25 Useful Apache ‘.htaccess’ Tricks to Secure and Customize Websites

7. Making Users to download .mp3 and other files before playing on your website.

Mostly, people play songs on websites before downloading them to check the song quality etc. Being a smart seller you can add a feature that can come in very handy for you which will not let any user play songs or videos online and users have to download them for playing. This is very useful as online playing of songs and videos consumes a lot of bandwidth.

Following lines are needed to be added to be added to your .htaccess file:

AddType application/octet-stream .mp3 .zip 

8. Setting Directory Index for Website

Most of website developers would already know that the first page that is displayed i.e. the home page of a website is named as ‘index.html’ .Many of us would have seen this also. But how is this set?

.htaccess file provides a way to list a set of pages which would be scanned in order when a client requests to visit home page of the website and accordingly any one of the listed set of pages if found would be listed as the home page of the website and displayed to the user.

Following line is needed to be added to produce the desired effect.

DirectoryIndex index.html index.php yourpage.php

The above line specifies that if any request for visiting the home page comes by any visitor then the above listed pages will be searched in order in the directory firstly: index.html which if found will be displayed as the sites home page, otherwise list will proceed to the next page i.e. index.php and so on till the last page you have entered in the list.

9. How to enable GZip compression for Files to save site’s bandwidth.

This is a common observation that heavy sites generally run bit slowly than light weight sites that take less amount of space. This is just because for a heavy site it takes time to load the huge script files and images before displaying them on the client’s web browser.

This is a common mechanism that when a browser requests a web page, server provides the browser with that webpage and now to locally display that web page, the browser has to download that page and then run the script inside that page.

What GZip compression does here is saving the time required to serve a single customer thus increasing the bandwidth. The source files of the website on the server are kept in compressed form and when the request comes from a user then these files are transferred in compressed form which are then uncompressed and executed on the server. This improves the bandwidth constrain.

Following lines can allow you to compress the source files of your website but this requires mod_deflate.c module to be installed on your server.

<IfModule mod_deflate.c>
	AddOutputFilterByType DEFLATE text/plain
	AddOutputFilterByType DEFLATE text/html
	AddOutputFilterByType DEFLATE text/xml
	AddOutputFilterByType DEFLATE application/html
	AddOutputFilterByType DEFLATE application/javascript
	AddOutputFilterByType DEFLATE application/x-javascript

10. Playing with the File types.

There are certain conditions that the server assumes by default. Like: .php files are run on the server, similarly .txt files say for example are meant to be displayed. Like this we can make some executable cgi-scripts or files to be simply displayed as the source code on our website instead of being executed.

To do this observe the following lines from a .htaccess file.

RemoveHandler cgi-script .php .pl .py
AddType text/plain .php .pl .py

These lines tell the server that .pl (perl script), .php (PHP file) and .py (Python file) are meant to just be displayed and not executed as cgi-scripts.

11. Setting the Time Zone for Apache server

The power and importance of .htaccess files can be seen by the fact that this can be used to set the Time Zone of the server accordingly. This can be done by setting a global Environment variable ‘TZ’ of the list of global environment variables that are provided by the server to each of the hosted website for modification.

Due to this reason only, we can see time on the websites (that display it) according to our time zone. May be some other person hosting his website on the server would have the timezone set according to the location where he lives.

Following lines set the Time Zone of the Server.

SetEnv TZ India/Kolkata

12. How to enable Cache Control on Website

A very interesting feature of browser, most have observed is that on opening one website simultaneously more than one time, the latter one opens fast as compared to the first time. But how is this possible? Well in this case, the browser stores some frequently visited pages in its cache for faster access later on.

But for how long? Well this answer depends on you i.e. on the time you set in your .htaccess file for Cache control. The .htaccess file can specify the amount of time for which the pages of website can stay in the browser’s cache and after expiration of time, it must revalidate i.e. pages would be deleted from the Cache and recreated the next time user visits the site.

Following lines implement Cache Control for your website.

<FilesMatch "\.(ico|png|jpeg|svg|ttf)$">
	Header Set Cache-Control "max-age=3600, public"
<FilesMatch "\.(js|css)$">
	Header Set Cache-Control "public"
	Header Set Expires "Sat, 24 Jan 2015 16:00:00 GMT"

The above lines allow caching of the pages which are inside the directory in which .htaccess files are placed for 1 hour.

If you read this far, tweet to the author to show them you care. Tweet a thanks
Gunjit Khera
Currently a Computer Science student and a geek when it comes to Operating System and its concepts. Have 1+ years of experience in Linux and currently doing a research on its internals along with developing applications for Linux on python and C.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

5 thoughts on “25 Useful Apache ‘.htaccess’ Tricks to Secure and Customize Websites”

  1. Hi Sir,

    Someone hacked our website and always take it index.php file instead of a different php file.

    Also, the htaccess file gets created newly even we deleted it.

  2. Great htaccess tips, Thanks for sharing this helpful article. can you please give some suggestions about .htaccess security?

    • @Sajjad,

      Use the following directive to secure and restrict access to .htaccess file on the server.

      # Protect the htaccess file
      Order Allow,Deny
      Deny from all
  3. Hey Tosin,
    i don’t think about any ebook related htaccess because htaccess is part of logic which is every one can modified using his ability.


Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.