RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$

Is there an htaccess tutorial somewhere out there that puts this into every rule's boilerplate? Unless you have multiple sites sharing the same htaccess, you never need conditions of this type. And even if you do have a shared-htaccess setup, you wouldn't use this wording.

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

What are these Conditions for? The body of the rule has already named the specific URL that the rule applies to.

RewriteRule ^oldFolder\/stupid-long-file-name\.html$ "http\:\/\/example\.com\/new\-folder1\/stupid-long-file-name\.html" [R=301,L]

Yup, there's a tutorial out there somewhere. Can we all go around saying nasty things about it so it goes out of business?

#1 slashes do not need to be escaped in mod_rewrite. (The only time a slash ever needs to be escaped is when /blahblah/ acts as the delimiter for an overal Regular Expression. One or two Apache mods do this, but not mod_rewrite.) Neither do colons--ever--or hyphens outside of grouping brackets.

#2 nothing in a target needs to be escaped. Ever.

#3 target doesn't require quotation marks.

Do you have lots of different files that are getting redirected from old-location to new-location?

# Google Analytics Integration - Added by cPanel.

Do you in fact use GA? <IfModule> envelopes are my particular bugaboo, because right away you know it's a generic rule put in by someone else. Either you've got the mod or you haven't. (My favorite is the WordPress boilerplate that looks for mod_rewrite. If you didn't have mod_rewrite, you wouldn't be able to run WP on an Apache system in the first place.)

:: detour to Apache docs ::

Oh. 2.2.7 "and later", including 2.4.

Yup, there's a tutorial out there somewhere. Can we all go around saying nasty things about it so it goes out of business?

It all screams of cPanel generated code. (I don't want them to go out of business, but yes, nasty nasty nasty!)

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ 
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

What are these Conditions for?

cPanel blindly adds this before every RewriteRule in your .htaccess file when it auto-renews (or is it only when first installed?) a Let's Encrypt SSL cert, to ensure the cert validation process succeeds! (Yes, before every darn RewriteRule in your entire .htaccess file! You kept a backup, right?)

[edited by: whitespace at 10:28 pm (utc) on Sep 20, 2017]

Thanks for the quick reply!
The code provided was copied from the htaccess file. I myself haven't actually put any thing there yet. My host server has some tools for redirecting were you put the URL that's to be moved and were its ending up. I didn't know of htaccess at that time probably a year ago. I'm guessing the hosts tools I used put all this in.

I have 4 folders containing 1 HTML file a piece, then some in the root and a PHP file for my form. The whole site now is only 5 pages really, and a PHP file for my form. There's another page I've made that isn't easy to find navigating the site, but it's used to send a quick link to a directions page with a google map widget so clients can receive it via text and get directions. I just want to move all files into one folder again and change the file names again, shorter names, they are all blaaah-blah-blah-blah-blah.html
My URL looks like https://www.example.com/contact-us/blah-blah-blah-blah-blah.htlm. Each page is like this with a different folder containing the one page, very small site. But perfect for what we need. My goal is to use PHP includes for parts tha change often that show on each page and have a clean place to work with, some things in the public HTML I'm not sure if I've put them there or a search engine when trying to index my site and it's messy. And I did try GA but never used it. I can't remember if they had instructions to copy and paste it in when setting up GA or if they did it another way

...some things in the public HTML I'm not sure if I've put them there or a search engine when trying to index my site and it's messy.

By "public HTML" do you mean the contents of your HTML files?! No one should be able to edit your HTML files, except you. That's what happens when sites get "hacked"! Please post the "mess" - I'm curious!

Public HTML. I'm referring to were my site sits the root. The mess is all the files I've ftp'd there, that are nolonger needed. But some I'm not sure if they are supposed to be there or if I've placed them there for google, bing, etc to verify owning the site. I know I've put at least one .txt file in the root folder for a search engine, but can't remember if I had for all or used other ways. Google had a few different verification techniques to use and I think I've put more than one on there for google due to loosing the account I set it up with. Like I said I'm so newbie it's not funny, I use dreamweaver, most of what I have made is typed out and coded, the styles is what I mainly use the Dw for, there's a lot of things I'm not sure dw can do or I don't know how to use it that well, mainly as text editor and previewing

or if I've placed them there for google, bing, etc to verify owning the site

Site verification files have clearly recognizable names. If in doubt, simply delete the files and then go into the relevant Webmaster Tools and see if you can still verify the site. At worst, they'll give you a new one to re-upload. If there appears to be more than one from the same search engine, delete all but the newest one.

:: detour to check ::

googleblahblahblah.html
yandex_blahblahblah.html
BingSiteAuth.xml

Yeah. You'll know them when you see them.

Pro tip: If you don't already have an /includes/ directory, give it some silly made-up name instead. This makes it easier to unconditionally block malign robots that ask for /includes/everything-under-the-sun.

Thanks, I haven't set it up yet. I need to fix my htaccess correctly to keep my search engines happy. From what I've read but don't understand is that if you don't have it set up correctly, first with the http://example.com, and http://www.example.com plus just example.com and www.example.com, and all so https://example.com in all ways www, no www no https any thing but to also make sure i can setup sub domains if needed in the future, like example.example.com, I have a ssl, and want all pages to go to the https maine site. I have parked domains, one for email because the main one is long, and I liked the one I picked, and another one which should be the main but the boss wants what she wants. When I first set up the site, not knowing anything, and doing it quickly, with cpanel, and dreamweaver to ftp and edit, I do know some coding and did most of my site, all me, some dw help but mostly me. I don't use the cgi-bin what ever that is and or any other folder in my home root, mysql and stuff. My host does support php, and i've found a cool way to edit the every page content, footer, prices, header. But I also want to shorten all my page file names, change where they are, like a different folder or just the root where home page index is use include (with different name than includes, thank you,) When the site 4 yrs ago went live a used the cpanel to redirect pages. Not htaccess, cpanel put the codes in shown earlier, if possible I want to rewrite their codes, since they are badly done, correctly, but also, once I have made changes to the pages like change all to php to use the includes and moved to new folders in the root site folder, I want to make sure I do not mess up bookmarks and rankings, I read that htaccess has configs to keep that all safe.

[edited by: ztaco at 1:16 am (utc) on Sep 21, 2017]

oops...... and also https://example.com with or with out www

Also, is their a tutorial on htaccess, I've found what is called tutorials. And looks easy enough, with help of course, but not to hard to find an example and replace the real names. But I've yet to find one explaining placement of code, what should be in front of what, and automatically placed code from cpanel from using the redirect tools in the cpanel main menu on my host, which I guess badly done codes from what I've seen here. And not hurt the respect of the search engines I already have.

Search these Forums for “domain-name canonicalization redirect”. It's one of the Top Ten questions asked in the Apache subforum, so there should be several hundred posts on the subject--especially when you include the newer twist of redirecting HTTP to HTTPS. It's all one RewriteRule with a pair of [OR]-delimited conditions.

Always save a copy of your htaccess locally. But don't call this version .htaccess with leading dot, or you'll never find it again; give it a distinctive name like "htaccess_abc" "htaccess_def" and so on for each site. The ".htaccess" name goes with the uploaded version.

Unless there's something you haven't told us, I think your fear of antagonizing search engines is exaggerated. Just make sure everything is a clean, single-step redirect.

Do you have add-on domains living in directories "inside" your primary domain? (My host uses the "userspace" configuration instead, but--without naming names--I already know you've got a different host.) If so, there may be times you'll need the %{HTTP_HOST} condition, but then again there are other ways to handle the nesting.

OK, separate post. Here is my boilerplate on cleaning up an htaccess file. It dates back a few years, but I doubt there's anything out-and-out incorrect:

Cleaning up an htaccess file

Step 1: Organize. Collect all the directives for each module in one place. The server doesn't care, but you-- and anyone who comes along after you-- will appreciate it.

Tip: Use a text editor with a "Find All" window to pull up all lines beginning with the element "Rewrite..." That takes care of mod_rewrite; dump them all at the end for now.

Step 2: Get rid of all <IfModule> envelopes. Not their contents, just the envelopes themselves. These envelopes are hallmarks of mass-produced htaccess files that have to work anywhere, on any server. You are now on your own site. Any given mod is either available to you or it isn't.

Exception: If you use a standard CMS such as WordPress, your htaccess file will contain a group of lines beginning and ending with #comments saying something like "begin WordPress" and "end WordPress". Leave everything in this package unchanged unless you know what you are doing.

Step 3: Sort by module. The server doesn't care what order the directives are listed in, or even if rules from different modules are all garbled together. Each module works separately, seeing only its own directives. But humans need to be able to find things.

For most people it will be most practical to group one-liners at the beginning:

Options -Indexes

is a good start. If your htaccess file contains only one line, that's probably it. Other quick directives are ones starting with words like AddCharset or Expires. Then list your error documents.

If you have any very short Files or FilesMatch envelopes, put them near the top too. For example:

<Files "robots.txt">
Order Allow,Deny
Allow from all
</Files>

<FilesMatch "\.(css|js)">
Header set X-Robots-Tag "noindex"
</Files>

Be sure to have an "Allow from all" envelope for your custom 403 page. If you are on shared hosting and they provide default error-document names such as "forbidden.html", this has probably already been done in the config file. But it does no harm to repeat it.

Step 4: Consolidate redirects.

Step 4a: Get rid of mod_alias. If your htaccess file contains any mod_rewrite directives, it can't use mod_alias (Redirect... by that name), or things may happen in the wrong order. For large-scale updating, use these Regular Expressions, changing \1 to $1 if that's what your text editor uses. Each of these can safely be run as an unsupervised global replace.

# change . to \. in pattern
^(Redirect \d\d\d \S+?[^\\])\.
TO
\1\\.

# now change Redirect to Rewrite
^Redirect(?:Match)? 301 /(.+)
TO
RewriteRule \1 [R=301,L]

# and if needed
^Redirect(?:Match)? 410 /(.+)
TO
RewriteRule \1 - [G]

^Redirect(?:Match)? 403 /(.+)
TO
RewriteRule \1 - [F]

Step 4b: Sort your RewriteRules. At the beginning is the single line

RewriteEngine on

A RewriteBase is almost never needed; get rid of any lines that mention it. Instead, make sure every target begins with either protocol-plus-domain or a slash / for the root.

Sort RewriteRules twice.

First group them by severity. Access-control rules (flag [F]) go first. Then any 410s (flag [G]). Not all sites will have these. Then external redirects (flag [R=301,L] unless there is a specific reason to say something different). Then simple rewrite (flag [L] alone). Finally, there may be a few rules without [L] flag, such as cookies or environmental variables.

Function overrides flag. If your redirects are so complicated that they've been exiled to a separate .php file, the RewriteRule will have only an [L] flag. But group it with the external redirects. If certain users are forcibly redirected to an "I don't like your face" page, the RewriteRule will have an R flag. But group it with the access-control [F] rules.

Then, within each functional group, list rules from most specific to most general. In most htaccess files, the second-to-last external redirect will take care of "index.html" requests. The very last one will fix the domain name, such as with/without www.

Leave a blank line after each RewriteRule, and put a

# comment

before each ruleset (Rule plus any preceding Conditions). A group of closely related rulesets can share an explanation.

Step 5: Notes on error documents.

Reminder: ErrorDocument directives must not include a domain name, or else everything will turn into a 302 redirect. Start each one with a / representing the root.

Caution: Since each module is an island, any module that can issue a 403 must have its own error-document override. "Allow from all" in a <Files> envelope covers mod_authzzzz. If you have RewriteRules that end in [F], make sure your 403 documents can bypass these rules:

RewriteRule ^forbidden\.html - [L]

This rule must go before any rules with the [F] flag.

@lucy24
I have 3 domains pointing to the same DNS. 1 is the main one, the other two are parked. One was, I use for email, because our original is so long "namewordpractice.com" like mikescheaplawfirm.com and evern though it's kinda easy to remember my real domain is the persons first name but one with multiples Spellings. So I found a smaller and I liked it , it matched the word, like "cheapmail.com". Like I said I'm very new to wed stuff all of it, and started from barely able to use google email, to web designer over night. Not on purpose, just needed a in expensive site to build business. But once I started learning with free online courses, i was hooked, and in my opinion the site turned out awesome and it's mobile friendly with responsive design and not a mobile version.
Also one domain parked 3rd one is what I think should be the main. Not sure if I can post the site if you wanted to look at it and point out any horribleness, I do know we must be easy to find

welcome to WebmasterWorld, ztaco! [webmasterworld.com]

I have 3 domains pointing to the same DNS.

do you mean 3 domains pointing to the same web server IP address?

Not sure if I can post the site if you wanted to look at it and point out any horribleness,

please see our Terms of Service [webmasterworld.com] (#21)
there is a Review My Site [webmasterworld.com] forum in the Supporters category.

Thanks, new to forums other than looking through from searches related to similar situations. Took me awhile to figure out how to post. Also quickly figured out my posts were to long, and un-precise. Thanks!

3 domains 1 the site original and two others that are parked and if the URL is type in it'll show the same site as the original. In cPanel, with what I guess is a rewrite tool, I changed the parked domains to be redirected to the original site in the https original site domain as a 301. It works like expected, but the cPanel generated code is sloppy and bad, from what the feed back has stated.

If you've got three domains passing through the same htaccess, but two of them are parked, one option is

RewriteCond %{HTTP_HOST} (parked1|parked2)
RewriteRule ^ - [L]

which essentially means "if the request is for either of my parked domains, don't apply any RewriteRules and just move on to the next mod". This would go at the beginning of the mod_rewrite section of your htaccess.

I changed the parked domains to be redirected to the original site

This seems contradictory. Is it parked, meaning you're not doing anything with it right now, or is it more like a typo domain where all requests for "exmaple.com" redirect to "example.com"? Typo domains are the easiest to code for, because sooner or later everything redirects to the right spelling. You don't even need any extra rules.

Well, we have our original which is long. So I found one that also would work for the main. I'm not to knowledgeable on hosting and had the small one pointed to the DNS servers the main one is on. We don't use it or give it to anyone but if type in to a browser it goes to the site with the small name displayed in the browser. But doesn't show its ssl certified. The other one is for email address, that I thought were catchy, like gmail, it has mail at the end and is small in length. It's also pouted to the dns servers and same thing if typed into the browser. I did use the nasty code making cPanel tool recently, and 301 both to the main domain with https, and it works. From what I understand they are parked. Not being used but if was typed in to the URL goes to the site.

Example:
Main domain still is: somenameandwordsdecribing.
Goes to main if typed in browser with the com: Somename.
Same as 2nd one, but use only for email: Blahsmail.
com
I want to change it all to the 2nd one, and use the mail one for email, but the boss doesn't, but wants to keep it how it is with out search engines getting confused and book marks from previous mods when changed once before still come to us.

You don't need to think about email, because those are not HTTP requests and therefore are completely unaffected by anything in an htaccess file. Just make sure that everything on the "real" site, such as a Contact form or mailto: link, uses the domain name you want.

Are you bigger than your boss? Can you beat him at arm-wrestling? Would rock/paper/scissors work? Before you can take any other action, you need to decide which name you're using. Once you've made that decision, your entire htaccess will use that name, and you can simply pretend the other two don't exist. Any and all requests will be either blocked or redirected, depending on who's making the request.

This is not the Google subforum and I do not know anything about SEO, but I feel confident saying that search engines will not like it if you redirect to a different hostname every other month. Pick one and stick with it.

@lucy24
Boss=wife,
WifeHappy=happyLife
The site is for her law office we started together, her the lawyer, and me the receptionist, assistant, web designer, technical support, etc. Before all this I worked in a warehouse and barley understood the difference between a browser and a search engine. Which is from experience not rare for most people.
I haven't changed host names unless I'm confused, same host since beginning, same domain since beginning. I have two other domains that are shorter and wanted them for emailing purposes. A custom email other than gmail. The main domain is 21 characters long not including the https www and com. For an email in my opinion me@gmail is easy since gmail is owned and all other short word or letter combos are owned that I've checked, I came up with somesmail, not that but same amount of characters before the mail, and it's a word spelled one way. Unlike my wife's name, the boss, that has a name spelled so many ways and her spelling is rare, but the most common same name different spelling is owned. When I purchased the .....mail domain, it was on the hosting site registry were it was purchased, it didn't work until I called the hosting techs to tell them I wanted it as email. The email works fine from my cPanel webmail, but if you type the mail domain into the browser minus the me@ it pulls up the site, but with the mail domain in the URL so it looks like two different sites with exact content. This was also happening with another domain on another registry I do remember setting the DNS server names, there seem to always be two, for this to be the same as my hosting server? It to did the same thing so now it looks like 3 sites with same content. After seeing something about same content on different sites is bad for search engines, even if it really is one site with other domains going to it, the engines don't realize and hurts your results. Indexing www.domain.com, domain.com, httpdomain.com, and httpsdomain.com all as different sites with same content, that's 4 sites. In my cases it's like 12 sites unless I'm just confused. So I used the nasty code making tool to redirect both the two not really being used but for email, if typed into the URL as a website, they are redirected as a 301 to https mylongdomain com, and it works right now.

In the beginning I used the redirect tools in cPanel shortly after the site went live. Those are the codes lucy24 was asking about. I had my site like this
ROOT_FOLDER
index.html
mail.php
WEBPAGES
contact.html
about.html
services.html
I changed it to this in case we added more pages like pages, contact this person page or another services page.
ROOT_FOLDER

index.html
mail.php
CONTACT-US
contact.htML
ABOUT-US
about.html
OUR-SERVICES
services.html
of course there are other folders for CSS JavaScript and old folders thanked deleted, I do have a robots.text telling them not to index these folders, or I believe that's what I did.

Boss=wife,
WifeHappy=happyLife

All right then, Boss says use suchandsuch name, that's the name you'll be using ;)

I haven't changed host names unless I'm confused, same host since beginning, same domain since beginning.

OK, add “host” to the words that have more than one meaning. (Another one I sometimes have problems with is “directory”.)

“your host” = the company that runs your server if you are on “shared hosting”
“host name” = often the same as “domain name”, except that if you have subdomains (like forums.example.com) each of those counts as a different hostname. The forms “www.example.com” and “example.com” are also technically different hostnames.

I do have a robots.text telling them not to index these folders, or I believe that's what I did.

You may have a robots.txt telling them not to crawl those folders. In the case of stylesheets and scripts, material that isn't crawled won't be indexed, simply because search engines don't know what's there. (Nobody is going to link to someone else's css, which is the way un-crawled content gets indexed.) BUT if you’ve been paying attention to the major search engines, you know that they really want to be able to see your scripts and stylesheets, since that's the main way they assess mobile-friendliness. So a better approach is to allow them to crawl, and then block indexing. I think I even have this in my htaccess-fixing boilerplate:

<FilesMatch "\.(css|js)">
Header set X-Robots-Tag "noindex"
</Files>

Put this in the main htaccess and it will trickle down to all files, no matter where they live. Headers beginning in X- are officially non-standard, additional or proprietary, but in the specific case of X-Robots-Tag, the major search engines know what it means.

CONTACT-US
contact.htML
ABOUT-US
about.html
OUR-SERVICES
services.html

Do you mean that “contact-us” and so on is the name of a directory that contains only the contact.html file? Or do you mean that “contact-us” is the linking text?

Slashes in an url, like example.com/directory/subdir/subsubdir/, do not have to correspond to real, physical directories on your server. But it's a heck of a lot simpler when they do.

yes
example.com/index.html =page1
Then 3 directories
example.com/folder1/page2.html, no other pages in folder.
example.com/folder2/page3.html, no there pages in folder
xample.com/folder3/page4.html, no there pages in folder
My reasoning was to add more pages to each folder with more of that type of info like
example.com/contact-us/contact-us-for-scheduling.html; /contact-us/directions-to-businessname-map.html; /contact-us/individual-employee-info.html
I don't believe we will be adding much more.
I purchased additional domains just to hold onto and 1 because it's perfect for email, catchy to remember than our site domain, for clients. They were registered on couple different places, but I've transferred, or set the DNS1,2 on the register a to the same on my host for the site. So when you type example.com in the URL my site pops up, if typle mymail.com same thing except the URL doesn't have our main domain. I really want to stop the other domains from going anywhere, and using they purely for email. I can in cPanel, make emails for all the domains I currently own on the host server pushing my site. Have I screwed up in the folder situations and just use one folder for all /allhtml/page2;3;4;5.html
Or keep it the way it is and clean up junk folders I put on the server cause I'm not bright.
And how to stop the other domains from pointing to the site and still use them for email. I put 301 codes to redirect the other domains if someone does type them in the URL to go the the main site and show main domain in URL once landed. And have https, so it doesn't look unsecured, I do have a ssl, even though we don't take card info just a contact form: name, phone, email, address.
Is it all wrong?

And how to stop the other domains from pointing to the site and still use them for email.

I think I said earlier--if not in the present thread, then in an adjoining one--that you do not need to worry about email. Your htaccess file is only concerned with HTTP requests; mail is completely unaffected.

Your domain-name-canonicalization redirect takes care of two things at the same time: legitimate visitors (humans or search engines) who got the "www" wrong ... and anyone pointing their own DNS at your site's physical files. They'll both be redirected.

Have you at any point laid out which files need to be redirected? This should be based on actual incoming requests, not on purely hypothetical errors. For example, you may or may not need this kind of redirect:
example.com/contact/index.html
example.com/contact/
>>
example.com/contact/contact.html
depending on whether your logs show that anyone (human or search engine) has actually requested those forms.

:: detour to raw logs ::

Matter of fact, I used to have a clutch of pages with the same URL structure you describe: /directory/pagename.html but no /directory/index.html or /directory/ alone. (I've since changed them all.) It looks as if some search-engine robots really did ask for the nonexistent forms; I know I did have a redirect in place just to be safe. So, yeah, you'll need a slew of

RewriteRule ^contact/(index\.html)?$ https://www.example.com/contact/Contact.html [R=301,L]

and so on, one for each directory that behaves this way.

Note, however, that if you don't expect to add additional pages in the immediate future, you could also just stick with the bare directories, and redirect in the other direction:
/contact/Contact.html
>>
/contact/
Then, if you later add specialized types-of-contact pages, those can get names of their own, while the primary Contact page remains as the unlabeled index.html. This is a decision only you can make--in, ahem, consultation with The Boss.

I really want to stop the other domains from going anywhere, and using they purely for email.

you really have two choices here:

1 - change your apache configuration so that only your primary web hostname(s) is configured as a virtual host and listening to port 80, in which case your web server will never receive requests for hostnames on the non-canonical "email domains".

2 - accept requests for the "email domains" and let your hostname canonicalization redirects (as discussed elsewhere) handle the non-canonical hostname requests.