Here are a portion of my top choice .htaccess rules that I add to the vast majority of my own destinations and customer ventures. These methods have been gathered and refined throughout the long term, and can help improve the ease of use, execution, and security of any Apache-powered site.

Note that there are situations where you would not have any desire to add these standards. For instance, on the off chance that you would prefer not to empower mod_rewrite, at that point you wouldn't have any desire to add the rules that empowers it. These standards are on the whole pretty essential and clear, however you ought to comprehend what every strategy is doing prior to adding to your .htaccess record.

Enable essential functionality

This previously set of rules is the thing that enlivened this instructional exercise. They are added to the entirety of my locales since they empower fundamental usefulness:

disable directories

Here is the thing that these principles are doing (all together or appearance):

# disable directories
Options -Indexes
Options -MultiViews
Options +FollowSymlinks
AddDefaultCharset UTF-8
ServerSignature Off
FileETag none

Here is the thing that these principles are doing (all together or appearance):

  • Disables all registry views (suggested for better security)
  • Disables multi-views (suggested for authoritative URIs)
  • Empower symlinks (needed for permalinks/changes, e.g., index.php ? index.html)
  • Indicate the default character set for any document served text/plain or text/html (suggested for ease of use)
  • Disables the worker signature (suggested for better security)
  • Disables the ETag Header (suggested for execution)

Note that, contingent upon your arrangement, an extra standard might be needed to totally debilitate the ETag Header. See the following area for more data.

Tip: you can join any Options orders on a solitary line, for instance:

Options -Indexes -MultiViews +FollowSymLinks

Unset ETag Header

This snippet disables Apache's ETag Header:

<IfModule mod_headers.c>
	Header unset ETag

This strategy can give a little exhibition support on specific arrangements. For instance, crippling ETag is accounted for to improve execution on grouped workers. What's more, more by and large lessens the general size of both sent and got HTTP headers.

Enable mod_rewrite

On the off chance that mod_rewrite is introduced on your Apache worker, you can ensure it is empowered utilizing the accompanying bit:

<IfModule mod_rewrite.c>
	RewriteEngine On

That should be incorporated in any event once with the goal for mod_rewrite to work.

Enable mod_speling

On the off chance that mod_speling is introduced on your Apache worker, you can ensure it is empowered utilizing the accompanying bit:

<IfModule mod_speling.c>
	CheckSpelling On

Once empowered, mod_speling diverts incorrectly spelled solicitations to any closest coordinating assets. Uses a digit of memory, however can be helpful on the off chance that you've been changing URIs or have bunches of comparatively named URIs. To impair mod_speling, utilize this all things being equal:

CheckSpelling off

Enable mod_expires

In the event that mod_expires is introduced on your Apache worker, you can ensure it is empowered utilizing the accompanying piece:

<IfModule mod_expires.c>
	ExpiresActive on
	ExpiresDefault A300

That likewise sets a default terminates estimation of 300 seconds, so feel free to change that incentive to suit your requirements. Once empowered, mod_expires empowers reserving rules, for example, these:

ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"

Add mod_mime suport

The mod_mime module is valuable for a wide assortment of procedures. Here is a scrap that sets appropriate MIME types for all documents:

<IfModule mod_mime.c>
	DefaultLanguage en
	AddLanguage en-US .html .css .js
	AddCharset utf-8 .html .css .js .xml .json .rss .atom
	AddType application/javascript js jsonp
	AddType application/json json
	AddType font/opentype otf
	AddType application/font-woff woff
	AddType application/x-font-woff woff
	AddType application/ eot
	AddType application/x-font-ttf ttc ttf
	AddType image/svg+xml svg svgz
	AddEncoding gzip svgz
	AddType audio/mp4 m4a f4a f4b
	AddType audio/ogg oga ogg
	AddType video/mp4 mp4 m4v f4v f4p
	AddType video/ogg ogv
	AddType video/webm webm
	AddType video/x-flv flv
	AddType application/octet-stream safariextz
	AddType application/x-chrome-extension crx
	AddType application/x-opera-extension oex
	AddType application/x-shockwave-flash swf
	AddType application/x-web-app-manifest+json webapp
	AddType application/x-xpinstall xpi
	AddType application/xml atom rdf rss xml
	AddType application/vnd.openxmlformats .docx .pptx .xlsx .xltx . xltm .dotx .potx .ppsx
	AddType text/cache-manifest appcache manifest
	AddType text/vtt vtt
	AddType text/x-component htc
	AddType text/x-vcard vcf
	AddType image/webp webp
	AddType image/x-icon ico

This technique does several things:

Sets the default language (en)
Specifies the correct language for common files (.html, .css, .js)
Force UTF-8 encoding for some common file formats (.html, .css, .js, .xml, .json, .rss, .atom)
Adds MIME support for a wide variety of commonly used file types

The particular document types added here fill in to act as an illustration of what's conceivable. Essentially you can add uphold for any necessary record type. Furthermore, obviously, if there is a sort added here that you needn't bother with, it is absolutely fine to eliminate it. As such, tweak the above code varying.

Note: on the off chance that you need to be more explicit with the DefaultLanguage, you can utilize en-US, as so:

DefaultLanguage en-US

Set the default admin email address

There are different situations where the worker yields/shows the email address of the worker director. For instance, when there is a 500-level mistake, the footer of the yield HTML page will remember the administrator's email for request for clients to contact uphold, and so on The default an incentive for the administrator email is taken from the worker design, yet you can redo it on most arrangements utilizing the accompanying bit:

SetEnv SERVER_ADMIN [email protected]

Note that it's ideal to utilize an expendable email address for this reason, as the data is introduced in plain content, so spam bots ultimately may find it.

Set the default timezone

On the off chance that for reasons unknown the timezone set for your worker is erroneous, you can alter it utilizing the accompanying piece:

SetEnv TZ America/Los_Angeles

Set the default directory index

At the point when catalog sees are empowered, Apache will serve the default record document, which generally is either index.html or index.php. In the event that you need to utilize an alternate record, you can modify the default conduct utilizing this piece:

DirectoryIndex index.php index.html index.htm

Once set up, this scrap educates Apache to utilize index.php in the event that it exists. In the event that it doesn't exist, at that point index.html will be utilized, etc. You can indicate any records in any request to show for index sees. Note that, if this standard is added to the site's root .htaccess document, it will influence all .htaccess records in all subdirectories. So you can do that or simply add straightforwardly to a particular index to apply the standard locally.

Enable Directory Views

In the main segment of this article, we perceive how to disable registry sees, which by and large is wanted and useful for security. Yet, there are situations when registry sees are attractive (for instance, sharing music, pictures, and other mass records). Here is the scrap to use to empower registry views:

Options +Indexes

That should just be added to the particular index for which you need to permit open perspectives; certainly NOT prescribed to remember for root .htaccess (except if you understand what you are doing).

Disregard certain document types: for catalogs where perspectives are empowered, you can "cover up" explicit record types utilizing the accompanying standards:

IndexIgnore *.wmv *.mp4 *.avi *.etc

Disable PHP Globals

Nice little snippet to disable all PHP Global Variables:

php_flag register_globals off

Set default rewrite base

If you are using a lot of rewrites, it may be helpful to set the default RewriteBase:

RewriteBase /

In other words, on the off chance that you end up remembering this line for the entirety of your mod_rewrite rules, you can spare some space by proclaiming it once before all other rework rules (e.g., close to the highest point of your .htaccess document).