.htaccess Snippets

A collection of useful .htaccess snippets, all in one place.

NOTE: .htaccess files are for people that do not have rights to edit the main server configuration file. They are intrinsically slower and more complicated than using the main config. Please see the howto in the httpd documentation for further details.

Disclaimer: While dropping the snippet into an .htaccess file is most of the time sufficient, there are cases when certain modifications might be required. Use at your own risk.

IMPORTANT: Apache 2.4 introduces a few breaking changes, most notably in access control configuration. For more information, check the upgrading document as well as this issue.

Credits

What we are doing here is mostly collecting useful snippets from all over the interwebs (for example, a good chunk is from Apache Server Configs) into one place. While we’ve been trying to credit where due, things might be missing. If you believe anything here is your work and credits should be given, let us know, or just send a PR.

Table of Contents

• Rewrite and Redirection
  • Force www
  • Force www in a Generic Way
  • Force non-www
  • Force non-www in a Generic Way
  • Force HTTPS
  • Force HTTPS Behind a Proxy
  • Force Trailing Slash
  • Remove Trailing Slash
  • Redirect a Single Page
  • Redirect Using RedirectMatch
  • Alias a Single Directory
  • Alias Paths to Script
  • Redirect an Entire Site
  • Alias "Clean" URLs
  • Exclude a URL from Redirection
• Security
  • Deny All Access
  • Deny All Access Except Yours
  • Allow All Access Except Spammers'
  • Deny Access to Hidden Files and Directories
  • Deny Access to Backup and Source Files
  • Disable Directory Browsing
  • Disable Image Hotlinking
  • Disable Image Hotlinking for Specific Domains
  • Password Protect a Directory
  • Password Protect a File or Several Files
  • Block Visitors by Referrer
  • Prevent Framing the Site
• Performance
  • Compress Text Files
  • Set Expires Headers
  • Turn eTags Off
• Miscellaneous
  • Set PHP Variables
  • Custom Error Pages
  • Force Downloading
  • Prevent Downloading
  • Allow Cross-Domain Fonts
  • Auto UTF-8 Encode
  • Switch to Another PHP Version
  • Disable Internet Explorer Compatibility View
  • Serve WebP Images

Rewrite and Redirection

Note: It is assumed that you have mod_rewrite installed and enabled.

Force www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]

Force www in a Generic Way

RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This works for any domain. Source

Force non-www

It’s still open for debate whether www or non-www is the way to go, so if you happen to be a fan of bare domains, here you go:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

Force non-www in a Generic Way

``` apacheconf RewriteEngine on RewriteCond %{HTTP_HOST} ^www. RewriteCond %{HTTPS}s ^on(s)|off