.htaccess Security and Performances tips
If AllowOverride is enabled throughout the entire site, the server digs through every directory, searching for .htaccess files. To prevent this, simply disable the AllowOverride in the site's root .htaccess file.
To increase performance on PHP servers, simply add the following line to your .htaccess:
<ifmodule mod_php5.c> php_value zlib.output_compression 16386 </ifmodule>
Note: the number maybe vary depending on our server configuration.
To prevent directory browsing, simple add the following line to your .htaccess
Here we are disabling the digital signature that would otherwise identify the server:
If you have an admin section in your website, and you only want specific users to access it (other than username and password). You can use the IP address to deny or allow unauthorized user to access it. Simply add the following lines to your .htaccess
order deny,allow deny from all # allow some ips allow from 192.168.1.0/24 # block one unique IP addresses deny from 192.168.1.101 # allow one unique IP addresses allow from 192.168.1.102 # block one ranges of IP addresses deny from 192.168 deny from 192.168.1 # allow one ranges of IP addresses allow from 192.168 allow from 192.168.1
Note: obviously the IPs will change based on your network configuration or host ip.
Custom Error Documents
Creating custom error pages will improve your website looks as well as gives you the ability to catch easily visitors when they follow a bad url.
ErrorDocument 404 /error_404.php ErrorDocument 500 /error_500.php #... and all other page code errors