Aggressive Graphics

Understanding .htaccess

Your website is like that untamed beast, that can surprise you with scope for further configurations and management everyday. That is why, sometimes, a website should be seen as a platform. A platform allows us to build over itself. What people miss, is that you can tweak the platform itself to get a peak performance out of it. What you do with your website, is a never ending process of website-management.

On an Apache server, your dynamic website is essentially a collection of core PHP files forming a web application. There is too much to hack and mod there, but there is totally another aspect to managing your website, one that goes in line with you ultimate goal of engaging users and improving user experience. Managing server configurations.

An application, your website manages all user interactions through two critical files:
.htaccess & robots.txt

Our first part of the series will deal with the .htaccess file. This file manages how your php application is executed on the server, and how pages are served to your users. An essential part of being a webmaster thus, is to have a reliable understanding of the .htaccess file. With most websites being on a shared hosting, we are never in control of the central server settings. In this case, htaccess comes as a lifesaver.

The htaccess file is used to manage how the web application accesses your files from various directories. My site Techarraz loads in under four seconds always (average 3 seconds) and I am on a free hosting service. You can check my claims at tools.pingdom.com. An archive of the last test I ran is here (3.2 seconds load time for homepage). I have achieved this simply by tweaking my htaccess file.

Htaccess Code Snippets

Here are some code snippets for you to get started with htaccess. Once you are comfortable with these basic rules, you can get confident and experiment on your own. Always remember to take backups of your htaccess files before proceeding.

Override All .htaccess Rules

1
2

 
AllowOverride None

It gets very annoying when your uses mess up server settings on your blog and write their own buggy up .htaccess files. You can deny override for specific server tweaks you have made, by ccreating this htaccess rule. It is very handy for server admins.

Set MIME Types

1
2
3

 
AddType text/css .css
AddType application/x-javascript .js

MIME types identifies particular types of files on your server and defines rules on how to process them. This comes in very handy for setting specific file handling operations, and prevent execution of unauthorized scripts.

Set Expiry Rules

1
2
3
4

 
ExpiresActive On
ExpiresByType text/css A31536000
ExpiresByType application/x-javascript A31536000

Expiry rules sets your content cache headers and makes them expire from the cache only after a certain period. This caches your CSS and js content thereby speeding up webpages by fetching static contetn locally.

Set Compression

1
2
3
4
5
6
7
8
9
10
11

 
 
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
 
 
        Header append Vary User-Agent env=!dont-vary
 
    AddOutputFilterByType DEFLATE text/css application/x-javascript text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon

Compression ca drastically reduce the amount of data transfer that takes place between your server and the browser. This makes your website extremely responsive, and now that Google has started considering page speed for rankings, it has become an absolute necessity to have a fast loading page.

Deny Access To Directories

1
2

 
Require all denied

Although there are ways of preventing web access by placing blank index.php files in directories, web access is not the only access you would want to restrict. This method prevents any form of unauthorized access to any directory where this configuration is present.

Protect Files

Protecting critical files on your websites root directory is more than meets the eye. There are a number of security plugins but all that they do, is at application level. When it comes to securing your server, you have to apply the protection at system level. If the last line was too jargoned, I will simplify that by saying, it is better to protect your server first, than try protecting, say, a WordPress installation with numerous security plugins.

1
2
3
4

 
order allow,deny
deny from all
allow from *

This protects your files from unauthorized access and prevents it, right from Apache. The [yourfile.extension] has to be replaced by the exact filename along with the extension. The * in allow from can be replaced with a preferred URL. So, if you want to protect your htaccess file itself, you should use this simple rule.

1
2
3

 
order allow,deny
deny from all

Manage Redirects

Redirects are ugly. Google hates page redirects. How to prove it? Well, users hate it too when websites redirect to another page, and the Google bot is made to mimic a human user, so that it can judge the user experience.

However, we all end up using redirects. Redirects, are acceptable to some extent when it is an absolute necessity and there is no way out.

If your page shows an error in Google Webmaster tools, and you see no other way to fix it, keep this as your last resort. redirect the page as:

1

Redirect 301 /[permalink to new post] [Old post URL]

This redirects your unwanted old page to a new location. The new page is given as URL path, while the old page needs a complete URL. So, if you want to redirect a page http://www.yourdomain.com/old/old-post-url/ to http://www.yourdomain.com/new/new-updated-post-url, you need to do it a:

1

Redirect 301 /new/new-updated-post-url http://www.yourdomain.com/old/old-post-url/

As seen above, you should not give the complete URL for the new post. Just give the URL path that appears in the link, excluding your domain URL.

Set FeedBurner For Feeds

FeedBurner is the official feed service from Google. It is owned by Google and provides options with feeds for monetizing, publishing and doing a lot more. If you run a dynamic website with ever-changing content, a feed allows your readers to follow what you are doing on your website. Move ahead of the default feeds provided by your CMS software, switch over to FeedBurner today to explore a whole new world.

Using FeedBurner with feeds is a fun experience. Once you sign up and set up your feeds with FeedBurner, you get a URL at FeedBurner. Mine is at this URL: Techarraz feeds. Set up your FeedBurner in .htaccess as:

1
2
3
4

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !FeedBurner    [NC]
RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/Techarraz [R=302,NC,L]

Although there are plugins and php codes for this, you are in better control of you blog writing your own hacks on the server configuration files, and not relying on plugins.

Handle 404 Errors

coming back to where I said Google hates redirects, there is something it hates even worse. Those 404 errors, and you can even be penalized in SERP for these errors. So, you have two options to get rid of 404′s (page not found error). Redirect it to something else, or show a good 404 page.

Redirecting it to other pages, still penalizes you to some extent for irrelevant content, and it does not look good when the user comes to see something and finds something different on your website. The better option, is to show a proper 404 error page, not fool the user and let everybody win.

Here is my 404 handling code. It shows a 404 page for pages that are not supposed to exist in the first place.

1
2
3
4
5

RewriteCond %{REQUEST_URI} !(robots\.txt|sitemap\.xml(\.gz)?)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} \.(css|js|html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|swf|tar|tif|tiff|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ [NC]
RewriteRule .* - [L]

Any links to files, and non-existing pages are 404ed carefully. This prevents you from losing any link relevance at the same time, which is a high risk with unattended 301 redirects.

Up Next

That is all of what you can do on your server to control what goes out and comes into it. The complete guide on htaccess can of course be found at this Apache server configurations page. With these tweaks and htaccess rules, you will see a drastic improvement in your website performance and overall page size that is fetched by the browser.

In the next part of this series, we will see how we can control what comes in, i.e. what Google and other search bots read and index from your website.