Htaccess tricks

Here are some useful tips, and tricks for things you can or may want to do with your Dream Host account using htaccess

Set Timezone
SetEnv TZ America/Chicago This will allow PHP to out put your current time instead of the server's time. List of Timezones: http://us2.php.net/manual/en/timezones.php

Different File Extension
Options +FollowSymlinks RewriteEngine On RewriteBase / RewriteRule ^(.+)\.zig$ /$1.php [NC,L] In this example, this will allow you to refer to your files as example.zig instead of example.php

ForceType and PHP 5
This will force the use of PHP4: ForceType application/x-httpd-php

This will force the use of PHP5: ForceType php5-cgi

No File Extension
Options +FollowSymlinks RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}.php -f RewriteRule ^(.+)$ /$1.php [L,QSA] In this example, this will completely remove the file extension from your URL such as example instead of example.php

Google Text Translation
Options +FollowSymlinks RewriteEngine On RewriteBase / RewriteRule ^(.*)-(fr|de|es|it|pt)$ http://www.google.com/translate_c?hl=$2&sl=en&u=http://site.com/$1 [R,NC] This will redirect any page on your site ending in -fr, -de, -es, etc. to the google.com translation for that language.

Force File Download
 ForceType application/octet-stream Header set Content-Disposition attachment  This example provides the client requesting a .mov or .mp3 file the ability to save the file directly instead of having the file open in the browser or with a third-party plugin or other software like QuickTime, Windows Media Player, iTunes, etc..

Note: The third line requires the mod_headers that come with apache 2.0. That will not work with apache versions older than version 2.0.

Deny Access to Include Files
 Order Allow,Deny Deny from All  Don't want people to see some sensitive information in your inc files? Use the above to display a 403 Forbidden error instead.

Deny Access Directory Listing
Options -Indexes Don't have an index in all your directory's? Use this to deny access to all the directory listings, if there is no index file.

Fail-safe Directory Listing
Alternatively you can specify that a specific file be displayed when there is no default index setup.

Options -Indexes DirectoryIndex index.php index.html /index.php

When a visitor requests a directory Apache will search for index.php, then index.html, and if neither are found it will display /index.php

Error Documents
ErrorDocument 404 /errors/404.html ErrorDocument 403 /errors/403.html ErrorDocument 500 /errors/500.html If you don't like Apache's default error pages, create your own, place them in the appropriate directory the example above puts them in a directory called errors which is located in the root of the current web site.

404 Redirect
ErrorDocument 404 http://exmple.com/ Instead of going to a 404 page, maybe you want to go to your homepage instead or some other page, just use the above

GZIP
 AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript
 * 1) Gzip
 * 1) End Gzip

Previously people used to suggest using mod_gzip, however DreamHost uses Apache 2 and mod_deflate, which will call gzip on the back end.

You can add any other encoding types to the filter for things like XML or JSON. mod_deflate

Browser Caching
This tells visiting browsers to hold on to certain files longer (likes images, which are rarely changed).

         ExpiresActive On          ExpiresDefault "access plus 5 seconds" ExpiresByType image/x-icon "access plus 2592000 seconds" ExpiresByType image/jpeg "access plus 2592000 seconds" ExpiresByType image/png "access plus 2592000 seconds" ExpiresByType image/gif "access plus 2592000 seconds" ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds" ExpiresByType text/css "access plus 604800 seconds" ExpiresByType text/javascript "access plus 216000 seconds" ExpiresByType application/javascript "access plus 216000 seconds" ExpiresByType application/x-javascript "access plus 216000 seconds" ExpiresByType text/html "access plus 600 seconds" ExpiresByType application/xhtml+xml "access plus 600 seconds" 
 * 1) BEGIN Expire headers
 * 1) END Expire headers

Alternately you can use mod_headers:

  Header set Cache-Control "max-age=2592000, public"  <filesMatch "\\.(css)$"> Header set Cache-Control "max-age=604800, public" </filesMatch> <filesMatch "\\.(js)$"> Header set Cache-Control "max-age=216000, private" </filesMatch> <filesMatch "\\.(xml|txt)$"> Header set Cache-Control "max-age=216000, public, must-revalidate" </filesMatch> <filesMatch "\\.(html|htm|php)$"> Header set Cache-Control "max-age=1, private, must-revalidate" </filesMatch> </ifModule>
 * 1) BEGIN Caching
 * 1) END Caching

PageSpeed
If you have Pagespeed enabled for your domain, you can take advantage of additional settings such as Remove Comments:

<IfModule pagespeed_module> ModPagespeed on   ModPagespeedEnableFilters remove_comments </IfModule>

The Filter Documentation is very long, and most of the safe options have been set for you by DreamHost. Generally safe options to add are:


 * remove_comments - Remove HTML comments (low risk)
 * rewrite_javascript - minifies JS (med. to high risk, depending on your site)
 * rewrite_css - parses linked and inline CSS, rewrites the images found and minifies the CSS (med. risk)
 * rewrite_images - compresses and optomizes images (med. risk)
 * elide_attributes - removing attributes from tags (med. risk)


 * move_css_to_head - combines CSS and moves it to the head of your file (low risk)

If you add mulitple options, they can be on one line, separate by commas, but do not use spaces.

ModPagespeedEnableFilters remove_comments,move_css_to_head

And so on.

Site Maintenance
Options +FollowSymlinks RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} !/maintenance.html$ RewriteRule .* /maintenance.html [L]

Is your site going into maintenance? If so place this in your htaccess. When you are done with maintenance just comment it out with the # symbol. You will also need to make the page maintenance.html which will be displayed to visitors.

(You can replace [L]</tt> with [R=307,L]</tt> if you prefer that the user see from the URL that they've been redirected to a maintenance page, but this is usually not what you want. If you don't use the redirect option, the URL will remain unaltered in the browser, and after you turn off maintenance mode, when the user refreshes, they'll see the original page they were trying to access.)

Time Dependant Rewrites
RewriteCond %{TIME_HOUR} ^16$ RewriteRule ^.*$ - [F,L]
 * 1) If the hour is 16 (4 PM) Then deny all access

Separate Permissions File From Rules File
Scenario is that you have multiple servers that use the same .htaccess file and you want some to be password protected and others not. To separate .htaccess password protection from the redirect and rewrite rules you can put a .htaccess file in the root of your user account and then in your web directory folder put a second .htaccess file to handle all the other rules. For the scenario of having a Development Server (user devuser/website devserver.com), Stagging Server (user staguser/website stagserver.com) and Production Server (user produser/website prodserver.com) that all use the same code repository (but setup as different branches), you want to password protect your Dev and Staggin servers but not your production server. If they were all on the same server it wouldn't be such a problem, but since they are different servers with different users, they will have different AuthUserFile locations (which is not capable of being dynamic or on dreamhost a relative path). So you will need to ftp into each servers and in the folder above the website folder add a .htaccess file. For example: On the Dev server go to the /home/devuser folder and add a .htaccess file with the following AuthUserFile /home/devuser/.htpasswd AuthType Basic AuthName "Login Details" Require valid-user Then in the devserver.com folder you would have a another .htaccess file with your redirect/rewrite and other rules Options +FollowSymlinks Options -Indexes RewriteEngine On   # Turn on the rewriting engine

RewriteRule ^custompages 404.php [NC,PT,QSA]
 * 1) etc etc etc.

On the Stagging server you would add a .htaccess file to the /home/staguser folder with the following AuthUserFile /home/staguser/.htpasswd AuthType Basic AuthName "Login Details" Require valid-user Then you could in the stagserver.com folder the same .htaccess as found in devserver.com folder

and finally for production you won't want it password protected, so you don't even put a file in the /home/produser folder, just have the same .htaccess file that is used in devserver.com and staguser.com