more .htaccess tips

more .htaccess tips

In my previous post .htaccess tips I had started with what is .htaccess file and some things that can be done using it. In this post I’ll cover more about .htaccess files.

Topics Covered:

Directory index file

When a user request a URL like we would want to display an index file. i.e. the user will be able to view just by visiting

	DirectoryIndex index.php

If we want to create fallback options i.e. if index.php does not exists server index.html, then we can use the following. The order in which the files are specified will be the order in which Apache will look for those files.

	DirectoryIndex index.php index.html index.htm

Redirection using .htaccess file

.htaccess file can be used to redirect users from old site to new site, to a preferred domain, etc. To do this we use 301 redirects. 301 is HTTP Status Code meaning Moved Permanently. This indicates that the page was moved from the original location.

Note: 301 redirects (or Permanent Redirect) should be used only if you are permanently moving to a new domain or moving a page to new location. If you are moving the page temporarily then you should use 302 (or Temporary Redirect) to redirect to the temporary new location.

There is no limit on how many redirects can be done per site or per domain. Also, you can make a page redirect to another and then that page to another and create chain of such redirects. This is not recommended. It is always best to have just 1 or 2 hops in the redirect chain, because most search engine crawlers will stop following the redirects after 3-4 hops. So, the lesser number of hops in the chain redirects the better it is.

Preferred domain (www or non-www)

Websites and are considered different websites by search engines. So it is always better to have on domain as preferred domain for the site.

Redirect non www to www version of site: All users will be redirected to even if they use the URL

	RewriteEngine On
	RewriteCond %{HTTP_HOST} ^
	RewriteRule (.*)$1 [R=301,L]

Redirect www to non www version of site: All users will be redirected to even if they use the URL

	RewriteEngine On
	RewriteCond %{HTTP_HOST} ^
	RewriteRule (.*)$1 [R=301,L]

Redirect old site to new site

When you change the domain of your site, it is recommended to redirect the traffic from the old site to the new site. Doing a 301 redirect can help you redirecting the traffic to new site without losing the search engine rankings. The following code will redirect all traffic to the current site to

	RewriteEngine On
	RewriteRule (.*)$1 [R=301,L]

Redirect all files in a directory

If you change a directory then you will want to redirect all files in the directory to corresponding files in the new directory.

	RewriteEngine On
	RewriteRule ^old_dir/(.*)$ /new_dir/$1 [R=301,L]

Redirect a file in a directory

If you have relocated just one file or only a few files in a directory to another directory, you can write a rewrite rule for each file.

	RewriteEngine On
	RewriteRule ^file.php /new_dir/file.php [R=301,L]

You can also give absolute path if you are relocating it to a very different directory

	RewriteEngine On
	RewriteRule ^file.php [R=301,L]

Change to your domain.

Changing/displaying different file extension

You may want to hide the actual file extension from the user and display just .html extension. e.g. The user should be able to access the page from when your actual file is test.php.

The following .htaccess will call .php file for all .html files. However, the user will still see .html in the browser

	RewriteEngine On
	RewriteRule ^(.+).html$$1.php [NC]

The above code allows you to change the file extension and execute any file (e.g. php file) in the background without letting the user know about it. However, this can result in same content accessible from 2 different locations .html and .php file. It is best avoided as this causes duplicate content. So, you can just redirect all .html files to .php files. This can be done as follows:

	RewriteEngine On
	RewriteRule ^(.*).html$$1.php [R,NC]

The above code will enable redirect the users to .php page. e.g. If a user is coming to or they will always be redirected to

Redirect a URL having complete query string

Sometimes you would want to redirect only the URL with certain query string. The following code will redirect the page index.php?query=string to /new_dir/index.php?query=string

	RewriteEngine On
	RewriteCond %{QUERY_STRING} ^query=string$ [NC]
	RewriteRule index.php [L,R=301]

If you do not want to pass the query string to the new URL add ‘?’ to the end of the new URL.

	RewriteEngine On
	RewriteCond %{QUERY_STRING} ^query=string$ [NC]
	RewriteRule index.php [L,R=301]

Redirect a URL starting with specific query string

To redirect only URL starting a query string. The difference between the above rule and this rule is there is no ‘$’ at the end of the Query String

	RewriteEngine On
	RewriteCond %{QUERY_STRING} ^query=string [NC]
	RewriteRule index.php [L,R=301]

If you do not want to pass the query string to the new URL add ‘?’ to the end of the new URL.

	RewriteEngine On
	RewriteCond %{QUERY_STRING} ^query=string [NC]
	RewriteRule index.php [L,R=301]

Redirect a URL containing specific query string

To redirect any URL containing a query string. The difference between the above rule and this rule is there is no ‘^’ and ‘$’ along with the Query String. The below code will redirect any URL containing searchword.

	RewriteEngine On
	RewriteCond %{QUERY_STRING} searchword= [NC]
	RewriteRule index.php [L,R=301]

If you do not want to pass the query string to the new URL add ‘?’ to the end of the new URL.

	RewriteEngine On
	RewriteCond %{QUERY_STRING} searchword= [NC]
	RewriteRule index.php [L,R=301]

Redirect based on ipaddress

Many times you would want access to some page/directory only internally and redirect all other users to some other page. An excellent scenario of this case could be when you want to perform some maintenance on your site. During this time you have to take the site down for all external users be internally you still want to be able to access it. So we can use the following rule to allow all traffic through a particular ipaddress and redirect all other users to a maintenance page.

	RewriteCond %{REMOTE_HOST} !123.456.789.012
	RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
	RewriteRule .* /maintainence.html [R=301,L]

The above rule will redirect all users not from ipaddress 123.456.789.012 and not requesting maintenance.html page to maintainence.html

Ban visitors from specific ipaddress

If you want to ban visitors from certain ipaddress you can use the following rules.

	order allow,deny
	deny from 123.456.789.012
	deny from 123.456.789.
	deny from 123.456.
	deny from 123.
	allow from all

In the above code the 1st line “deny from 123.456.789.012” will block the visitors from the specific ipaddress 123.456.789.012
The next line blocks the visitors from all ip within the range (i.e. 123.456.789.000 – 123.456.789.255).
The next line blocks the visitors from all ip within the range
The last line blocks the visitors from all ip within the range

Note: When you block an entire ip range as you may be accidentally blocking the legitimate visitors too. So be careful in which ipaddress or which range of ipaddress you are blocking.

Ban visitors referred from certain sites

	RewriteEngine on
	RewriteCond %{HTTP_REFERER} [NC]
	RewriteCond %{HTTP_REFERER} [NC]
	RewriteCond %{HTTP_REFERER} baddomain. [NC]
	RewriteRule .* - [F]

The above code would check the referer of the current visitor and sends a 403 Forbidden code to any visitor coming for the sites.
The first line means if the referer is The second line checks for in the referer and the last line would check for domains or or or any other domain starting with baddomain.

Allow visitors only from specific ipaddress

If we want to allow access to our site only for certain ipaddress then we can use the following code in .htaccess file.

	Order Deny,Allow
	Deny from all
	Allow from 123.456.789.012
	Allow from 456.789.012

The above code first denies access to all users and then allows access to users with ipaddress 123.456.789.012 or in the range

Disable Hotlinking

Many sites copy content for your website and even just pull content (like images) directly from your site. This results in higher bandwidth usage for your site.

The below code will send the hotlink.gif image is somebody tries to hotlink some images from your site.

	RewriteEngine On
	RewriteCond %{HTTP_REFERER} !^$
	RewriteCond %{HTTP_REFERER} !^http://(www.)? [NC]
	RewriteCond %{REQUEST_URI} !hotlink.gif [NC]
	RewriteRule .*.(gif|jpg|jpeg|png|js|css)$ [NC]

The first two lines of code allows all direct users and users accessing the content through your site ( in this case). The third line allows access to the hotlink.gif file. The last line would send hotlink.gif instead of the actual image requested.

The below code can be used to send a 403 Forbidden Status code when someone is accessing the hotlinked content.

	RewriteEngine on
	RewriteCond %{HTTP_REFERER} !^$
	RewriteCond %{HTTP_REFERER} !^http://(www.)?*$ [NC]
	RewriteRule .*.(gif|jpg|jpeg|png|js|css)$ - [F]

The above code is similar to previous one. Only difference here is that we are sending 403 Forbidden Status code instead of the hotlink.gif image.

Multiple domains on same file system

If you have just one file system sharing across multiple domains, you can easily separate the files for different domains. e.g. use directories mydomain_one, mydomain_two etc for different domains and the following .htaccess rules to redirect the users for a domain to correct files.

	RewriteCond %{HTTP_HOST}
	RewriteCond %{REQUEST_URI} !^mydomain_one
	RewriteRule ^(.*)$ mydomain_one/$1 [L]

	RewriteCond %{HTTP_HOST}
	RewriteCond %{REQUEST_URI} !^mydomain_two
	RewriteRule ^(.*)$ mydomain_two/$1 [L]

The above rules will direct the users for to mydomain_one and to mydomain_two directories. The above rules mean that if the requested domain is and the URL does not starts with mydomain_one, then rewrite the URL to mydomain_one directory.

Some RewriteRule Flags

Here are some flags that we have being using in the .htaccess rules.

RewriteRule flags are used to modify the behaviour of the rules. These flags are included in square brackets at the end of the rule. We can specify multiple flags for a rule by separating them using commas.

  • F – Forbidden
    This flag results in server returning a 403 Forbidden status code.
  • L – Last
    This flag means that if a rule is matched no further rules should be processed. Any rule after this rule will be ignored for this condition.
  • NC – Nocase
    This flag is used when we want a case-insensitive matching. e.g. in the following code we want to match the query string searchword= irrespective whether it is in lower case or upper case or even mixed case. This rule will match ‘searchword=’, ‘SEARCHWORD=’, ‘SearchWord=’.

    	RewriteCond %{QUERY_STRING} searchword= [NC]
    	RewriteRule index.php [L,R=301]
  • R – Redirect
    This flag is used to perform HTTP redirects. This flag can be used for any type of valid HTTP redirect using the syntax [R=301]. If no HTTP status code is provided with the flag it will used 302 status code as default.

This is not a complete list. List of all flags can be found here.

Change PHP Flags

.htaccess file can be used to change or set new PHP flags. Example to enable magic_quotes in PHP for specific directory add the following in .htaccess inside that directory.

	php_flag magic_quotes_gpc on

Related Articles:

Note: I do not take responsibility for proper functioning of the above mentioned steps under all circumstances. If you download any files, programs from my blog then make sure you protect yourself. I am not responsible for any damages to your computer, website, blog, application or any thing else. I am not affiliated with or do not endorse any of the above mentioned sites.
  1. This post really helped me with redirecting all files to the same files, but in a new directory. I used this code: RewriteRule ^old_dir(.*)$ /new_dir/$1 [R=301,L]

    I tried to do that for another directory, but the directory has an index.htm file. It makes all the old files redirect to the index. Is there a way to skip that?


  2. I would like to only allow visitors referred from certain sites. How do I do that?? Thank you so much for your post.

  3. I beg you to answer this one – there is zero information on the internet – I have asked thousands of people:

    How do I redirect from to

    Now listen closely: facebook apps that contain websites like mine contain the entire website. Any index.html file or anything else will launch from scratch when the user visits. Therefore redirecting from to will loop when the user arrives at The facebook shell will have white blankness in its iframe.

    So the solution MUST BE to ONLY redirect if the URL = or

    Buying another SSL to use for my facebook app is a waste of money, otherwise I could buy or anything and just place all my files in there. There are around 20 reasons not to do this, even though app urls are fully cloaked. Its bad for SEO, the database for user posts would get messy etc.

    I 100% NEED to redirect to There is ZERO information on the internet telling me how to achieve this.

    I beg you to help in what seems like 20 seconds worth of modifications.


    I need someone to write something I can paste that says the following:

    If you are at or redirect to
    If you are not, do nothing.

    I cannot be clearer. I hope this post isn’t rejected for character count or sign up reasons. The internet is havoc.

Leave a Reply