htaccess

Websites .htaccess

Your websites .htaccess file.

First of all configuring your websites .htaccess files is above all your place to start!

With servers that use Apache, a .htaccess file lets you control high-level website configuration. Without having to edit your server configuration files. 

You can even apply different settings to different directories by using multiple .htaccess files. 

You can, therefore, create a .htaccess file in any directory on your server by simply uploading a plain text file and renaming it .htaccess.

Generally, you want to minimize the number of .htaccess files you have. Because too many configurations can slow your server down. 

When a server sees a .htaccess file in a directory, it looks for .htaccess files in all the parent directories as well, increasing the servers resource usage. 

Remember, .htaccess files that are higher up in the file path always take precedence.

Apache Configuration

Apache is configured so all files named .htaccess are hidden. 

These files have important configuration information and can be used to compromise your server.

These are the most common uses for .htaccess:

  • redirecting URLs
  • loading custom error pages
  • forcing your site to use HTTPS instead of HTTP.
  • password protecting directories
  • preventing hotlinking

Using .htaccess files is a powerful tool for managing any server, but it can be a bit tricky. 

Therefore, make sure you are familiar with making changes to your server before you start editing .htaccess files, and always make a backup.

RewriteEngine On

RewriteEngine On
Options +FollowSymLinks
RewriteCond %{THE_REQUEST} ^.*/index.html
RewriteRule ^(.*)index.html$ https://awebsiteguy.com/$1 [R=301,L]

RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]

# Prevent Directory listing
Options -Indexes

Enable Compression

AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain

mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

Leverage Browser Caching

ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"

# stop clickjacking
# Header always set X-FRAME-OPTIONS "DENY"

# stop XSS attack
# Header always set X-XSS-Protection "1; mode=block"

Prevent MIME sniffing

# Header always set X-Content-Type-Options "nosniff"

Header set Connection keep-alive
<filesmatch "\.(ico|flv|jpg|jpeg|png|gif|css|swf)$">
Header set Cache-Control "max-age=2678400, public"

<filesmatch "\.(html|htm)$">
Header set Cache-Control "max-age=7200, private, must-revalidate"

<filesmatch "\.(pdf)$">
Header set Cache-Control "max-age=86400, public"

<filesmatch "\.(js)$">
Header set Cache-Control "max-age=2678400, private"