Htaccess
Jump to navigation
Jump to search
Order from top to bottom matters, if something isn't kicking in, move it further up in the file.
Force SSL
Doesn't always work, but works most of the time at the top of .htaccess, can also be added to an Apache include.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Partial redirect from HTTPS to HTTP
Issue resolved by commenting them out.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^([^.]+)\.com [NC]
RewriteRule (.*) http://www.%1.com/$1 [r=301,L]
Block remote access to a file
<Files filename.php> Order Deny,Allow Deny from all allow from 127.0.0.1 errordocument 401 default errordocument 403 default errordocument 404 default errordocument 411 default </Files>
Block execution of code
Handy for 777 dirs, per MWineland. I need to do more testing with these.
<FilesMatch "\.(php|pl|py|jsp|asp|htm|shtml|sh|cgi.+)$">
ForceType text/plain
</FilesMatch>
or:
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi Options -ExecCGI