.htaccess Mod Rewrite Tutorial

Htaccess files are used in apache using the .htaccess extension, it has no file name, and if you can't see it, you may need to play with your Folder Options in windows or your FTP client. These config files for apache are extremely useful to prevent access and to rewrite urls using mod_rewrite so that they are more search engine friendly and optimized. Some tips and tricks for designing the right .htaccess file for your website can make wonders.

Error Documents

Instead of the standard 404 error or 500 internal error displayed by browsers, you can present your users with a customized error page, with perhaps a feedback form using .htaccess:

ErrorDocument 401 /error401.php
ErrorDocument 403 /error403.php
ErrorDocument 404 /error404.php
ErrorDocument 500 /error500.php

Options for htaccess

The following code can be used if you want to display directory listings on pages with no index, this can be useful if you want your friends to see a list of files in your server. However, it can also be useful for hackers who want to see some of your files or codes:

Options +Indexes +MultiViews +FollowSymlinks

However if you want to block access to file directory listings, so that if someone just types a folder in your server and tries to see it they get a blank page:

Options -Indexes
Options +FollowSymLinks

You can also set Directory Index for your directories, usually it's a php file:
DirectoryIndex index.php


Mod_rewrite is a module for apache that allows you to code the urls being received and how they should be generated to look for your visitors.

The following code in your htaccess file, converts anyone who types http://yourwebsite.com to be redirected using Redirect 301 protocol to http://www.yourwebsite.com that way you have a standard of how your website should always look. It can also be used for redirecting users anywhere in your server.

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_HOST} ^yourwebsite\.com$ [NC]
  RewriteRule ^(.*)$ http://www.yourwebsite.com/$1 [L,R=301]
  #use the following if you have your website in a subfolder of your
  #web server and rewrite rules are not working properly.
  RewriteBase /

You can also use this code to redirect php to have clean urls using mod_rewrite, such as index.php?query=X where X will now be website.com/X, this would also hide from people that you are using PHP files.

<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?query=$1 [L,QSA]

In other words, if someone types yourwebsite.com/files/b/a/2008/ in their browser, mod_rewrite will add a GET request to your variable "query" in this form:

yourwebsite.com/index.php?query=files/b/a/2008/ which you can then use your php code to alter and redirect the user yourself.

Force PHP to parse other file extensions

You can force PHP to parse other file extensions and types, that are not necessarily ending in .php:

AddType application/x-httpd-php5 .htm .html .php .cool

That will make PHP 5 interpret PHP on htm, html, php, and cool pages with those extensions.

With PHP 4 it's a bit different:

AddType application/x-httpd-php .htm .html .php .cool

You can also set PHP settings in htaccess:

php_value register_globals off

Saving Bandwidth with Zlib Compression

You can use the following to compress your pages, and gain performance boost in your website using zlib php compression and save some bandwidth.

<ifModule mod_php4.c>
 php_value zlib.output_compression 23431

The 23,431 is the KB of the output buffer that is allowed. By default you can type "On" and it will be 4KB.

Restrict Files and Folders

Restrict access to a certain IP address:

order allow,deny
deny from
allow from all

Restricting certain files from being accessed:

<Files ~ "^.*\.([Ll][Oo][Gg]|[Pp][Yy])">
 Order allow,deny
 Deny from all
 Satisfy All

This will restrict files ending with .log or .py from being accessed.

Remember to use htaccess carefully as it can be dangerous but it can also save your web server some extra work.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account associated with the e-mail address you provide, it will be used to display your avatar.