-
-
Save faisalahammad/3d020b4279c75f344d93c989f19663c2 to your computer and use it in GitHub Desktop.
Most Useful .htaccess Code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #stop directory browsing | |
| Options All -Indexes | |
| # SSL Https active Force non-www | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine on | |
| RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] | |
| RewriteRule ^(.*)$ https://%1/$1 [R=301,L] | |
| RewriteCond %{HTTPS} !=on | |
| RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] | |
| </IfModule> | |
| # SSL Https Active Force www in a Generic Way | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine on | |
| RewriteCond %{HTTP_HOST} !^$ | |
| RewriteCond %{HTTP_HOST} !^www\. [NC] | |
| RewriteCond %{HTTPS}s ^on(s)| | |
| RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | |
| </IfModule> | |
| #AIOWPS_PREVENT_IMAGE_HOTLINKS_START | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteCond %{HTTP_REFERER} !^$ | |
| RewriteCond %{REQUEST_FILENAME} -f | |
| RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC] | |
| RewriteCond %{HTTP_REFERER} !^http(s)?://univahost\.com [NC] | |
| RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L] | |
| </IfModule> | |
| #AIOWPS_PREVENT_IMAGE_HOTLINKS_END | |
| # Text FIle access | |
| <files file.txt> | |
| order allow,deny | |
| deny from all | |
| </files> | |
| # Block double extensions from being uploaded or accessed, including htshells | |
| <FilesMatch ".*\.([^.]+)\.([^.]+)$"> | |
| Order Deny,Allow | |
| Deny from all | |
| </FilesMatch> | |
| # secure uploads directory | |
| <FilesMatch "\.(jpg|jpeg|jpe|gif|png|tif|tiff)$"> | |
| Order Deny,Allow | |
| Allow from all | |
| </FilesMatch> | |
| # Block shell uploaders, htshells, and other baddies | |
| RewriteCond %{REQUEST_URI} ((php|my|bypass)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|c100|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (\.exe|\.php\?act=|\.tar|_vti|afilter=|algeria\.php|chbd|chmod|cmd|command|db_query|download_file|echo|edit_file|eval|evil_root|exploit|find_text|fopen|fsbuff|fwrite|friends_links\.|ftp|gofile|grab|grep|htshell|\ -dump|logname|lynx|mail_file|md5|mkdir|mkfile|mkmode|MSOffice|muieblackcat|mysql|owssvr\.dll|passthru|popen|proc_open|processes|pwd|rmdir|root|safe0ver|search_text|selfremove|setup\.php|shell|ShellAdresi\.TXT|spicon|sql|ssh|system|telnet|trojan|typo3|uname|unzip|w00tw00t|whoami|xampp) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\.exe|\.tar|act=|afilter=|alter|benchmark|chbd|chmod|cmd|command|cast|char|concat|convert|create|db_query|declare|delete|download_file|drop|edit_file|encode|environ|eval|exec|exploit|find_text|fsbuff|ftp|friends_links\.|globals|gofile|grab|insert|localhost|logname|loopback|mail_file|md5|meta|mkdir|mkfile|mkmode|mosconfig|muieblackcat|mysql|order|passthru|popen|proc_open|processes|pwd|request|rmdir|root|scanner|script|search_text|select|selfremove|set|shell|sql|sp_executesql|spicon|ssh|system|telnet|trojan|truncate|uname|union|unzip|whoami) [NC] | |
| RewriteRule .* - [F] | |
| # Follow symbolic links in this directory. | |
| Options +FollowSymLinks | |
| # Set the default handler. | |
| DirectoryIndex index.php index.html index.htm | |
| # Set the default handler. | |
| DirectoryIndex index.php index.html index.htm | |
| # Override PHP settings that cannot be changed at runtime. See | |
| # sites/default/default.settings.php and drupal_environment_initialize() in | |
| # includes/bootstrap.inc for settings that can be changed at runtime. | |
| # PHP 5, Apache 1 and 2. | |
| <IfModule mod_php5.c> | |
| php_flag magic_quotes_gpc off | |
| php_flag magic_quotes_sybase off | |
| php_flag register_globals off | |
| php_flag session.auto_start off | |
| php_value mbstring.http_input pass | |
| php_value mbstring.http_output pass | |
| php_flag mbstring.encoding_translation off | |
| </IfModule> | |
| # Default Carset | |
| AddDefaultCharset utf-8 | |
| DirectoryIndex index.html index.htm index.php | |
| # File Control | |
| <FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$"> | |
| Header set Cache-Control "max-age=2592000" | |
| </FilesMatch> | |
| # Htaccess File Security | |
| <Files .htaccess> | |
| order allow,deny | |
| deny from all | |
| </Files> | |
| # Adding this to your .htaccess will prevent hotlinking from happening: | |
| RewriteEngine on | |
| RewriteCond %{HTTP_REFERER} !^$ | |
| RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?YourDomain [NC] | |
| RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L] | |
| # Protect the .htaccess Itself | |
| <files ~ "^.*\.([Hh][Tt][Aa])"> | |
| order allow,deny | |
| deny from all | |
| satisfy all | |
| </files> | |
| # Leverage Browser Caching | |
| <IfModule mod_expires.c> | |
| ExpiresActive On | |
| ExpiresByType image/jpg "access 1 year" | |
| ExpiresByType image/jpeg "access 1 year" | |
| ExpiresByType image/gif "access 1 year" | |
| ExpiresByType image/png "access 1 year" | |
| ExpiresByType text/css "access 1 month" | |
| ExpiresByType text/html "access 1 month" | |
| ExpiresByType application/pdf "access 1 month" | |
| ExpiresByType text/x-javascript "access 1 month" | |
| ExpiresByType application/x-shockwave-flash "access 1 month" | |
| ExpiresByType image/x-icon "access 1 year" | |
| ExpiresDefault "access 1 month" | |
| </IfModule> | |
| <IfModule mod_headers.c> | |
| <filesmatch "\.(ico|flv|jpg|jpeg|png|gif|css|swf)$"> | |
| Header set Cache-Control "max-age=2678400, public" | |
| </filesmatch> | |
| <filesmatch "\.(html|htm)$"> | |
| Header set Cache-Control "max-age=7200, private, must-revalidate" | |
| </filesmatch> | |
| <filesmatch "\.(pdf)$"> | |
| Header set Cache-Control "max-age=86400, public" | |
| </filesmatch> | |
| <filesmatch "\.(js)$"> | |
| Header set Cache-Control "max-age=2678400, private" | |
| </filesmatch> | |
| </IfModule> | |
| # Enable Compression | |
| <IfModule mod_deflate.c> | |
| AddOutputFilterByType DEFLATE application/javascript | |
| AddOutputFilterByType DEFLATE application/rss+xml | |
| AddOutputFilterByType DEFLATE application/vnd.ms-fontobject | |
| AddOutputFilterByType DEFLATE application/x-font | |
| AddOutputFilterByType DEFLATE application/x-font-opentype | |
| AddOutputFilterByType DEFLATE application/x-font-otf | |
| AddOutputFilterByType DEFLATE application/x-font-truetype | |
| AddOutputFilterByType DEFLATE application/x-font-ttf | |
| AddOutputFilterByType DEFLATE application/x-javascript | |
| AddOutputFilterByType DEFLATE application/xhtml+xml | |
| AddOutputFilterByType DEFLATE application/xml | |
| AddOutputFilterByType DEFLATE font/opentype | |
| AddOutputFilterByType DEFLATE font/otf | |
| AddOutputFilterByType DEFLATE font/ttf | |
| AddOutputFilterByType DEFLATE image/svg+xml | |
| AddOutputFilterByType DEFLATE image/x-icon | |
| AddOutputFilterByType DEFLATE text/css | |
| AddOutputFilterByType DEFLATE text/html | |
| AddOutputFilterByType DEFLATE text/javascript | |
| AddOutputFilterByType DEFLATE text/plain | |
| </IfModule> | |
| <IfModule mod_gzip.c> | |
| mod_gzip_on Yes | |
| mod_gzip_dechunk Yes | |
| mod_gzip_item_include file .(html?|txt|css|js|php|pl)$ | |
| mod_gzip_item_include handler ^cgi-script$ | |
| mod_gzip_item_include mime ^text/.* | |
| mod_gzip_item_include mime ^application/x-javascript.* | |
| mod_gzip_item_exclude mime ^image/.* | |
| mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* | |
| </IfModule> | |
| # Block Bad Bots | |
| # Block one or more IP address. | |
| # Replace IP_ADDRESS_* with the IP you want to block | |
| <Limit GET POST> | |
| order allow,deny | |
| deny from IP_ADDRESS_1 | |
| deny from IP_ADDRESS_2 | |
| allow from all | |
| </Limit> | |
| # Restrict All Access to wp-includes | |
| # Block wp-includes folder and files | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteRule ^wp-admin/includes/ - [F,L] | |
| RewriteRule !^wp-includes/ - [S=3] | |
| RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
| RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
| RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
| </IfModule> | |
| # Allow only Selected IP Addresses to Access wp-admin | |
| # Limit logins and admin by IP | |
| <Limit GET POST PUT> | |
| order deny,allow | |
| deny from all | |
| allow from 302.143.54.102 | |
| allow from IP_ADDRESS_2 | |
| </Limit> | |
| # Protect wp-config.php and .htaccess from everyone | |
| # Deny access to wp-config.php file | |
| <files wp-config.php> | |
| order allow,deny | |
| deny from all | |
| </files> | |
| # Deny access to all .htaccess files | |
| <files ~ "^.*\.([Hh][Tt][Aa])"> | |
| order allow,deny | |
| deny from all | |
| satisfy all | |
| </files> | |
| # Redirect to a Maintenance page | |
| # Redirect all traffic to maintenance.html file | |
| RewriteEngine on | |
| RewriteCond %{REQUEST_URI} !/maintenance.html$ | |
| RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123 | |
| RewriteRule $ /maintenance.html [R=302,L] | |
| # Custom Error Pages | |
| # Custom error page for error 403, 404 and 500 | |
| ErrorDocument 404 /error.html | |
| ErrorDocument 403 /error.html | |
| ErrorDocument 500 /error.html |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment