I made an .htaccess template, is there anything else that should be added or changed for added benefit or security? # Defaults ServerSignature Off AddDefaultCharset UTF-8 DefaultLanguage en-US SetEnv TZ Europe/Belgrade SetEnv SERVER_ADMIN admin@domain.tld # Rewrites Options +FollowSymLinks RewriteEngine On RewriteBase / # Redirect to WWW RewriteCond %{HTTP_HOST} ^serpentineseo.com RewriteRule (.*) http://www.serpentineseo.com/$1 [R=301,L] #Redirect index to root RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\.html\ HTTP/ RewriteRule ^(.*)index\.html$ /$1 [R=301,L] # Cache media files: # Month <filesMatch "\.(gif|jpg|jpeg|png|ico|swf|js)$"> Header set Cache-Control "max-age=2592000, public" </filesMatch> # Week <FilesMatch "\.(css|pdf)$"> Header set Cache-Control "max-age=604800" </FilesMatch> # 10 Min <FilesMatch "\.(html|htm|txt)$"> Header set Cache-Control "max-age=600" </FilesMatch> # Don't Cache <FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$"> Header unset Cache-Control </FilesMatch> # Prevent hotlinking RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?serpentineseo.com/.*$ [NC] RewriteRule \.(gif|jpg)$ http://www.serpentineseo.com/images/angryman.png [R,L] # Error Documents ErrorDocument 206 /error/206.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 500 /error/500.html # Deny access to .htaccess <Files .htaccess> order allow,deny deny from all </Files> Code (markup):
maybe just to prevent people from browsing your folders & files in folders where you don't have an index.html or default.html or whatever: Options -Indexes Code (markup):
should i place .htaccess containing that code to every folder i want to restrict from being browsed or just put it in main on in website root?