Ways to block user via .htaccess

#Order deny,allow
#Deny from all
#Allow from
#Allow from
#Allow from
#Allow from
#Allow from

RewriteCond %{REMOTE_ADDR} !^(4\.30\.3\.[0-9]*)$
RewriteCond %{HTTP:X-Forwarded-For} !^(4\.30\.3\.[0-9]*)$
RewriteCond %{REMOTE_ADDR} !^(104\.9\.55\.44)$
RewriteCond %{HTTP:X-Forwarded-For} !^(104\.9\.55\.44)$
RewriteRule ^(.*) - [F]

How to fix Magento2 apis not working? fix coupon apis and other PUT OPTIONS APIs

The issue is actually related to your server’s configuration. By default all types of requests are not allowed. Please add the following to your .htaccess file

    Order allow,deny
    Allow from all
    Require all granted

How to put a site in maintenance? [Apache web server]

ErrorDocument 403 /index.html
DirectoryIndex index.html
<Files ~ "index\.html">
	Order Allow,Deny
	Allow from all
Deny from all

Content of your .htaccess file

If you want to whitelist any IP, use this

ErrorDocument 403 /index.html
DirectoryIndex index.html
<Files ~ "index\.html">
	Order Allow,Deny
	Allow from all
Order Allow,Deny
Allow from xx.xxx.xx.xx
Deny from all

Here is a sample htaccess for a wordpress website with 1 IP whitelisted and all others are banned. So you only will be able to load the website while everyone else will see contents of index.html with HTTP Status code 403

ErrorDocument 403 /index.html
DirectoryIndex index.php
<Files ~ "index\.html">
    Order Allow,Deny
    Allow from all
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^4\.129\.45\.44$
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REMOTE_ADDR} !^4\.129\.45\.44$
RewriteRule . /index.php [L]

Allow from
Deny from all

Basic Authentication in nginx for any domain, server or location block

sudo yum install httpd-tools
sudo htpasswd -c /etc/nginx/conf.d/vhosts/.htpasswd USERNAME
Enter Password: xxxxx
sudo chmod 644 /etc/nginx/conf.d/vhosts/.htpasswd

Update the domain.conf file like /etc/nginx/conf.d/vhosts/myrestricteddomain.com.ssl.conf

Ideally, use it in server config

server {
satisfy all; 
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/conf.d/vhosts/.htpasswd; 
	location / {

Save and restart nginx

Basic Authentication with Nginx with proxy port (react/node app etc)

Reference: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/

Requirements: apache2-utils or httpd-tools

Use htpasswd utility and create a .htpasswd file, see reference

htpasswd -c  /etc/nginx/.htpasswd usernamethatyouwant
chmod 644 /etc/nginx/.htpasswd

After that, just add lines in nginx conf

location / {
	auth_basic "Backend Area";
    auth_basic_user_file /etc/nginx/.htpasswd; ## path to your passwd file
	## ...
	## xyz code
	proxy_pass; ## Proxy port for your app
	proxy_set_header Authorization ""; ## DONT FORGET THIS. reset the auth header
	include proxy.inc;

Restart nginx now or test first using “nginx -t”

Sample .htaccess for Laravel with PHP FPM

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

#    RewriteEngine On
#    RewriteCond %{HTTP:Authorization} ^(Bearer\ )(.*)$ [NC]
#    RewriteRule ^(.*) $1?access_token=%2 [QSA]
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "GET,PUT,POST,DELETE"
#Header set Access-Control-Allow-Headers "Content-Type, Authorization"
<IfModule mod_rewrite.c>

<IfModule mod_negotiation.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://kprep.api.ozandac.com/$1 [R,L]
RewriteEngine On
# Prevent direct access to the "public" folder - redirect to root
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /public/
RewriteRule ^public/(.*) /$1 [R=302,L]

# Redirect Trailing Slashes If Not A Folder...
# - but look for the file in the "public" folder
# (ensure we are not already in the "public" folder)
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{DOCUMENT_ROOT}/public/$1 !-d
RewriteRule ^(.*)/$ /$1 [R=302,L]

# Rewrite "everything" to the "public" subdirectory if not already
# This ignores existing files/dirs in the document root
RewriteCond %{REQUEST_URI} ^/(.*)
RewriteRule !^public/ public/%1

# Handle Front Controller... (as before)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

How to fix Undefined class constant ‘ARRAY_AS_PROPS’ Fatal Error?

I received this error “Fatal Error: Uncaught error in Undefined class constant ‘ARRAY_AS_PROPS'”
This issue is not related to PHP if you have 7.0 and above, it is zend framework’s module zend-http wrapper which is affected if Apache module is not present

File responsible: zendframework\zend-http\src\Header\Cookie.php:75

public function __construct(array $array = [])
        parent::__construct($array, ArrayObject::ARRAY_AS_PROPS);


Do check enabled modules for Apache, I found out that mod_expires was not enabled. So I edited httpd.conf and enabled mod_expires

I also enabled Zend Opcache in php.ini to make it run smooth on multiple pageloads.

How to use .htaccess to run all .html files as .php by using PHP handlers in Apache w/o CGI?

If you are not able to find the correct Handler, Simply create a .php file with the following contents:

<?php echo $_SERVER['REDIRECT_HANDLER']; ?>

and run/open this file in browser.

application httpd handler
example application handler

Use this output in .htaccess file

Create a .htaccess file at the root of your website(usually a folder named public_html or htdocs on linux servers) and add this line:

AddType [[THE OUTPUT FROM ABOVE FILE]] .html .htm


AddType application/x-httpd-php70 .html .htm
AddType application/x-httpd-php72 .html .htm
AddType application/x-httpd-php .html .htm

If your are running PHP as CGI then try something like this:

AddHandler application/x-httpd-php .html .htm

Important Note:

If you see blank page or Notice: Undefined index: REDIRECT_HANDLER

Try default in .htaccess

AddHandler application/x-httpd-php .html

If you are godaddy user, try one of these settings:

Options +ExecCGI
AddType application/x-httpd-php .php .html
AddHandler x-httpd-php5 .php .html
AddHandler x-httpd-php7 .php .html
AddHandler x-httpd-php5-cgi .html
AddHandler x-httpd-php7-cgi .html

Reference: https://stackoverflow.com/questions/4687208/using-htaccess-to-make-all-html-pages-to-run-as-php-files/49375772#49375772

5 ways to redirect your Web page?

Hi Everyone!

In this post we will be learning about redirects. And see how you can redirect your web-page.

We will see two ways to redirect web-pages:

  • Through your registrars’ Cpanel.
  • Right into your code.

Through cPanel redirect feature

You can easily redirect your visitors from one page to another with the help of the Redirects feature. 

To setup a redirection, access your website’s Control Panel and locate the Redirects menu.

In the Create a Redirect section. You can set up a redirection from one page of your website to another. This also works for subdomains or completely different websites.

If you choose to use HTTPS, make sure the redirected page has a certificate first, because redirecting to a website without an SSL certificate but using the HTTPS protocol for it, will most likely land your visitor to an error page

Now let’s see how you can set redirection by including few lines in your code.

HTML redirects:

The simplest way to redirect to another URL is with the Meta Refresh tag. We can place this meta tag inside the <head> at the top of any HTML page like this:

<meta http-equiv="refresh" content="0; URL='http://new-website.com'" />

JavaScript redirects

Redirecting to another URL with JavaScript is pretty easy, simply change the locationproperty on the window object:

// Use any of the following lines below.

window.location = "http://new-website.com";
window.location.href = "http://new-website.com";

Apache redirects

The most common method of redirecting a web page is through adding specific rules to a .htaccess file on an Apache web server.

Redirect 301 / http://www.new-website.com

PHP redirects

With PHP we can use the header function, which is quite straightforward:

  header('Location: http://www.new-website.com/', true, 301); // Permanent redirection.
// OR
  #header('Location: http://www.new-website.com/', true, 307); // Temporary redirection.

This is it for this post. Now the comment section is all yours.

Thank You.