Tag: htaccess

  • How to Redirect HTTP to HTTPS using htaccess

    How to Redirect HTTP to HTTPS using htaccess

    To redirect a website from HTTP to HTTPS, you can use the following code in .htaccess file

    RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]

    If you want to redirect HTTP to HTTPS and keep SSL verification pages on HTTP, this is needed on Cpanel servers.

    
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

    If you wish to add redirect in Apache VirtualHost, use the following VirtualHost entry.

     
ServerName www.yourdomain.com 
Redirect permanent / https://www.yourdomain.com/

    See htaccess

  • How to block Bad Bots (User Agents) using .htaccess

    How to block Bad Bots (User Agents) using .htaccess

    Some bots can cause a high load on servers as they index too many pages or get into some never-ending loop.

    last day one of the servers I manage had a very high load. On checking Apache logs, I have thousands of access like

    135.181.138.45 - - [24/Aug/2022:03:00:54 +0000] "GET /sv/produkt-linux-server/page/7/?add_to_wishlist=42752&_wpnonce=a8836de6af HTTP/1.1" 200 209072 "https://domain/sv/produkt-linux-server/page/7/?add_to_wishlist=56196&_wpnonce=1e5a94622c" "Mozilla/5.0 (compatible; SeekportBot; +https://bot.seekport.com)"
135.181.138.45 - - [24/Aug/2022:03:00:53 +0000] "GET /sv/produkt-linux-server/page/7/?add_to_wishlist=66324&_wpnonce=a8836de6af HTTP/1.1" 200 209072 "https://domain/sv/produkt-linux-server/page/7/?add_to_wishlist=56196&_wpnonce=1e5a94622c" "Mozilla/5.0 (compatible; SeekportBot; +https://bot.seekport.com)"
135.181.138.45 - - [24/Aug/2022:03:00:54 +0000] "GET /sv/produkt-linux-server/page/7/?add_to_wishlist=42830&_wpnonce=a8836de6af HTTP/1.1" 200 209072 "https://domain/sv/produkt-linux-server/page/7/?add_to_wishlist=56196&_wpnonce=1e5a94622c" "Mozilla/5.0 (compatible; SeekportBot; +https://bot.seekport.com)"

    In this case, the bot user agent is

    Mozilla/5.0 (compatible; SeekportBot; +https://bot.seekport.com)

    To block the bot, I added the following code in .htaccess file

    RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (SeekportBot|SpamBot2) [NC]
RewriteRule (.*) - [F,L]

    This will block any visitor with Browser User Agents SeekportBot or SpamBot2.

    To block common marking bots, run

    RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (semrush|ahref|mj12bot) [NC]
RewriteRule (.*) - [F,L]

    If you are using Nginx web server, see How to block bad bots User-Agents in Nginx or using Block User-Agent using Cloudflare

    Back to htaccess

  • How to deny access to a file using .htaccess?

    How to deny access to a file using .htaccess?

    You may need to deny access to specific files on your web server for security reasons. On the Apache web server, you can do this by using .htaccess file.

    Let’s say you need to prevent anyone from accessing the file with the name .user.ini, you can create a file with the name .htaccess with the following content

    
    Require all denied

    Here is another example, that prevents access to file with name config.php

    
    Require all denied

    If you want to deny access to a folder, create a .htaccess file inside the folder with the following content

    deny from all

    If you want to allow whitelisted IP to access a folder, then use the following .htaccess file.

    Order Allow,Deny
Allow from YOUR_IP_HERE
Deny from all
  • How to Add Expires Headers in WordPress

    How to Add Expires Headers in WordPress

    What is Expires Headers

    Expires headers are a type of HTTP header that indicates how long until cached copies of site resources expire. Expires headers tell the browsers what resource can be stored and fetched from the browser’s cache or the source itself. Using the expires headers, you maximize the speed of your site by reducing the HTTP requests between your device and the Service and also help you load the site more easily.

    Caching

    Browser caching enables the browser to cache to locally store resources improving site speed. This tells the web browser how long it should store your website resources before they are deleted.

    How to enable Expires header in wordpress using .htaccess

    Find your .htaccess file. Download a backup copy of the .htaccess file to your local computer. Add the following code snippet in the file

    ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType image/svg "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType application/javascript "access 1 month"
ExpiresByType application/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"

    How to enable Expires header in Nginx

    Nginx works in a different way to Apache in that it does not make use of a specific file like Apache does with the .htaccess file. Instead, you need to edit the server configuration file then copy and paste the following line of code to your server block.

    location ~* \.(jpeg|jpg|png|svg|gif)$ {
expires 365d;
}

location ~* \.(html|css|js)$ {
expires 30d;
}

    You can adjust the expiration times for different types of files as needed.

  • Redirect Subdomain to Subdirectory

    To redirect a subdomain to a subdirectory, use following .htaccess code.

    RewriteEngine on
RewriteCond %{HTTP_HOST} ^(.*)\.domain\.com
RewriteRule ^(.*)$ subdomains/%1/$1 [L,NC,QSA]

    Redirect Subdirectory to Subdomain

    RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.)?example\.com$
RewriteRule ^/?subdomain/(.*)$ https://subdomain.example.com/$1 [R=301]

    See htaccess

  • React/Angular Application showing 404 error on refresh

    On Apache server, React Application works fine, but if you refresh a page, it shows 404 error. This is because the application use BrowserRouter. To fix the error, create a .htaccess file with following content

    RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.html [QSA,L]

    Put this on the folder where your application index.html is or in Apache Virtual Host entry.

    See htaccess

  • Redirect a folder to another

    To redirect a folder to another using .htaccess, create

    RedirectMatch 301 ^/OLD_FOLDER/(.*)$ /NEW_FOLDER/$1

    Or

    RewriteEngine On
RewriteRule ^OLD_FOLDER/(.*)$ /NEW_FOLDER/$1 [R=301,NC,L]

    Or

    Redirect 301 /OLD_FOLDER /NEW_FOLDER

    if new folder is on another domain, you can use https://new-domain.com/OLD_FOLDER

    See Redirect

  • Password Protect Site using htaccess

    To password protect a web site or a sub folder using .htaccess, create a .htaccess file in the folder.

    vi .htaccess

    Add following content

    AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/site-logins
Require valid-user

    In this case, i used /etc/apache2/site-logins as AuthUserFile, this will store all user and password. You can change this file path to whatever you need. Make sure it is not accessable from public, so keep it outside of document root of your web site.

    Now create a user with command

    htpasswd -c /etc/apache2/site-logins USER_NAME_HERE

  • Redirect site to HTTPS excluding a folder

    On a web site, customer need to redirect all pages to HTTPS, but want to keep files in one of the folder on HTTP.

    For this, i used following in .htaccess file.

    RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/auth/.*
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    Here any url like yourdomain.extn/auth/ will not get redirected to HTTPS.

    See Redirect

  • Redirect site from www to non-www

    Redirect site from www to non-www

    It is better to make web site available with one URL. Many sites work with both wwww and non-www (naked domain) urls.

    Using www or non-www is personal choice. One advantage of using wwww for URL is when you have lot of sub domains. If you use non-www url, cookies set by the domain will be available to sub domains. This will increase bandwidth usage as cookie need to be sent with every request browser make to web server.

    Apache

    If you are using Apache web server, you can redirect wwww to non-www URL by adding the following code in the .htaccess file

    RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.yourdomain.com [NC]
RewriteRule ^(.*)$ https://yourdomain.com$1 [L,R=301]

    Redirect non-www to www

    RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain.com [NC]
RewriteRule ^(.*)$ https://www.yourdomain.com$1 [L,R=301]

    Nginx

    If you use Nginx, it is better to create a server entry for the www URL, and then set a redirect

    server {
    server_name www.yourdomain.com;
    return 301 $scheme://yourdomain.com$request_uri;
}

    If you want to use the same server entry for www and non-www, add the following code to the nginx server entry for the website.

    Redirect www domain to non-www

    if ( $host != 'yourdomain.com' ) {
    return 301 https://yourdomain.com$request_uri;
}

    If you use custom ports, use

    if ( $host != 'yourdomain.com' ) {
    return 301 https://yourdomain.com:$server_port$request_uri;
}

    Redirect Naked Domain to www

    if ( $host != 'www.serverok.in' ) {
    return 301 https://serverok.in$request_uri;
}

    Related Posts

    Redirect

    htaccess

  • Disable PHP on a folder

    A web site had vlunerability, all allowed hacker to upload backdoor script to “uploads” folder used by the script.

    As a quick fix, i disabled PHP execution from “uploads” folder. Doing this for any site is a good dea when if your site is not vlunerable at the moment.

    Method 1

    To disable PHP execution, create a file with name .htaccess

    vi .htaccess

    Add

    php_flag engine off

    Method 2

    In .htacess, add

    RewriteRule ^.*\.php$ - [F,L]

    Only Allow specifc PHP files

    Only index.php is allowed. Any other PHP script will result in 403 error.

    
Order Allow,Deny
Deny from all


Order Allow,Deny
Allow from all

    See htaccess

  • htaccess

    Redirect

    Access Control

    Redirect domain to SSL (HTTPS)

    RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

    Or

    RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    Redirect a Page to another

    RedirectMatch 301 ^/old-page\.php$ /new-page.php

    You can also use

    Redirect 301 /old-page.php https://domain.com/new-page.php