Category Archive: .htaccess
Posts about Apache and .htaccess
Whitelist File Names via Apache/.htaccess
I’ve posted tons of tutorials showing how to block things with Apache/.htaccess. Generally blocking involves defining a list and then forbidding access to it. In this quick post, we’re going to change it up, by defining a list and forbidding access to anything that is not included. The list can be anything, IP addresses, request […]
Secure WordPress Login Page
If you try to log in to some of my WordPress-powered sites via the WP Login Page, you will be met with a 403 “Forbidden” response. For sites where I am the only registered user, I lock things down to prevent endless waves of drip force attacks. It really helps to reduce server load, conserve […]
Block BLEXBot via Apache/.htaccess
One of the worst bots I’ve encountered in a long time. BLEXBot likes to hit the same resources periodically and repeatedly. So it requests the same resources again and again, even if they are expressly forbidden via robots.txt or other methods. It’s like BLEXBot has no memory of where it’s been or what it’s doing. […]
Apache Require HTTP 1.1 for POST Requests
A reader recently asked how to limit POST requests to only HTTP 1.1. Well here is an .htaccess snippet that will do it.
Force Trailing Slash with .htaccess
This quick code snippet enables you to enforce that all directory URLs append a trailing slash. It is a very simple code snippet, only a few lines and done. Here are a few examples to give you a better idea of how it works.
Redirect Attacker to Special Message
If you are using Apache server, you can stop an attack by getting the IP address of the attacker and then using it to block or redirect all of their requests. Normally I just block the requests using either Deny or Require directives (depending on Apache version), but sometimes it’s fun to redirect the attacker […]
Protect against SQL Injection
Here is a nice copy/paste .htaccess snippet to help block SQL-injection attacks. It can be added as-is to your .htaccess file to help protect against SQL injection and other types of malicious activity. This code is a not a replacement for proper data sanitization, but it does help to add another layer of security to […]
Protect Against File Injection
Here is a nice copy/paste .htaccess snippet to help block file-injection attacks. It can be added as-is to your .htaccess file to help protect against file injection and other types of malicious activity. This code is a not a replacement for proper data sanitization, but it does help to add another layer of security to […]
503 Service Unavailable Headers via PHP
Sending a few HTTP headers is a simple way to let visitors and search engines know that your site currently is unavailable. This is useful when you are doing maintenance and don’t need access to the front-end of your site. Simply add the rules when your site is down, and then remove them once everything […]
Redirect old domain to new domain
To redirect an old domain to a new domain, use any of these three simple .htaccess techniques.
Canonical URLs for a single page site
In this tutorial, I share a handful of .htaccess techniques for implementing canonical URLs for single-page websites. Also referred to as “brochure” sites (among other things). These are all plug-&-play code snippets, just add to any .htaccess-capable site and enjoy the SEO benefits of having canonical URLs. I use these snippets on my sites, such […]
Private URLs with .htaccess
With WordPress and other publishing software, you can create “private” and “password-protected” posts, but the URL is still going to be discoverable via search engines and visitors. This technique using .htaccess makes the post and URL accessible only to the specified IP addresses.