Htaccess tricks

From DreamHost
Jump to: navigation, search

Here are some useful tips, and tricks for things you can or may want to do with your Dream Host account using htaccess

Set Timezone

SetEnv TZ America/Chicago

This will allow PHP to out put your current time instead of the server's time.
List of Timezones:

Different File Extension

Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteRule ^(.+)\.zig$ /$1.php [NC,L]

In this example, this will allow you to refer to your files as example.zig instead of example.php

ForceType and PHP 5

This will force the use of PHP4:

ForceType application/x-httpd-php

This will force the use of PHP5:

ForceType php5-cgi

No File Extension

Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+)$ /$1.php [L,QSA]

In this example, this will completely remove the file extension from your URL such as example instead of example.php

Google Text Translation

Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)-(fr|de|es|it|pt)$$2&sl=en&u=$1 [R,NC]

This will redirect any page on your site ending in -fr, -de, -es, etc. to the translation for that language.

Force File Download

<FilesMatch "\.(mov|mp3|jpg|pdf)$">
  ForceType application/octet-stream
  Header set Content-Disposition attachment

This example provides the client requesting a .mov or .mp3 file the ability to save the file directly instead of having the file open in the browser or with a third-party plugin or other software like QuickTime, Windows Media Player, iTunes, etc..

Note: The third line requires the mod_headers [1] that come with apache 2.0. That will not work with apache versions older than version 2.0.

Deny Access to Include Files

<Files ~ "\.inc$">  
Order Allow,Deny
Deny from All

Don't want people to see some sensitive information in your inc files? Use the above to display a 403 Forbidden error instead.

Deny Access Directory Listing

Options -Indexes

Don't have an index in all your directory's? Use this to deny access to all the directory listings, if there is no index file.

Fail-safe Directory Listing

Alternatively you can specify that a specific file be displayed when there is no default index setup.

Options -Indexes
DirectoryIndex index.php index.html /index.php

When a visitor requests a directory Apache will search for index.php, then index.html, and if neither are found it will display /index.php

Error Documents

ErrorDocument 404 /errors/404.html
ErrorDocument 403 /errors/403.html
ErrorDocument 500 /errors/500.html

If you don't like Apache's default error pages, create your own, place them in the appropriate directory the example above puts them in a directory called errors which is located in the root of the current web site.

404 Redirect

ErrorDocument 404

Instead of going to a 404 page, maybe you want to go to your homepage instead or some other page, just use the above

Faster Page Load Times / Bandwidth Saver


<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript
#End Gzip

Previously people used to suggest using mod_gzip, however DreamHost uses Apache 2 and mod_deflate, which will call gzip on the back end.

You can add any other encoding types to the filter for things like XML or JSON. mod_deflate

Browser Caching

This tells visiting browsers to hold on to certain files longer (likes images, which are rarely changed).

# BEGIN Expire headers  
<ifModule mod_expires.c>  
        ExpiresActive On  
        ExpiresDefault "access plus 5 seconds"  
        ExpiresByType image/x-icon "access plus 2592000 seconds"  
        ExpiresByType image/jpeg "access plus 2592000 seconds"  
        ExpiresByType image/png "access plus 2592000 seconds"  
        ExpiresByType image/gif "access plus 2592000 seconds"  
        ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"  
        ExpiresByType text/css "access plus 604800 seconds"  
        ExpiresByType text/javascript "access plus 216000 seconds"  
        ExpiresByType application/javascript "access plus 216000 seconds"  
        ExpiresByType application/x-javascript "access plus 216000 seconds"  
        ExpiresByType text/html "access plus 600 seconds"  
        ExpiresByType application/xhtml+xml "access plus 600 seconds"  
# END Expire headers  

Alternately you can use mod_headers:

# BEGIN Caching
<ifModule mod_headers.c>
<filesMatch "\\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=2592000, public"
<filesMatch "\\.(css)$">
Header set Cache-Control "max-age=604800, public"
<filesMatch "\\.(js)$">
Header set Cache-Control "max-age=216000, private"
<filesMatch "\\.(xml|txt)$">
Header set Cache-Control "max-age=216000, public, must-revalidate"
<filesMatch "\\.(html|htm|php)$">
Header set Cache-Control "max-age=1, private, must-revalidate"
# END Caching


If you have Pagespeed enabled for your domain, you can take advantage of additional settings such as Remove Comments:

<IfModule pagespeed_module>
    ModPagespeed on
    ModPagespeedEnableFilters remove_comments

The Filter Documentation is very long, and most of the safe options have been set for you by DreamHost. Generally safe options to add are:

  • move_css_to_head - combines CSS and moves it to the head of your file (low risk)

If you add mulitple options, they can be on one line, separate by commas, but do not use spaces.

   ModPagespeedEnableFilters remove_comments,move_css_to_head

And so on.

Site Maintenance

Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteRule .* /maintenance.html [L]

Is your site going into maintenance? If so place this in your htaccess. When you are done with maintenance just comment it out with the # symbol. You will also need to make the page maintenance.html which will be displayed to visitors.

(You can replace [L] with [R=307,L] if you prefer that the user see from the URL that they've been redirected to a maintenance page, but this is usually not what you want. If you don't use the redirect option, the URL will remain unaltered in the browser, and after you turn off maintenance mode, when the user refreshes, they'll see the original page they were trying to access.)

Time Dependant Rewrites

  1. If the hour is 16 (4 PM) Then deny all access
RewriteCond %{TIME_HOUR} ^16$    
RewriteRule ^.*$ - [F,L]

Separate Permissions File From Rules File

Scenario is that you have multiple servers that use the same .htaccess file and you want some to be password protected and others not. To separate .htaccess password protection from the redirect and rewrite rules you can put a .htaccess file in the root of your user account and then in your web directory folder put a second .htaccess file to handle all the other rules.

For the scenario of having a Development Server (user devuser/website, Stagging Server (user staguser/website and Production Server (user produser/website that all use the same code repository (but setup as different branches), you want to password protect your Dev and Staggin servers but not your production server.

If they were all on the same server it wouldn't be such a problem, but since they are different servers with different users, they will have different AuthUserFile locations (which is not capable of being dynamic or on dreamhost a relative path).
So you will need to ftp into each servers and in the folder above the website folder add a .htaccess file. For example: On the Dev server go to the /home/devuser folder and add a .htaccess file with the following

AuthUserFile /home/devuser/.htpasswd
AuthType Basic
AuthName "Login Details"
Require valid-user

Then in the folder you would have a another .htaccess file with your redirect/rewrite and other rules

Options +FollowSymlinks
Options -Indexes
RewriteEngine On    # Turn on the rewriting engine

RewriteRule ^custompages 404.php [NC,PT,QSA]
#etc etc etc.

On the Stagging server you would add a .htaccess file to the /home/staguser folder with the following

AuthUserFile /home/staguser/.htpasswd
AuthType Basic
AuthName "Login Details"
Require valid-user

Then you could in the folder the same .htaccess as found in folder

and finally for production you won't want it password protected, so you don't even put a file in the /home/produser folder, just have the same .htaccess file that is used in and

See also