.htccess or hyper-text access to the configuration file is a powerful tool. It's specialty is anybody can edit it easily and use. Today we will see the use of this powerful tool.
Stop Hotlink
Is there anybody who consume your bandwidth by using your uploaded image? Then you can add this code to
.htaccess file.
Options +FollowSymlinks
#Protect against hotlinking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domainname.com/ [nc]
RewriteRule .*.(gif|jpg|png)$ http://yourdomainname.com/img/stop_stealing_bandwidth.gif[nc]
Protect your site from bad bot
some hacking tools when use bot to crowling, scaning your site then you can stop them by adding this code to your .htaccess file.
#Block bad bots
SetEnvIfNoCase user-Agent ^FrontPage [NC,OR]
SetEnvIfNoCase user-Agent ^Java.* [NC,OR]
SetEnvIfNoCase user-Agent ^Microsoft.URL
[NC,OR]
SetEnvIfNoCase user-Agent ^MSFrontPage
[NC,OR]
SetEnvIfNoCase user-Agent ^Offline.Explorer
[NC,OR]
SetEnvIfNoCase user-Agent ^[Ww]eb[Bb]andit
[NC,OR]
SetEnvIfNoCase user-Agent ^Zeus [NC]
Order Allow,Deny
Allow from all
Deny from env=bad_bot
Block specific IP
when you see that a specific ip used to hack or spaming to your website then you can block that ip by add this code to .htaccess file.
allow from all
deny from 145.186.14.102
deny from 124.15
here replace your targeted ip by 145.186.14.102 and then it will be blocked.
Redirect to 401, 403, 404, 503 etc error page.
You can redirect your visitor to this error page when they input the url which doesn't exist in your website.
ErrorDocument 401 /error/401.php
ErrorDocument 403 /error/403.php
ErrorDocument 404 /error/404.php
ErrorDocument 500 /error/500.php
Here we store our error page in the error directory. you should replace this with your own directory.
Protect any specific file
you need to protect your configuration file for your security.
#Protect the your-file-name-with-extension File
order allow,deny
deny from all
Here replace your file name with your-file-name-with-extension.(must include extension)
Protect any file or directory with password.
To protect file with password you can use this code
password-protect a file
AuthType Basic
AuthName "Prompt"
AuthUserFile /home/path/.htpasswd
Require valid-user
# password-protect a directory
resides
AuthType basic
AuthName "This directory is protected"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user
Make your site super fast by compressing content to gzip.
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css
application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
Remove extension from link
If your site have a page named page.php
and it will load by http://yoursite.com/page.php. but you can remove this .php
extension by adding this code to your .htaccess and then it will http://yoursite.com/page
RewriteRule ^(([^/]+/)*[^.]+)$ /$1.php [L]
You can also remove .html by this code. simply remove .php and add .html
Remove category from url
Say, your site have a category called downloads. Then you can access this directory by /category/downloads. But now, you want to remove this category tag from url. You can do it by adding this code to .htaccess file.
RewriteRule ^category/(.+)$ http://www.YourSite.com/$1 [R=301,L]
Change wordpress default feeds to feedburner.
#Redirect wordpress content feeds to
feedburner
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !
FeedBurner [NC]
RewriteCond %{HTTP_USER_AGENT} !
FeedValidator [NC]
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/yourfeedhere [R=302,NC,L]