ^.*$ X.html [L]
Tip No. 5: Allow SSI in .html files
Most servers will only parse files ending in .shtml for Server Side Includes. You may not wish to use this extension, or you may wish to retain the .htm or .html extension used by files prior to your changing the site and using SSI for the first time
Add the following to your htaccess file, each command on a separate line;
AddType text/html .html
AddHandler server-parsed .html
AddHandler server-parsed .htm
You can add both extensions or just one.
Remember though that files which must be parsed by the server before being displayed will load more slowly that standard pages. If you change things as above, the server will parse all .html and .htm pages, even those that do not contain any includes. This can significantly, and unnecessarily, slow down the loading of pages without includes.
Tip No. 6: Prevent Linking to Your Images
Bandwidth leeching can be a major headache & is caused by having someone link to images on your site. You can foil such thieves very easily with htaccess. Copy the following into your .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?your-domain.com/.*$ [NC]
RewriteRule .(gif|jpg)$ – [F]
Just change ‘your-domain.com’ to the name of your domain.
Remember each command should be on a single line. There are 4 lines above, each starting with ‘Rewrite’
Tip No 7 : Ban User Access
You can ban users by IP address or even ban an entire range of IP addresses. This is pretty drastic action, but if you don’t want them, it can be done very easily.
Add the following lines:
order allow, deny
allow from all
deny from 123.255.78.90
deny from 123.255.78
deny from .aol.com
This may seem a little Irish in as much as it appears to contradict itself, but what actually happens is that it reads each line in turn, so although you have said “allow from all” as Apache moves on through the commands on each line, your initial command of “allow from all” now gets superseded by the deny commands. So basically it read as “allow from all except….”
The second line bans the IP address 123.255.78.90
The third line bans everyone in the range 123.255.78.0 to 123.255.78.255 and so is a little more drastic.
The fourth line bans everyone from AOL. !
One thing to bear in mind here it that banned users will get a 403 error - “You do not have permission to access this site“, which is fine unless you have configured a custom error for this page which in fact appears to let them in. So bear that in mind and if you are banning users for whatever reason make sure your 403 error message is a dead end.
Tip No 8: No Unauthorized Access
This particular tip is one of my favourites because it is great for restricting access to your wp-admin directory, which is basically the heart of your blog! Using the method below will prevent access to your wp-admin directory even if somebody has your password. The only way they can gain access is by using your password from your IP address. In the unfortunate circumstances that you do not have a static IP address as happens in the case of one of my co-authors, then you simply use the IP range method to grant access eg. allow from xxx.xxx.xxx which has the effect of allowing xxx.xxx.xxx.0 to xxx.xxx.xxx.255 . I am sure you will agree that whilst this is not an ideal situation, it is much better to allow access to 256 IP address than it is the whole world..?
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
</LIMIT>
Note: xxx.xxx.xxx.xxx indicates your own IP address
That my friends is just a small sample of some of the very useful things you can do with the Apache htaccess file, it can be a real life saver at times & is often used to bolster blog or website defences, however one should always excercise caution when using a htaccess file & please follow the safe guards mentioned above.
Related posts:
