Ejemplos de .htaccess para CMS populares: cómo restaurar el archivo predeterminado
· 9 min de lectura
El archivo .htaccess es un archivo de configuración utilizado en servidores web Apache para administrar la configuración del sitio web sin acceso a la configuración principal del servidor. Con él, puedes habilitar redirecciones, restringir el acceso, configurar URL amigables para SEO, configurar caché y mucho más, directamente desde la raíz de tu sitio o cualquiera de sus directorios.
Muchos CMS crean automáticamente este archivo al instalarlo o incluyen una muestra en la distribución.
Si trabajas con alojamiento, especialmente en Apache, es importante saber cómo se ve el .htaccess predeterminado para diferentes CMS. Esto te ayuda a:
-
Verificar que todo esté correcto después de la instalación;
-
Restaurar el archivo si se eliminó accidentalmente;
-
Entender qué reglas usa el sistema "tal cual".
Ubicación del .htaccess
El archivo .htaccess generalmente se encuentra en la carpeta raíz del sitio, por ejemplo:
/var/www/site.com/public_html/.htaccess
Si el archivo no está (por ejemplo, si se eliminó accidentalmente), puedes crearlo manualmente con el nombre .htaccess (el nombre comienza con un punto, sin extensión).
Abre el archivo con un editor de texto (por ejemplo, Notepad++ o VS Code).
aviso
No utilices suites de oficina (como MS Word) para editarlo, ya que pueden insertar caracteres ocultos que romperán el archivo.
A continuación, se muestra una colección de archivos .htaccess estándar utilizados por defecto en los CMS populares. Estos ejemplos pueden ser útiles si eliminaste o corrompiste accidentalmente el archivo .htaccess original y necesitas restaurarlo para que tu sitio funcione correctamente.
Wordpress
El .htaccess predeterminado de WordPress habilita URL "limpias" e incluye reglas de redireccionamiento básicas:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Si se usa una instalación multisitio con subdominios (por ejemplo, site1.example.com, site2.example.com):
# BEGIN WordPress Multisite
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# Redirect for multisite (subdomains)
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
</IfModule>
# END WordPress Multisite
Si se usa una instalación multisitio con subdirectorios (por ejemplo, example.com/site1, example.com/site2):
# BEGIN WordPress Multisite
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# Redirect for multisite (subdirectories)
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule . index.php [L]
</IfModule>
# END WordPress Multisite
Joomla 2.5-3
Joomla utiliza .htaccess para protección básica y configuración SEF:
##
# @package Joomla
# @copyright Copyright (C) 2005 - 2012 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
##
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
## Mod_rewrite in use.
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
# RewriteBase /
## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
Joomla 4-5
En Joomla 4 se presta más atención a la seguridad y el almacenamiento en caché:
##
# @package Joomla
# @copyright (C) 2005 Open Source Matters, Inc. <https://www.joomla.org>
# @license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of Apache mod_rewrite, but it may have already been set by
# your server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the
# beginning of the line), reload your site in your browser and test your sef urls. If
# they work, then it has been set by your server administrator and you do not need to
# set it here.
##
## MISSING CSS OR JAVASCRIPT ERRORS
#
# If your site looks strange after enabling this file, then your server is probably already
# gzipping css and js files and you should comment out the GZIP section of this file.
##
## OPENLITESPEED
#
# If you are using an OpenLiteSpeed web server then any changes made to this file will
# not take effect until you have restarted the web server.
##
## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes
## No directory listings
<IfModule mod_autoindex.c>
IndexIgnore *
</IfModule>
## Suppress mime type detection in browsers for unknown types
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
## Protect against certain cross-origin requests. More information can be found here:
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)
## https://web.dev/why-coop-coep/
#<IfModule mod_headers.c>
# Header always set Cross-Origin-Resource-Policy "same-origin"
# Header always set Cross-Origin-Embedder-Policy "require-corp"
#</IfModule>
## Disable inline JavaScript when directly opening SVG files or embedding them with the object-tag
<FilesMatch "\.svg$">
<IfModule mod_headers.c>
Header always set Content-Security-Policy "script-src 'none'"
</IfModule>
</FilesMatch>
## These directives are only enabled if the Apache mod_rewrite module is enabled
<IfModule mod_rewrite.c>
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root home page
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
# RewriteBase /
## Begin - Joomla! core SEF Section.
#
# PHP FastCGI fix for HTTP Authorization, required for the API application
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# -- SEF URLs for the API application
# If the requested path starts with /api, the file is not /api/index.php
# and the request has not already been internally rewritten to the
# api/index.php script
RewriteCond %{REQUEST_URI} ^/api/
RewriteCond %{REQUEST_URI} !^/api/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the /api/index.php script
RewriteRule .* api/index.php [L]
# -- SEF URLs for the public frontend application
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
Drupal 7
El .htaccess en Drupal 7 incluye configuraciones básicas de seguridad y optimización. Contenido típico:
# Use the following to prevent server signatures and directory browsing
ServerSignature Off
Options -Indexes
# Protect sensitive files
<FilesMatch "\.(htaccess|htpasswd)">
Order Allow,Deny
Deny from all
</FilesMatch>
# Protect files from being accessed directly
<FilesMatch "\.(txt|md|yml|json|xml)$">
Order Allow,Deny
Deny from all
</FilesMatch>
# Set a default timezone for PHP
SetEnv TZ Europe/Amsterdam
# Enable compression for better performance
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript text/javascript application/javascript
# Cache settings for better performance
<IfModule mod_headers.c>
Header set Cache-Control "public, max-age=3600"
</IfModule>
Drupal 8
Para Drupal 8, .htaccess ya incluye mejoras adicionales y soporta nuevas funciones. Por ejemplo, hay soporte para HTTP/2, seguridad mejorada, personalización para manejar URL limpias y caché.
# Prevent server signature and directory browsing
ServerSignature Off
Options -Indexes
# Protect sensitive files
<FilesMatch "\.(htaccess|htpasswd|ini|log|conf)$">
Order Allow,Deny
Deny from all
</FilesMatch>
# Clean URLs support
RewriteEngine on
RewriteBase /
# Support for HTTP/2
<IfModule http2_module>
Protocols h2 http/1.1
</IfModule>
# Cache control for assets
<IfModule mod_headers.c>
Header set Cache-Control "public, max-age=86400, s-maxage=86400, must-revalidate"
</IfModule>
# Enable compression
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript
# Redirect trailing slashes for clean URLs
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} /+$
RewriteRule ^(.*)/$ /$1 [R=301,L]
Drupal 9
Para Drupal 9, .htaccess incluye mejoras adicionales para trabajar con tecnologías web más nuevas como el soporte HTTP/2 y medidas de seguridad más estrictas.
# Prevent directory browsing and server signatures
ServerSignature Off
Options -Indexes
# Protect sensitive files
<FilesMatch "\.(htaccess|htpasswd|ini|log|conf)$">
Order Allow,Deny
Deny from all
</FilesMatch>
# Enable clean URLs (this is essential for Drupal to work properly)
RewriteEngine on
RewriteBase /
# Support for HTTP/2 and modern caching
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_headers.c>
Header set Cache-Control "public, max-age=86400, s-maxage=86400, must-revalidate"
</IfModule>
# Enable Gzip compression
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript text/javascript application/javascript
# Clean URLs support for Drupal
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} /+$
RewriteRule ^(.*)/$ /$1 [R=301,L]
OpenCart
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
Magento (2.x)
Magento tiene un .htaccess complejo que incluye reglas para compresión, caché y seguridad. Ejemplo para Magento 2:
<IfModule mod_php5.c>
php_flag memory_limit 756M
php_flag max_execution_time 18000
</IfModule>
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/pub/
RewriteRule ^(.*)$ pub/$1 [L]
</IfModule>
PrestaShop 1.7.x
PrestaShop genera automáticamente el archivo .htaccess durante la instalación o cuando cambias la configuración de URL amigables para SEO.
# ~~start~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
# .htaccess automatically generated by PrestaShop e-commerce open-source solution
# http://www.prestashop.com - http://www.prestashop.com/forums
<IfModule mod_rewrite.c>
<IfModule mod_env.c>
SetEnv HTTP_MOD_REWRITE On
</IfModule>
RewriteEngine on
# Domain: www.example.com
RewriteRule . - [E=REWRITEBASE:/]
# API
RewriteRule ^api$ api/ [L]
RewriteRule ^api/(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]
# Images
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L]
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]
# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType application/x-javascript "access plus 1 week"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/vnd.microsoft.icon "access plus 1 year"
ExpiresByType application/font-woff "access plus 1 year"
ExpiresByType application/x-font-woff "access plus 1 year"
ExpiresByType font/woff2 "access plus 1 year"
ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
ExpiresByType font/opentype "access plus 1 year"
ExpiresByType font/ttf "access plus 1 year"
ExpiresByType font/otf "access plus 1 year"
ExpiresByType application/x-font-ttf "access plus 1 year"
ExpiresByType application/x-font-otf "access plus 1 year"
</IfModule>
<IfModule mod_headers.c>
Header unset Etag
</IfModule>
FileETag none
<IfModule mod_deflate.c>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/x-javascript font/ttf application/x-font-ttf font/otf application/x-font-otf font/opentype image/svg+xml
</IfModule>
</IfModule>
# If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404
Shopify, Squarespace, Adobe Commerce y otras plataformas en la nube
Shopify, Squarespace y Adobe Commerce (anteriormente Magento Commerce) son plataformas basadas en la nube que no proporcionan acceso directo al archivo .htaccess. Toda la configuración se realiza a través del panel administrativo.
Otros ejemplos de estos servicios incluyen Wix, Weebly, BigCommerce y Jimdo. Estas plataformas permiten a los usuarios configurar y optimizar sus sitios web a través de interfaces visuales, sin necesidad de editar manualmente los archivos de configuración del servidor.
¿Necesitas ayuda para restaurar tu archivo .htaccess?
Si no estás seguro de qué CMS utiliza tu sitio web o cómo restaurar de forma segura un archivo .htaccess roto, estamos aquí para ayudarte.
Nuestro soporte técnico es completamente gratuito para todos los clientes de Kodu.cloud y está disponible 24/7/365. Simplemente crea un ticket de soporte y nuestro equipo te asistirá en cuestión de minutos.
Para más detalles sobre lo que incluye, consulta nuestra política de soporte.