1. Home
  2. Technical
  3. Examples of .htaccess rewrite rules
Searching...

Examples of .htaccess rewrite rules

Contents

Enable directory indexes

Options +Indexes

Blocking certain IP-addresses

<RequireAll>
    Require all granted
    Require not ip 1.2.3.4
    Require not ip 12.34.56.78
</RequireAll>

Allowing queries from one certain IP-address

Require ip 1.2.3.4

Blocking a certain USER_AGENT (for example a bad Bot)

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} BadBot
RewriteRule .* - [F]

Blocking several USER_AGENTs

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} BadBot [OR]
RewriteCond %{HTTP_USER_AGENT} EvilScanner [OR]
RewriteCond %{HTTP_USER_AGENT} Fake
RewriteRule .* - [F]

Deny access to a certain file

<Files "denied.php">
    Order Allow,Deny
    Deny from all
</Files>

Basic redirection

# Redirecting the main domain
Redirect 301 / https://www.example.ee/

# Redirecting an expired link
Redirect 301 /expired-page https://www.example.ee/new-page

Redirecting all queries to one domain

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?example\.com$ [NC]
RewriteRule ^(.*)$ https://example.com%{REQUEST_URI} [R=301,L]

Redirecting a domain without www to a domain with www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.ee$ [NC]
RewriteRule (.*) https://www.example.ee/$1 [NC,R=301,L]

or:

RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]

Redirecting a domain with www to a domain without www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.ee$ [NC]
RewriteRule (.*) https://example.ee/$1 [NC,R=301,L]

or:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [NC,R=301,L]

Allowing certain resources (fonts, svg, css and js files) from a domain other than the server’s domain (Cross-Origin Resource Sharing (CORS))

<IfModule mod_headers.c>
    <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg|font.css|css|js)$">
        Header set Access-Control-Allow-Origin "https://www.example.ee"
    </FilesMatch>
</IfModule>

HSTS, Content Security Policy and other security-related headers

<IfModule mod_headers.c>
    Header set Strict-Transport-Security "max-age=31536000;includeSubDomains;preload" env=HTTPS
    
    Header set X-Frame-Options "DENY"
    Header set Content-Security-Policy "default-src https:; script-src https: 'unsafe-inline'; style-src https:'unsafe-inline'"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Content-Type-Options nosniff
</IfModule>

Allowing queries only from Estonian IP-addresses

order deny,allow
deny from all
allow from env=DZSP_IS_ESTONIAN_IP

Allowing access only from countries of the European Union

SetEnvIf MM_COUNTRY_CODE ^(AT|BE|BG|CZ|CY|DE|DK|EE|EL|ES|FI|FR|HR|HU|IE|IT|LT|LU|LV|MT|NL|PL|PT|RO|SE|SI|SK) EUROPEANUNION
order deny,allow
deny from all
allow from env=EUROPEANUNION

Blocking a certain country, e.g. China (CN)

SetEnvIf MM_COUNTRY_CODE ^(CN) BlockedCountry
Deny from env=BlockedCountry

Blocking POST requests from list of countries

# If country code (ISO 3166 format) for IP address matches,
# then define environment variable BLOCKED_COUNTRIES
SetEnvIf MM_COUNTRY_CODE ^(CN|HK|KP|KH|IN|VN|ID|PK|NP|BD|MA|NE|KE|EG|ET|SO|IR|IQ|RU|BY|RO|BR|CO|VE)$ BLOCKED_COUNTRIES

# When request method's type is POST and
# environment variable BLOCKED_COUNTRIES is defined
# then block the request.
<IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{ENV:BLOCKED_COUNTRIES} =1
    RewriteRule .* – [F,L]
</IfModule>

Redirecting users from a certain country (Finland) to another domain

SetEnvIf MM_COUNTRY_CODE ^(FI) FINLAND
RewriteCond %{ENV:FINLAND} ^1$
RewriteRule .* http://www.example.fi%{REQUEST_URI} [R=301,L]

Our servers use the GeoLite2 database which is created by MaxMind and which can be downloaded at https://www.maxmind.com.

Maintenance mode – temporarily redirect all queries to the maintenance notification page

# If necessary, add certain URLs that must go through first before RewriteRule 
# Add your network's IP-address
RewriteCond %{REQUEST_URI} !/maintenance.html [NC]
RewriteCond %{REQUEST_URI} !/maintenance\.css [NC]
RewriteCond %{REQUEST_URI} !/maintenance\.jpg [NC]
RewriteCond %{REMOTE_ADDR} !90\.100\.100\.100
RewriteRule .* https://example.ee/maintenance.html [L]

Disabling the execution of PHP in order to prevent security issues

Options -ExecCGI
RemoveType .php .php3 .phtml .inc
RemoveHandler .php .php3 .phtml .inc

<FilesMatch "\.(?i:php|php3|phtml|inc)$">
    Require all denied
</FilesMatch>

<IfModule mod_php7.c>
    php_flag engine off
</IfModule>

Using a rewrite proxy

For example, displaying the contents of the subdirectory example.com/proxy/ on the main domain example.com

RewriteRule "^proxy/(.*)$" "http://www.example.com/$1" [P,L]

NB! Proxy requests can only be made for HTTP connections and a notification about each query will be added to the web server error log.

Updated on 8. Apr 2025
Tagged:
Was this article helpful?
Yes No

Related Articles