Basic .htaccess setup

Started by keiron, Jul 31, 2022, 09:36 AM

Previous topic - Next topic

keironTopic starter

Good evening folks!

I have some questions about  .htaccess. I am making a completely static site, I would like to further secure it with the help of the .htaccess configuration file, to the extent possible.

Surely there are proven templates with basic settings (redirects, access rights, etc.). Can you advise anything?

Since the website is static, it makes sense to disable and prohibit everything that is not necessary for its functioning (execution of any server scripts, etc.) I would be happy with any advice! :)


What exactly are you going to protect your website from? Give examples.

"tested templates with basic customization" is akin to a standard sales contract. Those. in general, nothing like that, but specifically for your situation, there will definitely be a flaw in it.

If the website is really static (and you understand what you are talking about), then using .htaccess you will not secure it in any way.

See page below:


.htaccess is an additional configuration file for the Apache web server, as well as similar servers.
Allows you to set a large number of additional parameters and permissions for the operation of the web server for individual users (as well as on various folders of individual users), such as managed access to directories, reassigning file types, etc., without providing access to the main configuration file, i.e. without affecting the operation of the entire service as a whole.

File .htaccess can be placed in any site directory. The directives of this file apply to all files in the current directory and in all its subdirectories
Directives .htaccess provides the user with a wide range of options for configuring their site, including:

Simple redirection directives (redirect)
The most frequently used and most complex directives .htaccess. Suppose we want to redirect the user to another URL when requesting our site. To do this , we need to add a file to the root directory of the site .htaccess with the following content:

Redirect /
# The URL to which we redirect requests
The Redirect command syntax looks like this:

Redirect [status] URI_LOCAL URL_REDIRECT
status : optional field, defines the return code. Acceptable values:
permanent (301 — document moved permanently)
temp (302 — document moved temporarily)
seeother (303 — see another)
gone (410 — removed)
URI_LOCAL : the local part of the URL of the requested document.
URL_REDIRECT : The URL where the redirect should be performed.
The RedirectMatch directive is similar to the Redirect directive, except that it is possible to use regular expressions in RedirectMatch, which can undoubtedly be convenient in some conditions.
For instance, to organize the transfer of parameters to the script in the URL body:

RedirectMatch /(.*)/(.*)/index.html$$1&par2=$2
Although this example will cause the page to be reloaded, it can be improved in the future. Here it is necessary to make a small lyrical digression and talk about the syntax of regular expressions.
Any printable characters and a space can be used in a regular expression, but some of the characters have a special meaning:

— Parentheses () are used to highlight groups of characters. In the future, you can contact them by number.

— The character ^ indicates the beginning of the line.

— The $ symbol indicates the end of the string.

— Symbol . denotes any character.

— The | symbol indicates an alternative. For example, the expressions "A|B" mean "A or B".

— A symbol ? it is placed after the symbol (group), which may or may not be present.

— The symbol * is placed after the symbol (group), which may be absent or present an unlimited number of times in a row.

— The + symbol acts similarly to the * symbol with the only difference that the preceding symbol must be present at least once.

— Square brackets [] are used to list valid characters.

— Square brackets [^] are used to list inaccessible characters.

— The \ symbol is placed before special characters if they are needed in their original form.

— Everything after the '#' character is considered a comment.