Tips for a Secure Apache Web Server Using .htaccess

, ,

Disclaimer: We make no guarantees or warranties with regards to the following tips and suggestions for an Apache .htaccess file regarding security and compression settings.

It is your responsibility to test out these settings on your server and check for comparability and security.


Securing Apache Web Server with htaccess


Options All -Indexes
Options -Multiviews
Options +FollowSymLinks

DirectoryIndex index.php index.html index.htm

RewriteEngine On

# Disable public access to your error_log, display 404
RewriteRule (^|/)error_log$ - [L,R=404]
# Use [L,F] flags if you prefer '403 Forbidden' response instead of '404 Not Found'
# Make sure you've set 'RewriteEngine On' prior


While we are at it, let us enable server side GZIP compression of our text, html, javascript, css and xml:



# Gzip compression of text, html, javascript, css, xml
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|woff)$">
Header set Cache-Control "max-age=2592000, public"


While we are on the subject of file compression; if you are using WordPress, read our W3 Total Cache plugin settings for optimal operation article.

Don’t forget to lock down this file to prevent others from editing it. See our article about CHMOD permissions.


If this article was helpful please take a moment to like us on Facebook, share this on your social media or buy us a cup of coffee.