Marvi Konvic Blog

U ovom članku naveo sam dodatne htaccess trikove i savete koje još ne znate, kao na primer kako koristiti X-Robots-Tag, ubrzati i zaštititi sajt, preusmeravanje i još

 

 

Error Documents

Ukoliko želite drugačije Error stranice od “klasičnih” Apache stranica, otvorite vaš htaccess fajl i ubacite

ErrorDocument 400 /greske/loszahtev.html
ErrorDocument 401 /greske/potrebnalozinka.html
ErrorDocument 403 /greske/pristupzabranjen.html
ErrorDocument 404 /greske/nijepronadjena.html
ErrorDocument 500 /greske/internalservererror.html

Redirekcije (Preusmeravanje)

Redirekcija Stranice

Redirect 301 /stara-stranica.html nova-stranica.html

Redirekcija direktorijuma

RewriteEngine on
RewriteBase /
RewriteRule ^stari_folder/(.*) http://www.primer.rs/novi_folder/ [R=301,L]

RedirectMatch 301 /blog(.*) http://www.primer.rs/$1

Redirekcija domena

RewriteEngine On
RewriteRule ^(.*)$ http://www.novi-primer.rs/$1 [R=301,L]

Redirekcija na www

RewriteEngine On
RewriteCond %{HTTP_HOST} ^primer.rs
RewriteRule (.*) http://www.primer.rs/$1 [R=301,L]

Preusmeravanje posetioca na poddomen

RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^poddomen\.primer\.rs$ [NC]
RewriteRule ^/(.*)$ http://poddomen.primer.rs/$1 [L,R=301]

Promena index stranice direktorijuma

DirectoryIndex index2.html

Preusmeravanje sa HTTP na HTTPS

RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

HTTPS osim za poddomene

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(www.)?moj-sajt.com$
RewriteRule ^/?(.*)$ https://www.moj-sajt.com/$1 [R=301,L]

HTTPS redirekcija sa portom (najbolja opcija za ako ste na shared hostu)

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://moj-sajt.com/$1 [R,L]

HTTPS redirekcija određenog URL-a na SSL

RewriteRule "^/normal/secure(/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

Zabrane

Zabraniti svim posetiocima da pregledaju sadržaj na sajtu

order allow deny
deny from all

Dozvoliti pristup određenoj ip adresi

order allow deny
deny from all
allow from 127.0.0.1

Blokirati pristup određenoj ip adresi

order allow deny
allow from all
deny from 127.0.0.1

Zabraniti pristup svim fajlovima sa određenom ekstenzijom

<Files *.php>
  order allow,deny
  deny from all
</Files>

ili zabraniti pristup određenim ekstenzijama

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>

Zabrana hotlinking-a (krađa slika) sa vašeg sajta

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?primer.rs/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.primer.rs/nekradi.jpg[R,L]

Zabrana pregledanja (listanja) direktorijuma

Options -Indexes

Omogućavanje pregleda (listanja) direktorijuma

Options +Indexes
IndexIgnore *.css *.js

Uklanjanje “potpisa” servera

ServerSignature Off

Dodaneje “kose crte” / u URL

RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !#
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://vassajt.com/$1/ [L,R=301]

Automatska dodela dozvola (CHMOD) određenim fajlovima

chmod .htpasswd files 640
chmod .htaccess files 644
chmod php files 755

Zaštita određenog fajla lozinkom

<Files login.php>
AuthName "Prompt"
AuthType Basic
AuthUserFile /web/mojsajt.com/.htpasswd
Require valid-user
</Files>

Gzip kompresija

<IfModule mod_deflate.c>
# kompresija HTML, CSS, JavaScript, Text, XML i fontova
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml

# Uklanja bagove u starim browserima
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
</IfModule>

ili

<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

Keširanje

Cache-Control Headers

<ifModule mod_headers.c>
<filesMatch "\\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=2592000, public"
</filesMatch>
<filesMatch "\\.(css)$">
Header set Cache-Control "max-age=2592000, public"
</filesMatch>
<filesMatch "\\.(js)$">
Header set Cache-Control "max-age=216000, private"
</filesMatch>
<filesMatch "\\.(xml|txt)$">
Header set Cache-Control "max-age=216000, public, must-revalidate"
</filesMatch>
<filesMatch "\\.(html|htm|php)$">
Header set Cache-Control "max-age=1, private, must-revalidate"
</filesMatch>
</ifModule>

Kontrola Cache-a sa mod_expires (browser caching)

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access plus 1 year"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
</IfModule>

Isključivanje ETag-a

<ifModule mod_headers.c>
Header unset ETag
FileETag None
</ifModule>

Uklanjanje Last-Modified hedera

<ifModule mod_headers.c>
Header unset Last-Modified
</ifModule>

Bez keširanja

<ifModule mod_headers.c>
Header unset Cache-Control
</ifModule>

Blokiranje botova

SetEnvIfNoCase user-Agent ^FrontPage [NC,OR]
SetEnvIfNoCase user-Agent ^Java.* [NC,OR]
SetEnvIfNoCase user-Agent ^Microsoft.URL [NC,OR]
SetEnvIfNoCase user-Agent ^MSFrontPage [NC,OR]
SetEnvIfNoCase user-Agent ^Offline.Explorer [NC,OR]
SetEnvIfNoCase user-Agent ^[Ww]eb[Bb]andit [NC,OR]
SetEnvIfNoCase user-Agent ^Zeus [NC]
Order Allow,Deny
Allow from all
Deny from env=bad_bot

Okruženje

SetEnv SITE_WEBMASTER "Petar Peric"
SetEnv SITE_WEBMASTER_URI mailto:petarperic@mojsajt.com
UnSetEnv REMOTE_ADDR

Podešavanje vremenske zone servera (GMT)

SetEnv TZ Europe/Belgrade

Za WordPress Blogove

Zaštita wp-login.php lozinkom

<Files wp-login.php>
 Order Deny,Allow
 Deny from All
 Satisfy Any
AuthName "Zastita"
AuthUserFile /web/moj-sajt.com/.htpasswda1
AuthType Basic
Require valid-user
</Files>

Zaštita wp-admin lozinkom

Options -ExecCGI -Indexes +FollowSymLinks -Includes
DirectoryIndex index.php /index.php
Order Deny,Allow
Deny from All
Satisfy Any
AuthName "Zasticeno"
AuthUserFile /web/moj-sajt.com/.htpasswda1
AuthType Basic
Require valid-user
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$">
Allow from All
</FilesMatch>
<FilesMatch "(async-upload)\.php$">
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>
Allow from All
</FilesMatch>

Zaštita wp-content direktorijuma

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /wp-content/.*$ [NC]
RewriteCond %{REQUEST_FILENAME} !^.+flexible-upload-wp25js.php$
RewriteCond %{REQUEST_FILENAME} ^.+\.(php|html|htm|txt)$
RewriteRule .* - [F,NS,L]

Zaštita wp-includes direktorijuma

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /wp-includes/.*$ [NC]
RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ /wp-includes/js/.+/.+\ HTTP/ [NC]
RewriteCond %{REQUEST_FILENAME} ^.+\.php$
RewriteRule .* - [F,NS,L]

Zabrana proksija

RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteRule .* - [F,NS,L]

SEO

Dodavanje rel=”canonical” PDF fajlovima i slikama

 <Files download.pdf>
Header add Link '<http://www.mojsajt.com/httest/pdf-stranica.html>; rel="canonical"'
</Files>
<Files lager.jpg>
Header add Link '<http://www.mojsajt.com/httest/lager.html>; rel="canonical"'</Files>

Canonical

<ifModule mod_alias.c>
RedirectMatch 301 ^/(.*)/robots\.txt http://mojsajt.com/robots.txt
</ifModule>
<ifModule mod_alias.c>
RedirectMatch 301 /sitemap\.xml$ http://mojsajt.com/sitemap-press.xml
RedirectMatch 301 /sitemap\.xml\.gz$ http://mojsajt.com/sitemap-press.xml.gz
</ifModule>
<ifModule mod_alias.c>
RedirectMatch 301 /press/(.*)/xmlrpc\.php$ http://mojsajt.com/press/xmlrpc.php
</ifModule>
<ifModule mod_rewrite.c>
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php [NC]
RewriteRule ^index\.php$ http://mojsajt.com/ [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.mojsajt\.com$ [NC]
RewriteRule (.*) http://mojsajt.com/$1 [R=301,L]
</ifModule>

Robots komande

<Directory />
Header Set X-Robots-Tag "noindex, noarchive, nosnippet"
</Directory>

<IfModule mod_headers.c>
Header set X-Robots-Tag "noindex, nofollow, noarchive"<
<FilesMatch "\.(doc|pdf|png|jpe?g|gif)$">

Header set X-Robots-Tag "noindex, noarchive, nosnippet"
</FilesMatch>
</IfModule>