User contributions
- 16:02, 17 May 2011 diff hist +284 Htaccess examples (security) Proposed 2.5.5 - Change rule order to prevent URL request with query string exploit accidentally being allowed when a previous "RewriteRule - [L]" exception stopped processing of request "too early".
- 15:54, 17 May 2011 diff hist 0 Htaccess examples (security) Proposed 2.5.4 - Change rule order to prevent URL request with exploit accidentally being allowed when a previous "RewriteRule - [L]" exception has stopped the processing of that request "too early".
- 15:45, 17 May 2011 diff hist 0 Htaccess examples (security) Proposed 2.5.3 - Changing rule order such that mod_rewrite and other setup code is placed closer to the rules that it applies to and is therefore easier to follow.
- 15:41, 17 May 2011 diff hist 0 Htaccess examples (security) Proposed 2.5.2 - Redirecting a malicious request only to later block it is inefficient. Move external redirect mod_rewrite code to be after the mod_rewrite code which blocks malicious requests.
- 15:33, 17 May 2011 diff hist +32 Htaccess examples (security) Proposed 2.5.1 - Change rule order to prevent an unwanted multiple step redirection chain when a non-www URL on the old domain and/or a URL which is going to be forced to https is requested.
- 15:29, 17 May 2011 diff hist +354 Htaccess examples (security) Proposed 2.5.0 - Added placeholders for custom mod_rewrite rules using RewriteRule [F] (blocking), RewriteRule [R=301,L] (redirecting) and RewriteRule [L] (rewriting). [Compare with version 2.4.9.]
- 09:03, 14 May 2011 diff hist +114 Htaccess examples (security) URL updates.
- 15:21, 8 May 2011 diff hist +3 Htaccess examples (security) Proposed file for version 2.4.9 with more changes.
- 07:14, 7 May 2011 diff hist +241 Multiple Domains and Web Sites in a single Joomla! installation Code for redirect generates 302 not 301. In any case, the code cannot possibly work at all when pasted where recommnded in the article.
- 10:44, 24 April 2011 diff hist +71 IIS Reworded to show the correct direction of travel for a rewrite. It's a URL to filepath translation!
- 09:46, 24 April 2011 diff hist +619 Adding www to a url Updated and more comprehensive code.
- 09:32, 24 April 2011 diff hist +17 m Security Checklist/Hosting and Server Setup Typo.
- 09:31, 24 April 2011 diff hist +389 Security Checklist/Hosting and Server Setup Improved wording.
- 09:26, 24 April 2011 diff hist +42 Enabling Search Engine Friendly (SEF) URLs on IIS Fixed syntax errors and updated code to match the code distributed with 1.6.2/1.6.3 onwards.
- 09:16, 24 April 2011 diff hist +144 How do you convert an htaccess.txt file into a .htaccess file? Additional explanation and clarity.
- 08:33, 24 April 2011 diff hist -941 m How can you check if mod rewrite is enabled? Duplicate page, redirected this copy... current
- 08:24, 24 April 2011 diff hist +121 How to check if mod rewrite is enabled on your server Using the "Redirect" directive cannot prove whether mod_rewrite is installed. Redirect is a part of mod_alias not mod_rewrite.
- 18:33, 23 April 2011 diff hist +219 m Htaccess examples (security) URLs updated.
- 05:51, 23 April 2011 diff hist +40 Htaccess examples (security) Proposed file for version 2.4.8 with more changes.
- 05:14, 23 April 2011 diff hist +176 Htaccess examples (security) Proposed file for version 2.4.7 with more changes.
- 05:12, 23 April 2011 diff hist -2 Htaccess examples (security) Proposed file for version 2.4.6 with more changes.
- 13:05, 17 April 2011 diff hist -7 Htaccess examples (security) Proposed file for version 2.4.6 with more changes. Many logic errors as well as a number of typos have been corrected in this and recent versions.
- 18:27, 11 April 2011 diff hist +135 m Htaccess examples (security) Updated some URLs.
- 18:15, 11 April 2011 diff hist +135 Htaccess examples (security) Proposed file for version 2.4.5 with more changes.
- 02:22, 10 April 2011 diff hist +227 Htaccess examples (security) Proposed file for version 2.4.4 with more changes.
- 19:11, 2 April 2011 diff hist -1 Htaccess examples (security) Proposed file for version 2.4.3 with more changes.
- 18:52, 2 April 2011 diff hist +5 Htaccess examples (security) Proposed file for version 2.4.2 with more changes.
- 18:16, 31 March 2011 diff hist +1,043 Htaccess examples (security) Proposed file for version 2.4.2 with more changes.
- 05:37, 28 March 2011 diff hist -9 Htaccess examples (security) Version 2.4.1 is the current stable version of the master .htaccess file. Working towards version 3.0 for release some time in April 2011.
- 05:36, 28 March 2011 diff hist -9 Htaccess examples (security) Version 2.4.1 is the current stable version of the master .htaccess file. Working towards version 3.0 for release some time in April 2011.
- 04:45, 25 March 2011 diff hist +607 m Htaccess examples (security) Updates to footer notes.
- 15:51, 24 March 2011 diff hist -12 Htaccess examples (security) Correction to image file extension pattern matching.
- 03:43, 24 March 2011 diff hist 0 Htaccess examples (security) Master File copied to original author "as is" and posted to snipt as "proposed v2.4" (2011-03-24).
- 18:24, 23 March 2011 diff hist -10 Enabling Search Engine Friendly (SEF) URLs on IIS Minor optimisation of patterns.
- 15:21, 23 March 2011 diff hist -121 m Htaccess examples (security) Tidy up various comments.
- 15:15, 23 March 2011 diff hist -1,154 Htaccess examples (security) Removed section that is already included in the production Joomla .htaccess file, and for which a slightly improved version is offered in the suggested 'Master htaccess file'.
- 14:40, 23 March 2011 diff hist +464 Htaccess examples (security) Added comments.
- 04:25, 23 March 2011 diff hist -1 Htaccess examples (security) Incorrect use of "=" sign meant rule was looking for literal string not input matching a pattern.
- 19:38, 22 March 2011 diff hist 0 m Htaccess examples (security)
- 19:36, 22 March 2011 diff hist 0 m Htaccess examples (security)
- 19:12, 22 March 2011 diff hist 0 m Htaccess examples (security)
- 19:03, 22 March 2011 diff hist -1 m Htaccess examples (security)
- 18:12, 22 March 2011 diff hist -1 m Htaccess examples (security)
- 18:06, 22 March 2011 diff hist +46 m Htaccess examples (security) Minor edits to comments.
- 16:20, 19 March 2011 diff hist -1 Htaccess examples (security) Typo fixed.
- 13:30, 19 March 2011 diff hist +53 Htaccess examples (security) Preserve http/https protocol in the redirect. Solves http://forum.joomla.org/viewtopic.php?p=2448764#p2448764
- 13:24, 19 March 2011 diff hist +2 Htaccess examples (security) Allow both http and https referrer. Good catch!
- 14:46, 18 March 2011 diff hist +55 m Htaccess examples (security) Updated text to clarify what actually happens.
- 02:57, 17 March 2011 diff hist +95 Htaccess examples (security) mod_deflate is Apache 2 module.
- 14:23, 16 March 2011 diff hist +30 Htaccess examples (security) Allow blank REFERER.
- 04:04, 16 March 2011 diff hist 0 m Htaccess examples (security) Update date.
- 03:54, 16 March 2011 diff hist +1 m Htaccess examples (security) Update date.
- 02:48, 16 March 2011 diff hist -52 Htaccess examples (security) RewriteCond %{THE_REQUEST} !^POST replaces RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator
- 19:22, 14 March 2011 diff hist +34 Htaccess examples (security) Experimental.
- 09:45, 14 March 2011 diff hist +24 Htaccess examples (security) Options +FollowSymLinks usually required.
- 04:59, 14 March 2011 diff hist +3 Htaccess examples (security) Change code to match what the comment says it should do.
- 03:47, 14 March 2011 diff hist -829 Htaccess examples (security) Using a "local OR" parses faster.
- 03:43, 14 March 2011 diff hist +108 m Htaccess examples (security) Added notes.
- 03:31, 14 March 2011 diff hist +273 m Htaccess examples (security) Tidying of wrding.
- 03:24, 14 March 2011 diff hist +12 m Htaccess examples (security) Spelling.
- 20:41, 13 March 2011 diff hist -47 Htaccess examples (security) Repetition removed
- 19:50, 13 March 2011 diff hist +35 Htaccess examples (security) ## Changed patterns to allow both /folder/ and /folder/index.php requests for JA Purity II
- 19:42, 13 March 2011 diff hist +4 Htaccess examples (security) Allow both www and non-www here.
- 19:28, 13 March 2011 diff hist +2 Htaccess examples (security) SERVER_PORT is a more reliable test than HTTPS.
- 18:31, 13 March 2011 diff hist +177 Htaccess examples (security) JA Purity II
- 18:24, 13 March 2011 diff hist +45 Htaccess examples (security) New code suggested in the forum. TO DO: previous line is still very inefficient.
- 17:44, 13 March 2011 diff hist +83 m Htaccess examples (security) Notes.
- 17:35, 13 March 2011 diff hist +94 m Htaccess examples (security) Note added, since question was asked in the forum.
- 16:41, 13 March 2011 diff hist +90 Htaccess examples (security) Using DEFLATE without mod_deflate installed will cause HTTP 500 Internal Server Error.
- 16:25, 13 March 2011 diff hist -2 Htaccess examples (security) $1 not required.
- 16:23, 13 March 2011 diff hist +436 Htaccess examples (security) Root only for index.php until we get to the bottom of this (see cited forum thread).
- 11:59, 9 March 2011 diff hist +1 Htaccess examples (security) Escape literal period in pattern.
- 20:26, 8 March 2011 diff hist +22 Htaccess examples (security) .php and .php-dist
- 16:24, 8 March 2011 diff hist +18 Htaccess examples (security) Added block to php.ini as suggested in http://forum.joomla.org/viewtopic.php?p=2436820#p2436820
- 11:09, 8 March 2011 diff hist -10 Htaccess examples (security) A year is way too long. One month seems more appropriate.
- 06:11, 8 March 2011 diff hist -4 Htaccess examples (security) \< and \> breaks Apache 1.3 parser. [http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=24720]
- 05:15, 8 March 2011 diff hist +386 m Htaccess examples (security) →Block bad user agents: Update to text only.
- 04:49, 8 March 2011 diff hist +125 m Htaccess examples (security) Tagging version. Needs careful proof-reading and further testing, but is close to being finished.
- 04:33, 8 March 2011 diff hist +5 Htaccess examples (security) Use example.com. It can never be owned. See RFC 2606. See RFC 2606 (not 2602).
- 04:30, 8 March 2011 diff hist +17 Htaccess examples (security) Use example.com. It can never be owned. See RFC 2602.
- 04:23, 8 March 2011 diff hist -1 Htaccess examples (security) [A-Za-z0-9] [NC] is inefficient. The NC flag means aNy Case, so no need to specify A-Za-z. Just specify one range. Parses 33% quicker. Use [a-z0-9]...[NC] here
- 04:19, 8 March 2011 diff hist 0 Htaccess examples (security) valid values are [0-9a-f] not [a-z0-9].
- 04:09, 8 March 2011 diff hist +8 m Htaccess examples (security) "send" is an ambiguous word. That usage contributes a LOT of misunderstanding as to what mod_rewrite does. Improved the wording to be more clear and precise.
- 04:00, 8 March 2011 diff hist -97 Htaccess examples (security) Don't create backreferences that aren't going to be re-used. Escape literal periods. "Local OR" php|html? is faster. html[l]? simplifies to html? and other changes.
- 03:45, 8 March 2011 diff hist -21 Htaccess examples (security) The "don't modify this request" syntax is "RewriteRule pattern - [L]" not "RewriteRule (pattern) $1 [L]" and it runs faster too.
- 03:21, 8 March 2011 diff hist -1 Htaccess examples (security) "equals" does not need to be escaped.
- 18:30, 7 March 2011 diff hist 0 m Security and Performance FAQs Fix heading
- 18:27, 7 March 2011 diff hist +10 Security and Performance FAQs →How can I check if mod_rewrite is enabled?
- 18:25, 7 March 2011 diff hist +193 Security and Performance FAQs Alternative method eliminates duplicate content risk.
- 12:45, 7 March 2011 diff hist -48 Multiple Domains and Web Sites in a single Joomla! installation Using (www\.)? parses faster. Escape literal periods in patterns.
- 12:41, 7 March 2011 diff hist -1 m Enabling Search Engine Friendly (SEF) URLs on IIS/IIS6/1.5 Typo.
- 12:40, 7 March 2011 diff hist -2 m Enabling Search Engine Friendly (SEF) URLs on IIS/IIS6/1.5 Typo.
- 12:39, 7 March 2011 diff hist -6 Enabling Search Engine Friendly (SEF) URLs on IIS/IIS6/1.5 Find the period once then pattern match from that point on. The html|htm pattern simplifies to html? here. Old code matched "/" in two places. Only one is needed.
- 12:36, 7 March 2011 diff hist +6 Adding www to a url Previous code did not canonicalise www URLs with port number, nor direct IP requests. Use example.com, see RFC 2606.
- 12:26, 7 March 2011 diff hist +80 m Security and Performance FAQs Change <pre> to <source lang="apache">
- 12:20, 7 March 2011 diff hist +114 Security and Performance FAQs Fix the RegEx definitions. In particular, * is NOT one or more.
- 12:15, 7 March 2011 diff hist 0 m Security and Performance FAQs Typo.
- 12:13, 7 March 2011 diff hist +44 m Security and Performance FAQs Add <pre> to stop URLs in code examples turning into links.
- 12:03, 7 March 2011 diff hist +65 Security and Performance FAQs Allow more than one level of sub-domain in referrer ([^.]+\.)* here. Remove unnecessary leading .* pattern from image path.
- 11:56, 7 March 2011 diff hist +103 Security and Performance FAQs You cannot use Redirect to test if mod_rewrite is enabled. Redirect is a mod_alias directive. Use RewriteRule. Canonical URL for domain root ends with trailing slash. Use example.com, see RFC 2606.
- 11:49, 7 March 2011 diff hist -1 Security and Performance FAQs It's a rewrite, not a redirect. The leading / is not present for code going into .htaccess. The .*$ is not needed, just wasting processor cycles.
- 11:44, 7 March 2011 diff hist -9 J1.5:IIS7 and SEF URLs Previous code contained two matches for "/". Old code evaluated position of period three times. Find it once then pattern match from that point onwards. htm|html simplifies to html?
- 19:35, 6 March 2011 diff hist 0 Htaccess examples (security) My typos. Fixed.
- 06:52, 6 March 2011 diff hist -2 Htaccess examples (security) Trailing .* patterns which match "anything, everything or nothing" but which are not captured as backreferences are just wasting processor cycles.
- 06:51, 6 March 2011 diff hist -15 Htaccess examples (security) Trailing .* patterns which match "anything, everything or nothing" but which are not captured as backreferences are just wasting processor cycles.
- 06:49, 6 March 2011 diff hist -34 Htaccess examples (security) Leading ^.* pattern matches whole string to very end, then forces thousands of back off and retry "trial match" attempts. Edit. RegEx now parsed once left to right looking for first character match.
- 06:35, 6 March 2011 diff hist -16 Htaccess examples (security) Trailing .* patterns which match "anything, everything or nothing" but which are not captured as backreferences are just wasting processor cycles.
- 05:12, 6 March 2011 diff hist +6 Htaccess examples (security) Pattern only matched a request like example.com/images/stories////////////.jpg with multiple slashes and no filename before the file extension.
- 05:08, 6 March 2011 diff hist -1 Htaccess examples (security) Typo and escaping not requited on / here.
- 21:21, 5 March 2011 diff hist -6 Htaccess examples (security) Character group is not required when there is just one optional character. Question mark for "optional" applies to preceding character if no grouping.
- 21:14, 5 March 2011 diff hist 0 Htaccess examples (security) Do the very slow system filechecks after all other RewriteConds have evaluated as "true".
- 21:09, 5 March 2011 diff hist +1 Htaccess examples (security) Change character list patterns to eliminate commas. Images files do not end in ".jpg,".
- 21:00, 5 March 2011 diff hist +4 Htaccess examples (security) Not wanting match ".jpe," so character list changed from [g,2] to [g2].
- 20:55, 5 March 2011 diff hist -3 Htaccess examples (security) Change language to match current production .htaccess file.
- 20:52, 5 March 2011 diff hist +132 Htaccess examples (security) Additional code to avoid two step redirection chain for named index requests on old domain.
- 20:50, 5 March 2011 diff hist +28 Htaccess examples (security) Literal periods in patterns must be escaped. Code redirected only olddomain.com not www.olddomain.com. Code produced a 302redirect. Needs a 301 redirec here. Code must go in olddomain.com.
- 20:40, 5 March 2011 diff hist +27 Htaccess examples (security) Replace .* pattern with something that parses much more efficiently, left to right in one pass.
- 20:33, 5 March 2011 diff hist 0 Htaccess examples (security) CASING of variable name.
- 20:31, 5 March 2011 diff hist -21 Htaccess examples (security) No need to create backreference that isn't going to be used.
- 20:29, 5 March 2011 diff hist -6 Htaccess examples (security) No need to create backreference that isn't going to be used. F implies L. L is not needed here.
- 20:27, 5 March 2011 diff hist -110 Htaccess examples (security) Why find "base64_" twice when it can be found once then a local OR performed for "en|de" before "code"?
- 20:25, 5 March 2011 diff hist 0 Htaccess examples (security) Spelling
- 20:24, 5 March 2011 diff hist +6 Htaccess examples (security) The .* pattern is too inefficient.
- 20:22, 5 March 2011 diff hist +12 Htaccess examples (security) The .* pattern is brutally inefficient. Use another pattern that can be parsed once left to right.
- 20:19, 5 March 2011 diff hist +13 Htaccess examples (security) The .* pattern is brutally inefficient as it is greedy, promiscuous and ambiguous. It can create tens of thousands of back off and retry "trial matches" per page request.
- 20:13, 5 March 2011 diff hist +2 Htaccess examples (security) Spelling
- 20:12, 5 March 2011 diff hist -20 Htaccess examples (security) The position of the final period is evaluated nine times in the old code, only once in the new code. The old code unecessarily matched "/" twice.
- 20:06, 5 March 2011 diff hist -24 Htaccess examples (security) F implies L. L is not required.
- 20:03, 5 March 2011 diff hist -13 Htaccess examples (security) No need to creat backreferences that are never going to be used. F implies L. L is not required.
- 20:00, 5 March 2011 diff hist +4 Htaccess examples (security) Old code produced a 302 redirect. This must be a 301 redirect here.
- 19:58, 5 March 2011 diff hist +21 Htaccess examples (security) Old rule does not canonicalise requests with trailing period or port number on the canonical host name. Code sends a 302 redirect. Redirect must be a 301 here.
- 19:50, 5 March 2011 diff hist +26 Htaccess examples (security) Why not fix index file requests in folders, not just the root? Old code sent a 302 redirect. This must be a 301 redirect here.
- 19:48, 5 March 2011 diff hist +16 Htaccess examples (security) The .* pattern will cause thousands of back off and retry attempts. THE_REQUEST ends with HTTP/1.1 so the $ would cause this code to NEVER run. Literal space must be escaped.
- 19:42, 5 March 2011 diff hist +9 Htaccess examples (security) Don't mix Redirect and RewriteRule in the same .htaccess file. Order of operation cannot be guaranteed. The .htacccess is parsed in per-module order.
- 19:37, 5 March 2011 diff hist -7 Htaccess examples (security) No need to create a backreference that isn't going to be used. F implies L. No need for L.
- 19:34, 5 March 2011 diff hist +2 m Htaccess examples (security)
- 19:31, 5 March 2011 diff hist +19 Htaccess examples (security) Long list of RewriteCond patterns but no RewriteRule after them.
- 19:26, 5 March 2011 diff hist +6 Htaccess examples (security) The .* pattern is greedy and ambiguous and should almost never be used.
- 19:24, 5 March 2011 diff hist -2 m Htaccess examples (security) Uncomment.
- 19:23, 5 March 2011 diff hist +8 Htaccess examples (security) Multiple .* patterns may cause thousands of back off and retry "trial matches" to be attempted. Very slow.
- 07:07, 18 September 2010 diff hist +227 Talk:Preconfigured .htaccess Link to patch current
- 20:40, 13 September 2010 diff hist +11 Talk:Preconfigured .htaccess Further optimisations found. Note: originally posted code was not the latest version.
- 19:13, 13 September 2010 diff hist -7 Talk:Preconfigured .htaccess Extra fixes
- 19:11, 13 September 2010 diff hist +131 Talk:Preconfigured .htaccess
- 15:37, 13 September 2010 diff hist +172 Talk:Preconfigured .htaccess Tracker item added
- 14:34, 13 September 2010 diff hist +1,468 Talk:Preconfigured .htaccess Reply to questions posed here and at www.webmasterworld.com/apache/4200031.htm