.htaccess Security and Performances tips

Posted on Sunday February 03, 2013 / by Eric Potvin

AllowOverride

If AllowOverride is enabled throughout the entire site, the server digs through every directory, searching for .htaccess files. To prevent this, simply disable the AllowOverride in the site's root .htaccess file.

AllowOverride None

Preserving Bandwidth

To increase performance on PHP servers, simply add the following line to your .htaccess:

<ifmodule mod_php5.c>
  php_value zlib.output_compression 16386
</ifmodule>

Note: the number maybe vary depending on our server configuration.

Directory Browsing

To prevent directory browsing, simple add the following line to your .htaccess

IndexIgnore *

Server Signature

Here we are disabling the digital signature that would otherwise identify the server:

ServerSignature Off

Control Access

If you have an admin section in your website and you only want specific users to access it (other than username and password). You can use the IP address to deny or allow unauthorized user to access it. Simply add the following lines to your .htaccess

order deny,allow
deny from all

# allow some ips
allow from 192.168.1.0/24

# block one unique IP addresses
deny from 192.168.1.101

# allow one unique IP addresses
allow from 192.168.1.102

# block one ranges of IP addresses
deny from 192.168
deny from 192.168.1

# allow one ranges of IP addresses
allow from 192.168
allow from 192.168.1

Note: obviously the IPs will changed based on your network configuration or host ip.

Custom Error Documents

Creating custom error pages will improve your website looks as well as gives you the ability to catch easily visitors when they follow a bad url.

ErrorDocument 404 /error_404.php
ErrorDocument 500 /error_500.php
#... and all other page code errors