The following is a collection of useful, as well as helpful common .htaccess snippets. Simply copy and paste the snippets to your .htaccess and edit as necessary.

Force www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$$1 [L,R=301,NC]


RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Force non-www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$$1 [L,R=301]


RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTPS}s ^on(s)|off
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]


RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

<IfModule mod_headers.c>
   # Remove "includeSubDomains" if you don't want to enforce HSTS on all subdomains
   Header always set Strict-Transport-Security "max-age=31536000;includeSubDomains"

Force Trailing Slash

RewriteCond %{REQUEST_URI} /+[^\.]+$
RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]

Remove Trailing Slash

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [R=301,L]

Redirect a Web Page

Redirect 301 /oldpage.html

Redirect Using RedirectMatch

RedirectMatch 301 /subdir(.*)$1
RedirectMatch 301 ^/(.*).htm$ /$1.html
RedirectMatch 301 ^/200([0-9])/([^01])(.*)$ /$2$3
RedirectMatch 301 ^/category/(.*)$ /$1
RedirectMatch 301 ^/(.*).html/1/(.*) /$1.html$2

Redirect an Entire Site

Redirect 301 /
From /home.php to /home.
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^([^.]+)$ $1.php [NC,L]

Deny All Access

Deny from all

Deny All Access but Allow from a Specific IP Address

Order deny,allow
Deny from all
Allow from

Allow All Access but Deny from a Specific IP Address

Order deny,allow
Deny from
Deny from

Deny Access to File Types

<FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$">
   ## Apache 2.2
   Order allow,deny
   Deny from all
   Satisfy All

   ## Apache 2.4
   # Require all denied

Disable Directory Indexing

Options All -Indexes

Disable Image Hotlinking

RewriteEngine on
# Remove the following line if you want to block blank referrer too
RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^https?://(.+\.)? [NC]
RewriteRule \.(jpe?g|png|gif|bmp)$ - [NC,F,L]

# If you want to display a “blocked” banner in place of the hotlinked image,
# replace the above rule with:
# RewriteRule \.(jpe?g|png|gif|bmp) [R,L]

Disallow Visitors by Referrer

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} newsite\.com
RewriteRule .* - [F]

Prevent iFrame

SetEnvIf Request_URI "/url" allow_framing=true
Header set X-Frame-Options SAMEORIGIN env=!allow_framing

Set Expires Headers

<IfModule mod_expires.c>
   ExpiresActive on
   ExpiresDefault                                      "access plus 1 month"

 # CSS
   ExpiresByType text/css                              "access plus 1 year"

 # Data interchange
   ExpiresByType application/json                      "access plus 0 seconds"
   ExpiresByType application/xml                       "access plus 0 seconds"
   ExpiresByType text/xml                              "access plus 0 seconds"

 # Favicon (cannot be renamed!)
   ExpiresByType image/x-icon                          "access plus 1 week"

 # HTML components (HTCs)
   ExpiresByType text/x-component                      "access plus 1 month"

   ExpiresByType text/html                             "access plus 0 seconds"

 # JavaScript
   ExpiresByType application/javascript                "access plus 1 year"

 # Manifest files
   ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
   ExpiresByType text/cache-manifest                   "access plus 0 seconds"

 # Media
   ExpiresByType audio/ogg                             "access plus 1 month"
   ExpiresByType image/gif                             "access plus 1 month"
   ExpiresByType image/jpeg                            "access plus 1 month"
   ExpiresByType image/png                             "access plus 1 month"
   ExpiresByType video/mp4                             "access plus 1 month"
   ExpiresByType video/ogg                             "access plus 1 month"
   ExpiresByType video/webm                            "access plus 1 month"

 # Web feeds
   ExpiresByType application/atom+xml                  "access plus 1 hour"
   ExpiresByType application/rss+xml                   "access plus 1 hour"

 # Web fonts
   ExpiresByType application/font-woff2                "access plus 1 month"
   ExpiresByType application/font-woff                 "access plus 1 month"
   ExpiresByType application/         "access plus 1 month"
   ExpiresByType application/x-font-ttf                "access plus 1 month"
   ExpiresByType font/opentype                         "access plus 1 month"
   ExpiresByType image/svg+xml                         "access plus 1 month"

Turn eTags Off

<IfModule mod_headers.c>
   Header unset ETag
FileETag None

Custom Error Pages

ErrorDocument 500 "Example of a message."
ErrorDocument 401
ErrorDocument 404 /error/404.html

Force Downloading

<Files *.md>
   ForceType application/octet-stream
   Header set Content-Disposition attachment

Disallow Downloading

<FilesMatch "\.(tex|log|aux)$">
   Header set Content-Type text/plain

Allow Cross-Domain Fonts

<IfModule mod_headers.c>
   <FilesMatch "\.(eot|otf|ttc|ttf|woff|woff2)$">
       Header set Access-Control-Allow-Origin "*"


AddCharset utf-8 .atom .css .js .json .rss .vtt .xml

Switch to Another PHP Version

AddHandler application/x-httpd-php56 .php