Enable directory indexes
Options +Indexes
Blocking certain IP-addresses
deny from 12.34.45.78 1.2.3.4
Allowing queries from one certain IP-address
order deny,allow deny from all allow from 12.34.56.78
Blocking a certain USER_AGENT (for example a bad Bot)
RewriteEngine on RewriteCond %{HTTP_USER_AGENT} BadBot RewriteRule .* - [F]
Blocking several USER_AGENTs
RewriteEngine on RewriteCond %{HTTP_USER_AGENT} BadBot [OR] RewriteCond %{HTTP_USER_AGENT} EvilScanner [OR] RewriteCond %{HTTP_USER_AGENT} Fake RewriteRule .* - [F]
Deny access to a certain file
<Files "denied.php"> Order Allow,Deny Deny from all </Files>
Basic redirection
# Redirecting the main domain Redirect 301 / https://www.example.ee/ # Redirecting an expired link Redirect 301 /expired-page https://www.example.ee/new-page
Redirecting all queries to one domain
RewriteEngine on RewriteCond %{HTTP_HOST} !^(?:www\.)?example.ee$ [NC] RewriteRule .* https://www.example.com%{REQUEST_URI} [R=301,L]
Redirecting a domain without www to a domain with www
RewriteEngine on RewriteCond %{HTTP_HOST} ^example\.ee$ [NC] RewriteRule (.*) https://www.example.ee/$1 [NC,R=301,L]
or:
RewriteEngine on RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
Redirecting a domain with www to a domain without www
RewriteEngine on RewriteCond %{HTTP_HOST} ^www\.example\.ee$ [NC] RewriteRule (.*) https://example.ee/$1 [NC,R=301,L]
or:
RewriteEngine on RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [NC,R=301,L]
Allowing certain resources (fonts, svg, css and js files) from a domain other than the server’s domain (Cross-Origin Resource Sharing (CORS))
<IfModule mod_headers.c> <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg|font.css|css|js)$"> Header set Access-Control-Allow-Origin "https://www.example.ee" </FilesMatch> </IfModule>
HSTS, Content Security Policy and other security-related headers
<IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=31536000;includeSubDomains;preload" env=HTTPS Header set X-Frame-Options "DENY" Header set Content-Security-Policy "default-src https:; script-src https: 'unsafe-inline'; style-src https:'unsafe-inline'" Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options nosniff </IfModule>
Allowing queries only from Estonian IP-addresses
order deny,allow deny from all allow from env=DZSP_IS_ESTONIAN_IP
Allowing access only from countries of the European Union
SetEnvIf MM_COUNTRY_CODE ^(AT|BE|BG|CZ|CY|DE|DK|EE|EL|ES|FI|FR|HR|HU|IE|IT|LT|LU|LV|MT|NL|PL|PT|RO|SE|SI|SK) EUROPEANUNION order deny,allow deny from all allow from env=EUROPEANUNION
Blocking a certain country, e.g. China (CN).
SetEnvIf MM_COUNTRY_CODE ^(CN) BlockedCountry Deny from env=BlockedCountry
Redirecting users from a certain country (Finland) to another domain
SetEnvIf MM_COUNTRY_CODE ^(FI) FINLAND RewriteCond %{ENV:FINLAND} ^1$ RewriteRule .* http://www.example.fi%{REQUEST_URI} [R=301,L]
Our servers use the GeoLite2 database which is created by MaxMind and which can be downloaded at https://www.maxmind.com.
Maintenance mode – temporarily redirect all queries to the maintenance notification page
# If necessary, add certain URLs that must go through first before RewriteRule # Add your network's IP-address RewriteCond %{REQUEST_URI} !/maintenance.html [NC] RewriteCond %{REQUEST_URI} !/maintenance\.css [NC] RewriteCond %{REQUEST_URI} !/maintenance\.jpg [NC] RewriteCond %{REMOTE_ADDR} !90\.100\.100\.100 RewriteRule .* https://example.ee/maintenance.html [L]
Disabling the execution of PHP in order to prevent security issues
Options -ExecCGI RemoveType .php .php3 .phtml .inc RemoveHandler .php .php3 .phtml .inc <FilesMatch "\.(?i:php|php3|phtml|inc)$"> Require all denied </FilesMatch> <IfModule mod_php7.c> php_flag engine off </IfModule>
Using a rewrite proxy
For example, displaying the contents of the subdirectory example.com/proxy/ on the main domain example.com
RewriteRule "^proxy/(.*)$" "http://www.example.com/$1" [P,L]
NB! Proxy requests can only be made for HTTP connections and a notification about each query will be added to the web server error log.