Construct .htaccess file to cover set of cases

Question

This is what I need to do: I need to write an .htaccess file that:

Redirect all http requests to https
Redirect all https://example.com to https://www.example.com
Block bad bots
Prevent access to .htaccess
Add compression to ALL file types on the site

This is all I need to do, yet no matter how many thousands of different ways I try, it doesn't work. Do I need the rewrite engine 'on' with every rule? I have read 100's of sites telling me how, however everyone seems to have a different solution, yet whatever I try, it DOESN'T work. When I use the redirect tool in Godaddy it does redirect my site from http to https, but that is all. When I try to add more to the htaccess file, it stops working. Even the original redirect no long works.

Can anyone tell me how to put together all these codes so they work? I started a small business website, but no one told me there would be so little technical help or examples of all the 'other' things you need to do to get your website ready for all the search engine requirements.

Please, please, can someone help me? The site name is billionairemailinglist.com, can anyone give me or help me create these codes to use in my htaccess file? I would be forever grateful and would be glad to offer you the products we sell for free for helping me.

score 0 · Answer 1 · edited May 23 '17 at 12:15

The blocking of bad bots is a non discrete, nebulous task so I'll deal with that at the end of this answer.

After each itemized question I'll adjust the .htaccess to cover the solution along with all previous questions. The final solution will address all questions.

1. Switches my site from http to https

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.example.com [R=301,L]

2. Switches my site from https://with no www to https://with www.

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.example.com [R=301,L]

4. Prevent viewing of .htaccess file

Taken from How to deny access to a file in .htaccess

<Files ~ "^.*\.([Hh][Tt][Aa])">
    order allow,deny
    deny from all
    satisfy all
</Files>

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.example.com [R=301,L]

5. Add compression to ALL file types on the site*

<Files ~ "^.*\.([Hh][Tt][Aa])">
    order allow,deny
    deny from all
    satisfy all
</Files>

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.example.com [R=301,L]

<ifmodule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript
</ifmodule>

*Note that not all file types should/could be compressed. I've added the boilerplate that we used to use above which seemed to work well. If you're interested in truly maximizing compression opportunities without the complexities of browser compatibility, look into ModPagespeed

3. block bad bots

I wish it was easy as BlockBadBots yes. If you'd prefer to not analyze bandwidth usage and blocking of bots based on consumption etc., I would recommend that you put your site behind CloudFlare. This service has a good reputation for dealing with high profile DDOS attacks, limiting harmful bots, and keeping sites alive even as demand increases.

Good luck!