Joomla! .htaccess, SEF and security

The .htaccess features allow to safely create the .htaccess file, and additionally add more for protection.

Caution: the .htaccess files can be used to configure Apache Webservers mod_rewrite. If your server is not running apache, this feature won't do anything.

.htaccess files syntax is very powerful but not easy, and the requirements change based on your webserver setup, in particular in shared hosting scenarios, since different hosts use different configurations. This is the reason why Joomla's default .htaccess file doesn't work on all servers.

Additionally, a wrong .htaccess will kill your site preventing access even to the administrator, and showing your user a nice and friendly "500 Internal Server Error" page.

Joomla Little Helper is the solution

By testing the .htaccess files in a subfolder we're able to determine the right format for your webserver without compromising it, and if a suitable one is found, you are given the option to install it (i.e. save it in the root).  This ensures your site doesn't go down because of the wrong file.

If you wrote your own .htaccess, chances are you won't find much benefit from this feature (it will rename your .htaccess and write a new one.

Joomla root .htaccess file: Boilerplate or Joomla?

Paul Irish - BoilerplateHTML5 Boilerplate by Paul Irish is the most widely used "reset" css and a collection of good practices. It ships with an .htaccess that will make the most of your webserver, by enabling browser cache, preventing some attacks, setting long expiration on static content and more.  Additionally, commented in the code, you will find several ready-to-use snippets for www to non-www redirection, https to http and so much more.

This has been complemented with a few Joomla-specific rules to make it compatible with both Joomla 2.5 and 3.x

Joomla htaccess (in your root/htaccess.txt) is a very basic alternative, which will result in a slower experience for the users; however it uses only a small subset of the Boilerplates' commands, so it may be more compatible on some shared hosts.

.htaccess files in subfolders

These are very simple .htaccess files that protects your website against a common attack scheme.  This attack consist of uploading a malicious file to one of the (writable) folders /images, /tmp or /cache, and then execute it.  .htaccess simply prevents the execution of scripts.

Behind this kind of attacks, which often result in your website being used for Phishing or spam (so your server will get blacklisted and you won't be able to send emails) there are a number of causes: not a Joomla vulnerability, but vulnerable extensions.

The .htaccess files will protect you, but you still need to make sure you check your Joomla Components security and uninstall any extensions you don't need (since the list is not exhaustive).

subfolders .htaccess page.

subfolders .htaccess management

Here you can create, delete, restore .htaccess files.

Additionally, it will detect if the index.html file is present in the same folders, and if not it allows you to create it.

The first line takes you to the

Joomla .htaccess SEF (root .htaccess) view

Choose your favourite .htaccess flavour (we encourage you to try the Boilerplate first) and clic Test.

Joomla .htaccess working

If the test is successful (may take up to 10 seconds) then the Save button appears.

 

 

 

 

 

If something went wrong, either syntax error of filesystem error, you will see the error, but not the "Save" button.

.htaccess error