If you are not familiar with using htaccess, the instructions below will help you check that mod_rewrite is available on your server and then allow you to install an htaccess file containing the modifications described in this post. The instructions assume that if you already have an htaccess file in use on your site, it is the standard one supplied as part of the Joomla installation - if not you will need to make the modifications to the file yourself. You can download a zip file from here containing the three htaccess files that are referred to in the instructions below.
Before you start
To install the file(s) you must use either an FTP client or your hosting control panel. DO NOT upload it using a Joomla extension. This is VERY important. if there are problems with your server processing the file you are likely to get a 500 (Internal Server Error) message displayed in your browser when you test the site, in both Steps 1, 2 and 3. If you get such an error the solution is to either rename the file (e.g. from .htaccess to htaccess.txt) or to delete it. If you upload using a Joomla! extension you will be unable to do this once the 500 Error occurs. If you do not have FTP or control panel (cPanel) access to your website, DO NOT proceed with installation of the htaccess file(s). Seek assistance from your hosting company instead.
If you have problems seeing the .htaccess files on your website or in the folders from the zip file, you may need to configure your FTP client's settings to allow you to view hidden files (on a Unix platform any file starting with a "." is treated as a hidden file).
Step 1 - Is mod_rewrite enabled?
If you are not already using an htaccess file on your site, the first step is to check whether your host has enabled mod_rewrite. There are some instructions on how to do this here. We have provided a copy of an htaccess file that you can use to perform this test in the Step 1 folder of the zip file. If your site is located in a sub-domain you will need to follow the instructions in the file to modify it for use on a sub-domain.
Step 2 - mod_rewrite is enabled, what next?
Before proceeding it is important to make sure that your RewriteBase line has been set up correctly. If your Joomla installatin is in the root directory of the hosting account, no further action should be required. However if the Joomla installation is in a subdirectory you will need to modify the htaccess file. For example, you have installed your Joomla site is located in subdirectory so that your URLs read - http://www.example.com/mysite/, in which case your RewriteBase line should be:
If you do not make this modification, the mod_rewrite rules will not match the URLs that are processed by the mod_rewrite Apache module and the protection will fail. Note - if you are hosting multiple domains in a single account, individual domains will be installed in separate sub-directories, for example /public_html/site1, /public_html/site2, etc. where /public_html is the website root. In this case you should not need to modify the RewriteBase as the Apache server is treating the sub-directories as the base for the individual domains.
Step 3 - Install new htaccess?
If Step 1 worked OK and you were redirected to the Joomla! website, mod_rewrite is installed and you can proceed to install an htaccess file. In the Step 3 folder of the zip file there is a modified htaccess file containing the additional rules described in this post. We have also added an instruction denying access to htaccess files by web browsers - this does not stop the file working, Apache will still read and act upon it, but it does prevent hackers snooping on the file contents. To install this modified file simply upload it from the Step 2 folder into the root of your website. Test your site - if it is working OK you have successfully installed the enhanced htaccess file. If you are getting server errors or unable to access some of the content on your site - you need to proceed to Step 3.
Step 4 - I am getting unexpected errors
We have included a Step 4 folder in the zip file. This contains a copy of the original htaccess file that is included in a Joomla 1.5.18 installation. If you were already using an htaccess file and the new file has caused server errors, replace the file on the server with the file from the Step 4 folder. If you were not using an htaccess file, simply delete the one you installed at Step 2 and seek advice from your hosting provider about the use of an htaccess file on your website.
If the htaccess file does not work as expected
1. Is your Joomla installation in a subdirectory?
If it is then un-comment the line # RewriteBase / by removing the #, and change the "/" to the right path, e.g.
RewriteBase /subdirectory or RewriteBase /~username/htdocs
2. Your web hosting does not support SymLinks.
In that is the case, comment out the Options FollowSymLinks line, so it reads:
# Options FollowSymLinks
3. Your web hosting account is not configured for the use of htaccess files
If that is the case, ask your hosting provider if they could activate this option on your account. Explain to them why you want it - to improve the protection of your website. If they are unable or unwilling to activate it you should consider moving to a hosting company that will.
4.Your site is integrated with Payment Gateway such as PayPal and the payment notification now fails - disable the Rewrite Condition which detects null (empty) Agent Strings - the Gateways often do not supply this information.
5. Your test system is running on an xampp server, running on a windows platform
The standard installation of XAMPP creates an Apache web server with mod_rewrite disabled. To enable htaccess on an Apache Web servers running on a Windows platform:
a. Using a text editor, open the httpd.conf file. In XAMPP, this file is found in the \apache\conf directory
b. Locate the following line of code:
#LoadModule rewrite_module modules/mod_rewrite.so
c. Remove the # from the line as seen below to enable the module:
LoadModule rewrite_module modules/mod_rewrite.so
d. Save the httpd.conf file and Restart your server
e. Restart your Apache Server - mod_rewrite should be now be enabled. Use the instructions at Step 1 to test it.
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Bodvoc Ltd is not affiliated with or endorsed by Open Source Matters or the Joomla! Project.