How to Prevent Access to Your php includes files by htaccess file ?

htaccess file
If you are running php websites, and a php includes folder that is only used for the calling of your own php scripts. I know you do not want browsers to access your includes folder. You can do it by htaccess file using Mod_Write. ## Enable Mod Rewrite, this is only required once in each .htaccess file RewriteEngine On RewriteBase / ## Test for access to includes directory RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /includes/ .*$ [NC] ## Test that file requested has php extension RewriteCond %{REQUEST_FILENAME} ^.+\.php$ ## Forbid Access RewriteRule .* - [F,NS,L] Where /includes/ is your includes directory. All browsers to your includes folder are forbidden.  
Read More

How to Disable Server Signature by htaccess file ?

htaccess file
Error pages of your website like 404 not found, 403 access forbidden pages contains server signature i.e. server version number, operating system etc., such information could be misused by attackers. Mostly servers or operating systems has some loopholes that could be misused. One with these details can paralyzed your system with focused attacks. Unknowingly or knowingly, revealing Information about your server, hosting operating system, PHP versions is a potential threats and security risk for you website which are hosted on such web servers, it shows your system’s vulnerability to attackers. As a webmaster, you can disable your server signature by htaccess file. Put following line in your htaccess file in your root directory: ServerSignature Off
Read More

How to Set Your Website Timezone by htacess file

htaccess file
Normally your server timezone is set to its local timezone. But as a webmaster, you can set your website timezone by date.timezone directive in htaccess file.  To find your website timezone, you can create an info.php file and upload to your root directory: <?php phpinfo(); ?> You can easily find your server's timezone. To set your web servers date timezone, for example for Eastern Standard Time (EST) use the following code: SetEnv TZ America/Indianapolis For example, for Los Angeles time (Pacific time), use the following code: SetEnv TZ America/Los_Angeles Other location examples include: America/New_York - Eastern Time America/Detroit - Eastern Time - Michigan (most locations) America/Louisville - Eastern Time (Louisville, Kentucky) America/Indianapolis - Eastern Standard Time (Indiana, most locations) America/Indiana/Marengo - Eastern Standard Time (Indiana, Crawford County) America/Indiana/Knox - Eastern…
Read More

How to Pretect Your WordPress Website wp-admin folder and wp-login.php file using .htaccess file ?

htaccess file, Managed WordPress Hosting, Security
If you want to protect your wordpress website admin folder wp-admin folder by htaccess file. You can check How to deny IP address to your folder. In your wp-admin folder place a .htaccess file, and add following codes: order allow,deny allow from 207.241.90.37 deny from all 207.24.90.37 is your own IP address. So only you yourself can access your wp-admin folder. You also need to secure your wp-login.php folder in your public root directory. Just add following codes into the htaccess file in your public root directory that have wp-login.php file: <Files wp-login.php> Order Deny,Allow Deny from all Allow from 207.241.90.37 </Files> 207.24.90.37 is your own IP address. Right now, only you can access your wp-admin folder and wp-login.php file. Even though, you also need some secure plugins to protect…
Read More

How to Prevent Dir Listings or Show FancyIndex by htaccess file

htaccess file
To disable or prevent the directory access by browsers, you can add following code in your .htaccess file. If user points the browsers to a directory which does not have index file then in this case 403 error will be: Options -Indexes If you want all your files in your directory be shown to the browsers, you can add following code into your .htaccess file: Options +Indexes All your files including .zip, .gif, .jpg in this directory will be shown by all browsers. Ignore files or Ignore files with specific extension If you do not want any files and any sub-folders to be shown in the directory, you can add following code: IndexIgnore * If you just do not want your .zip, .gif, .jpg files to be shown, you can…
Read More

How to Change Your Website Root Directory with .htaccess file

htaccess file, Programming
IF your website is using cpanel system, your website root directory should be /home/yourusername/public-html directory. When anyone want to visit your website, the apache server will direct it to the index file in your /home/yourusername/public_html folder. But you can change it to  different directory by .htaccess file. Just place following codes into your .htaccess file: RewriteEngine on RewriteCond %{HTTP_HOST} ^domain-name.com$ [NC,OR] RewriteCond %{HTTP_HOST} ^www.domain-name.com$ RewriteCond %{REQUEST_URI} !folder/ RewriteRule (.*) /folder/$1 [L] In the above lines you should replace the following 2 strings: domain-name.com – Type your own domain name folder – custome the folder which hold your website
Read More

How to Prevent PHP, Perl Executable scripts Run in your Image Folder with .htaccess file

htaccess file, Programming
Sometimes  you donot need to run php code in all your folder such as your image folder. In your Image folder, add following codes: order allow,deny deny from all # secure directory by disabling script execution AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi Options -ExecCGI Above codes will deny all .php, .pl, .py, .jsp, .asp, .htm, .shtml, .sh,.cgi to run in your image folder.
Read More

How to redirect Http to Https Using .htaccess file

htaccess file, Programming
we can redirect the non SSL query to your website to SSL port by using .htaccess file.This will help you to access the websites from a secured port(443 of apache) of we server. in your .htaccess file, you can add following code: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] It will direct the Normal website URL to its SSL website URL. How to redirect Http to Https in cpanel In your Cpanel, go to domain and then redirect link: Click Redirects link, and then you will go to following page:  
Read More

How to Run Your CGI Scripts outside CGI-BIN folder by .htaccess file

htaccess file, Programming
Common Gateway Interface is abbreviated to CGI. This is a standard way for web servers to interface executable scripts with end users. Those executable scripts or programs execute by this way and generate web pages dynamically. CGI scripts are usually written in scripting language, but can be written in any programming language. Most of the hosts does not allow to execute those scripts outside the CGI-BIN folder on the public folder. In order to run your cgi or perl scripts outside of cgi-bin folder. You need create a .htaccess file in the folder you want to run cgi or perl scripts. The following line should be in your .htaccess file: AddHandler cgi-script .cgi Options +ExecCGI The first line tells the apache server to run cgi script in the folder, the…
Read More

How to enable Server Side Include (SSI) with .htaccess file

htaccess file, Programming
Server Side Includes (SSI) is a simple interpreted server-side scripting language used almost exclusively for the Web.The most frequent use of SSI is to include the contents of one or more files into a web page on a web server. Server Side Includes are useful for including a common piece of code throughout a site, such as a page header, a page footer and a navigation menu. Conditional navigation menus can be conditionally included using control directives. In order for a web server to recognize an SSI-enabled HTML file and therefore carry out these instructions, either the filename should end with a special extension, by default .shtml, .stm, .shtm, or, if the server is configured to allow this, set the execution bit of the file. This is particularly useful, for…
Read More