Complete .htaccess example for a CMS
The following is a collection of things I have learned about .htaccess the hard way. I will give an example of a complete .htaccess file for a CMS:
-----------------------------------
AddType x-mapp-php5 .php
Options +FollowSymLinks
Options -Indexes
ServerSignature Off
redirect 301 /software/firefox/firefox_download_manager_2_files_limit_fix.html http://mkrd.info/?page=2-files-limit-fix
#redirect 301
RewriteRule ^linux/switching-to-linux.html$ http://wiki.mkrd.info/Switching_to_Linux [R=301,L]
#RewriteRule ^oldurl$ newurl [R=301,L]
#RewriteRule ^mediawiki/index.php?title=Main_Page$ http://wiki.mkrd.info/Main_Page [R=301,L]
#^does not work
redirect gone /services-available/repair-website-or-server-infection/be-careful-about-others-fixes.html
#redirect gone
ErrorDocument 410 /410-error----page-gone.html
# Deny access to config.php
# This can be useful if php ever breaks or dies
# Use with caution, this may break other functions of CMSMS that use a config.php
# file. This may also break other programs you have running under your CMSMS
# install that use config.php. You may need to add another .htaccess file to those
# directories to specifically allow config.php.
<Files "config.php">
order allow,deny
deny from all
</Files>
<IfModule mod_rewrite.c>
RewriteEngine on
#
#Sub-dir e.g: /cmsms/
RewriteBase /
# URL Filtering helps stop some hack attempts
#IF the URI contains a "http:"
RewriteCond %{QUERY_STRING} http\: [OR]
#OR if the URI contains a "["
RewriteCond %{QUERY_STRING} \[ [OR]
#OR if the URI contains a "]"
RewriteCond %{QUERY_STRING} \] [OR]
#OR if the URI contains a "<script>"
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
#OR script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
#OR any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^.*$ - [F,L]
# END Filtering
# 301 Redirect all requests that don't contain a dot or trailing slash to
# include a trailing slash
# but ignore POST requests.
#RewriteCond %{REQUEST_URI} !/$
#RewriteCond %{REQUEST_URI} !\.
#RewriteCond %{REQUEST_METHOD} !POST$
#RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]
# Rewrites URLs in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
</IfModule>
<IfModule mod_header.c>
# Disable ETags
Header unset ETag
FileEtag None
</IfModule>
<IfModule mod_deflate.c>
# Compress css, plaintext, xml, gif, and images in transport.
AddOutputFilterByType DEFLATE text/css text/plain text/xml image/gif image/jpeg image/png
</IfModule>
<IfModule mod_expires.c>
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
# Set expires tags on various files... so that the browser wont attempt to reload them.
ExpiresActive On
ExpiresDefault "access plus 1 year"
<IfModule mod_header.c>
# Setting cache control to public allows proxy servers to cache the items too.
Header set Cache-Control "public"
</IfModule>
</FilesMatch>
</IfModule>
-----------------------------------
This may be a little too much to handle, so let's take it on in sections.
AddType x-mapp-php5 .php
For 1and1, this specifies PHP5
Options +FollowSymLinks
Options -Indexes
ServerSignature Off
Is for rudimentary security
redirect 301 /software/firefox/firefox_download_manager_2_files_limit_fix.html http://mkrd.info/?page=2-files-limit-fix
Is a correct implementation of a 301 permanent redirect to another page on the same website
#redirect 301
Was left to be used to add entries later. "#" Here comments out a line.
RewriteRule ^linux/switching-to-linux.html$ http://wiki.mkrd.info/Switching_to_Linux [R=301,L]
A different method is used to redirect to another domain (a subdomain here).
#RewriteRule ^mediawiki/index.php?title=Main_Page$ http://wiki.mkrd.info/Main_Page [R=301,L]
#^does not work
Leaving notes to myself here. htaccess does not work with PHP script type URLs! This is a pretty good reason to use Pretty URLs. No matter what the other incompetent types say, ?page= style of "short" URLs is nothing good.
redirect gone /services-available/repair-website-or-server-infection/be-careful-about-others-fixes.html
Being a considerate web developer, I let crawlers know that a page was deleted.
ErrorDocument 410 /410-error----page-gone.html
Here I am specifying a human--friendly error page for the redirect above.
# Deny access to config.php
# URL Filtering helps stop some hack attempts
# Disable ETags
Are all rudimentary security precautions
#Sub-dir e.g: /cmsms/
# 301 Redirect all requests that don't contain a dot or trailing slash to include a trailing slash but ignore POST requests.
# Rewrites URLs in the form of /parent/child/
This is where Pretty URLs happen
# Compress css, plaintext, xml, gif, and images in transport.
Making sure that my pages get served quickly!
˅˅˅ Additional valuable information is available at one of the links below: ˅˅˅
Did you like the article? Let Google Search know by clicking this button:
Page last modified 06-Jan-13 21:33:20 EST
Previous page: Proper use of 410 gone .htaccess redirect
Next page: PHPBB3 forum board portal