Here are a portion of my top choice .htaccess rules that I add to the vast majority of my own destinations and customer ventures. These methods have been gathered and refined throughout the long term, and can help improve the ease of use, execution, and security of any Apache-powered site.
Note that there are situations where you would not have any desire to add these standards. For instance, on the off chance that you would prefer not to empower mod_rewrite, at that point you wouldn't have any desire to add the rules that empowers it. These standards are on the whole pretty essential and clear, however you ought to comprehend what every strategy is doing prior to adding to your .htaccess record.
Enable essential functionality
This previously set of rules is the thing that enlivened this instructional exercise. They are added to the entirety of my locales since they empower fundamental usefulness:
Here is the thing that these principles are doing (all together or appearance):
# disable directories
Here is the thing that these principles are doing (all together or appearance):
- Disables all registry views (suggested for better security)
- Disables multi-views (suggested for authoritative URIs)
- Empower symlinks (needed for permalinks/changes, e.g., index.php ? index.html)
- Indicate the default character set for any document served text/plain or text/html (suggested for ease of use)
- Disables the worker signature (suggested for better security)
- Disables the ETag Header (suggested for execution)
Note that, contingent upon your arrangement, an extra standard might be needed to totally debilitate the ETag Header. See the following area for more data.
Tip: you can join any Options orders on a solitary line, for instance:
Options -Indexes -MultiViews +FollowSymLinks
Unset ETag Header
This snippet disables Apache's ETag Header:
Header unset ETag
This strategy can give a little exhibition support on specific arrangements. For instance, crippling ETag is accounted for to improve execution on grouped workers. What's more, more by and large lessens the general size of both sent and got HTTP headers.
On the off chance that mod_rewrite is introduced on your Apache worker, you can ensure it is empowered utilizing the accompanying bit:
That should be incorporated in any event once with the goal for mod_rewrite to work.
On the off chance that mod_speling is introduced on your Apache worker, you can ensure it is empowered utilizing the accompanying bit:
Once empowered, mod_speling diverts incorrectly spelled solicitations to any closest coordinating assets. Uses a digit of memory, however can be helpful on the off chance that you've been changing URIs or have bunches of comparatively named URIs. To impair mod_speling, utilize this all things being equal:
In the event that mod_expires is introduced on your Apache worker, you can ensure it is empowered utilizing the accompanying piece:
That likewise sets a default terminates estimation of 300 seconds, so feel free to change that incentive to suit your requirements. Once empowered, mod_expires empowers reserving rules, for example, these:
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
Add mod_mime suport
The mod_mime module is valuable for a wide assortment of procedures. Here is a scrap that sets appropriate MIME types for all documents:
# MIME TYPES
AddLanguage en-US .html .css .js
AddCharset utf-8 .html .css .js .xml .json .rss .atom
AddType application/json json
AddType font/opentype otf
AddType application/font-woff woff
AddType application/x-font-woff woff
AddType application/vnd.ms-fontobject eot
AddType application/x-font-ttf ttc ttf
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
AddType audio/mp4 m4a f4a f4b
AddType audio/ogg oga ogg
AddType video/mp4 mp4 m4v f4v f4p
AddType video/ogg ogv
AddType video/webm webm
AddType video/x-flv flv
AddType application/octet-stream safariextz
AddType application/x-chrome-extension crx
AddType application/x-opera-extension oex
AddType application/x-shockwave-flash swf
AddType application/x-web-app-manifest+json webapp
AddType application/x-xpinstall xpi
AddType application/xml atom rdf rss xml
AddType application/vnd.openxmlformats .docx .pptx .xlsx .xltx . xltm .dotx .potx .ppsx
AddType text/cache-manifest appcache manifest
AddType text/vtt vtt
AddType text/x-component htc
AddType text/x-vcard vcf
AddType image/webp webp
AddType image/x-icon ico
This technique does several things:
Sets the default language (en)
Specifies the correct language for common files (.html, .css, .js)
Force UTF-8 encoding for some common file formats (.html, .css, .js, .xml, .json, .rss, .atom)
Adds MIME support for a wide variety of commonly used file types
The particular document types added here fill in to act as an illustration of what's conceivable. Essentially you can add uphold for any necessary record type. Furthermore, obviously, if there is a sort added here that you needn't bother with, it is absolutely fine to eliminate it. As such, tweak the above code varying.
Note: on the off chance that you need to be more explicit with the DefaultLanguage, you can utilize en-US, as so:
Set the default admin email address
There are different situations where the worker yields/shows the email address of the worker director. For instance, when there is a 500-level mistake, the footer of the yield HTML page will remember the administrator's email for request for clients to contact uphold, and so on The default an incentive for the administrator email is taken from the worker design, yet you can redo it on most arrangements utilizing the accompanying bit:
# ADMIN EMAIL
SetEnv SERVER_ADMIN firstname.lastname@example.org
Note that it's ideal to utilize an expendable email address for this reason, as the data is introduced in plain content, so spam bots ultimately may find it.
Set the default timezone
On the off chance that for reasons unknown the timezone set for your worker is erroneous, you can alter it utilizing the accompanying piece:
SetEnv TZ America/Los_Angeles
Set the default directory index
At the point when catalog sees are empowered, Apache will serve the default record document, which generally is either index.html or index.php. In the event that you need to utilize an alternate record, you can modify the default conduct utilizing this piece:
# DIRECTORY INDEX
DirectoryIndex index.php index.html index.htm
Once set up, this scrap educates Apache to utilize index.php in the event that it exists. In the event that it doesn't exist, at that point index.html will be utilized, etc. You can indicate any records in any request to show for index sees. Note that, if this standard is added to the site's root .htaccess document, it will influence all .htaccess records in all subdirectories. So you can do that or simply add straightforwardly to a particular index to apply the standard locally.
Enable Directory Views
In the main segment of this article, we perceive how to disable registry sees, which by and large is wanted and useful for security. Yet, there are situations when registry sees are attractive (for instance, sharing music, pictures, and other mass records). Here is the scrap to use to empower registry views:
# ENABLE DIRECTORY VIEWS
That should just be added to the particular index for which you need to permit open perspectives; certainly NOT prescribed to remember for root .htaccess (except if you understand what you are doing).
Disregard certain document types: for catalogs where perspectives are empowered, you can "cover up" explicit record types utilizing the accompanying standards:
# IGNORE FILE TYPES
IndexIgnore *.wmv *.mp4 *.avi *.etc
Disable PHP Globals
Nice little snippet to disable all PHP Global Variables:
# DISABLE GLOBALS
php_flag register_globals off
Set default rewrite base
If you are using a lot of rewrites, it may be helpful to set the default RewriteBase:
# REWRITE BASE
In other words, on the off chance that you end up remembering this line for the entirety of your mod_rewrite rules, you can spare some space by proclaiming it once before all other rework rules (e.g., close to the highest point of your .htaccess document).