Would you like to be able to interact with your site users more dynamically than through email?  You can add a Windows Live Messenger IM control to your page which will allow your site users to see when you are online and initiate a conversation with you. For example:

 

This control does not require visitors to have a Windows Live ID, they will be required to enter a CAPTCHA.  When you sign in to the Windows Live Messenger client application, the above web control displayed on your site will dynamically recognize that you are online and display your presence information.  Messages sent from the user will be directed to your client application as would a conversation initiated by one of your contacts. This functionality can be added to your web page with a few straightforward steps.

 

Step 1: Enable your online presence.

To do this, click the following link and sign in using your Windows Live ID.

http://settings.messenger.live.com/applications/WebSettings.aspx

Under ‘Manage your Messenger web settings, check the checkbox to allow anyone on the web to see your online presence.

 

Then click on the Save button near the top of the page to save this setting.

 

Step 2: Generate the HTML required to display the IM control.

On the left side of the page, under the ‘Web Settings’ heading, click on the ‘Create HTML’ link.

 

From this page, you can decide how your presence should ‘look’.  You can choose to display a full IM control, a button or just an icon to alert users of your presence.  Any of these options will allow a user to initiate a conversation with you when you are online.  Choose a color for the theme of your control or button.  Additionally, if you choose to display the IM control, you can set the width and height. Once you have made your selections for style and appearance, notice that HTML has been generated at the bottom of the page.  This is the HTML you will need in order to display the control on your web page.  If you choose an icon to display your presence, then the HTML will contain a link, but if you choose the full control, then the HTML specifies an iFrame. 

 

Note that the [unique id] in red, in the above screenshot will be a hash unique to your account.

 

Step 3: Copy and paste the HTML into a page where you would like to display your presence.

 

 

That’s all!  Browse to your site and the page to which you added the control.  You are now ready to host conversations with your web site users.  The screenshot below shows the ‘orange’ theme applied to the full IM control.

 

 

How does it work?  When you gave consent for the Windows Live Messenger Service to display your presence information online, a unique id was made.  The generated HTML uses this id as a parameter which is then passed to the service and used to route messages from the IM control to your IM account.  Other parameters are specified in the query string for the theme and, if applicable, height and width, customizations.  The parameters are used to render the IM control, button or icon.

Download Solution Package From CodePlex Now

Before you get started, there are a couple of important prerequisites.

• You must have a Windows Live ID to complete this tutorial.  If you don’t have one, get one here:

  https://signup.live.com/

• You must have the following extensions enabled in your PHP configuration:
  • hash or mhash
  • mcrypt
  • curl

  To enable these extensions, browse to your PHP install and open PHP.ini at the root PHP directory.  Search for ‘mhash’ and look for a line that looks like this:

  ;extension=php_mhash.dll

  Remove the leading semicolon to enable the extension. For example:

  extension=php_mhash.dll

  Do the same for php_mcrypt.dll and php_curl.dll.  They will all be located in this same section of the PHP.ini file.  When you have enabled all three, save the file.  Assuming you have made these changes locally for testing in a local environment, once you deploy your Live Messenger Application, you’ll need to make the same changes to the PHP.ini file on your server.

Step 1: Download the Windows Live Messenger Web Toolkit samples.

There is a link to the download on the right side of the page, Download Messenger Samples.

http://dev.live.com/Messenger/

Extract the files and browse to the PHP directory located in the WebToolkit  > GettingStarted directory.  This code sample includes everything you need to include Windows Live Messenger in your web application; however, there is a small amount of configuration required.  Browse to the conf directory and open the settings.xml file.

Notice the appid, secret  and messengerSecret elements.  The values of these elements must be unique to you and your application.   In order to get these numbers, you will need to create a Windows Live Services account.  No worries, it’s free.

Step 2: Create a Windows Live Services Account

To create your account, go to the Azure Services Developer Portal (http://go.microsoft.com/fwlink/?LinkID=144070) and sign in using your Windows Live ID.  Once you are authenticated, you will see the following page:

Click on the ‘+ New Service’ link at the top right.  On the next page you have the option to create service components.  Under the Azure Services Platform section, click on ‘Live Services: Existing APIs’.

The Create a Service Component page allows you to set service component properties.  Enter a service component label and description.  You can enter anything you want here; these are for your reference to identify your service components on the Azure Live Service Portal site. In the domain field, enter the domain name for your site. The login control uses Delegated Authentication and will verify that that the request to authenticate a user from your website originated from the domain you specify here. Then enter a return URL.  This is the page that users will be directed to after they have signed in to the Windows Live Messenger Service.

You are then directed to a page specific to your service component. You should see the application ID and secret key that have been assigned to you.  These are the values that need to be placed in the settings.xml file. 

Copy and paste the Application ID to the appid element in the settings.xml file.  Also copy and paste the secret key from the Azure Live Service portal page into the secret element in the settings.xml file.  Save the file.

In addition to appid and secret key, the settings.xml also requires messengerSecret id (messenger application key). To get your messengerSecret id, browse to the following url after replacing {appid} with your appid.

https://consent.messenger.services.live.com/applicationsettings.aspx?appid={appid}

You will be directed to a page where you can see the messenger secret id (Messenger Application Key).

Copy and paste Messenger Application Key to the MessengerSecret element in settings.xml file. Save the file.

Step 3: How does it work?

The recommended way to provide Windows Live Messenger sign in functionality on a web site is by using the sign-in control.  The sign-in control requires that your site implement delegated authentication. Delegated authentication means that a site must request consent from a user and the user must grant consent to the application.  When consent has been granted, the application receives a consent token which is used to authenticate a user and log them in to Windows Live Messenger. Open index.php which is located at the root of the PHP directory using a code editing tool.  Take a look near the top of the page.  There are several things required to initialize the Windows Live Messenger application.

• Notice the php includes: lib/settings.php and lib/windowslivelogin.php.   The settings.php file reads the settings.xml file where you added your application ID and secret key.  The windowslivelogin.php file contains, amongst other things, logic to perform delegated authentication and initialize the application. 


 

• A single line of PHP code creates an instance of the WindowsLiveLogin module using the application ID and secret that you set in the settings.xml file. 


 

• Look at the <html> tag.  There is an important namespace defined here for the UI controls.


 

• There is one Javascript file which needs to be included.  This file includes a ‘loader’ class which is used to load Windows Live Messenger Toolkit components.


 

• A Javascript call is made to load the Windows Live Messenger styles via the loader class.


 

• In the <body> tag of the HTML, a <msgr:app> element initializes the application.  There are a couple of important attributes of which to take note.
  • id : an id for your application.
  • application-verifier-token : this is a unique token created by a hash of your application id and the current timestamp.  It could also include an IP address.
  • token-url: the URL of the page containing logic to refresh / check the token.
  • privacy-url : a link to your site’s privacy policy
  • channel-url: this is provided with the sample and is necessary for cross domain communication between the Windows Live Service domain and your site.


 Note that when using the sign-in control (which the sample does), both the privacy-url and the channel-url must be set.  A basic privacy page is included with the sample code, but if you already have a privacy policy on another page, simple change this URL to the existing page. Additionally, the channel page must be hosted on the same domain as the application.

Also, there can only be one instance of the msgr:app control per page.

• Lastly, there are tags for the profile, sign-in and tool bar controls.  The msgr:if control provides conditional logic but does not have a physical presence on the web page which is visible to the user.


 

Step 4: Test the application.

Open the index.php file located at the root of the PHP directory in a web browser.  You should see the following: 

If you are working locally, then you will not be able to login because the domain name from which you are accessing Live Services does not match that which you specified in your Windows Live Services project created in step 2.

If the sign in page loads and looks as expected (similar the to screenshot above), then you are ready to deploy the application at which time you will be able to successfully sign in.

Step 5: Deploy the application.

Copy all of the files located in the PHP directory to a location on your web server where you would like to host the sample application.  If you enabled the hash or mhash, mcrypt and curl extensions in your PHP.ini file locally then you will need to make these changes on your server now.

When you browse to index.php, it should look similar to the following:

 

Download Solution Package From CodePlex Now

You can now sign in to Windows Live Messenger from this page.  Once you’ve signed in, the page displays your profile information which includes your display picture, status and personal message text.  Also look at the web toolbar at the bottom of the page.  From here you can view your contacts and initiate Live Messenger conversations as well as change your status or sign out. 

<?php
/*
*
* @ Multiple File upload script.
*
* @ Can do any number of file uploads
* @ Just set the variables below and away you go
*
* @ Author: Kevin Waterson
*
* @copywrite 2008 PHPRO.ORG
*
*/

error_reporting(E_ALL);

/*** the upload directory ***/
$upload_dir= './uploads';

/*** numver of files to upload ***/
$num_uploads = 5;

/*** maximum filesize allowed in bytes ***/
$max_file_size  = 51200;

/*** the maximum filesize from php.ini ***/
$ini_max = str_replace('M', '', ini_get('upload_max_filesize'));
$upload_max = $ini_max * 1024;

/*** a message for users ***/
$msg = 'Please select files for uploading';

/*** an array to hold messages ***/
$messages = array();

/*** check if a file has been submitted ***/
if(isset($_FILES['userfile']['tmp_name']))
{
/** loop through the array of files ***/
for($i=0; $i < count($_FILES['userfile']['tmp_name']);$i++)
{
// check if there is a file in the array
if(!is_uploaded_file($_FILES['userfile']['tmp_name'][$i]))
{
$messages[] = 'No file uploaded';
}
/*** check if the file is less then the max php.ini size ***/
elseif($_FILES['userfile']['size'][$i] > $upload_max)
{
$messages[] = "File size exceeds $upload_max php.ini limit";
}
// check the file is less than the maximum file size
elseif($_FILES['userfile']['size'][$i] > $max_file_size)
{
$messages[] = "File size exceeds $max_file_size limit";
}
else
{
// copy the file to the specified dir
if(@copy($_FILES['userfile']['tmp_name'][$i],$upload_dir.'/'.$_FILES['userfile']['name'][$i]))
{
/*** give praise and thanks to the php gods ***/
$messages[] = $_FILES['userfile']['name'][$i].' uploaded';
}
else
{
/*** an error message ***/
$messages[] = 'Uploading '.$_FILES['userfile']['name'][$i].' Failed';
}
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Multiple File Upload</title>
</head>

<body>

<h3><?php echo $msg; ?></h3>
<p>
<?php
if(sizeof($messages) != 0)
{
foreach($messages as $err)
{
echo $err.'<br />';
}
}
?>
</p>
<form enctype="multipart/form-data" action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size; ?>" />
<?php
$num = 0;
while($num < $num_uploads)
{
echo '<div><input name="userfile[]" type="file" /></div>';
$num++;
}
?>

<input type="submit" value="Upload" />
</form>

</body>
</html>

20+ .htaccess Hacks Every Web Developer Should Know About

Apache’s .htaccess(hypertext access) configuration file can be a very powerful tool in a web developer’s toolkit if used properly. It can be found in the webroot of your server and can be easily edited using any text editor. In this article I’m going to show you 20 .htaccess hacks and how to use them.

Before I start with this article I’d like to start by saying that abusing the .htaccess file will hurt the performance of your website. The .htaccess file should only be used if you have no other way to achieve certain things.

Make sure to back up your current .htaccess file before applying any of the following hacks.

1. Prevent Hotlinking

Tired of people using your bandwidth by putting the images hosted on your server on their website? Add the following code at the bottom of your .htaccess file to prevent hotlinking.

NOTE: The following article explains better methods to “prevent” hotlinking:
Link building secrets by Maurizio Petrone

2. Block All Requests From User Agents

It’s possible to block all unwanted user agents that might be potentially harmful or perhaps just to keep the server load as low as possible.

3. Redirect Everyone Except Specified IPs

If for some reason you would want to deny everyone or allow only a specific group of IP addresses to access your website, add the following code to your .htaccess file:

4. SEO Friendly 301 Redirects

If you’ve transferred domain names or wish to redirect a specific page or pages without getting penalty from search engines such as Google, use the following code:

5. Creating a Custom Error Page

Are you as tired as me of the default layout of 404 error pages? Well now you can easily create your own and refer to it like this:

6. Create an IP Banlist

Tired of getting the same bs comments specific user over and over again? Just ban the bastard like this by adding the following code to your .htaccess file:

7. Set Default Email Address For Server Admin

Using the following code you can specify the default email address for the server’s admin.

8. Disable Display of Download Request

Usually when downloading something from a web site, you’ll be prompted if you wish to open the file or save it on your hard-disk. To prevent the server from prompting users wether they wish to open or save the file and to just save the file, use the following code:

9. Protect a Specific File

The following code allows you to deny access to any file you wish by throwing an 403 error when it is trying to be accessed. In the following example I’ve chosen to protect the .htaccess file by adding an extra layer of security.

10. Compress Components With mod_deflate

As an alternative to compressing files with Gzip, you can use mod_deflate(which is supposively faster). Place the following code at the top of your .htaccess file(tip: you can also add .jpg|.gif|.png|.tiff|.ico mod_deflate those):

11. Add Expires Headers

The following code shows you how to add an expiration date on the headers.

12. Setting the Default Page

You can set the default page of a directory to the page of your choice. For example in this code the default page is set as about.html instead of index.html

13. Password Protect Your Directories and Files

You can enable password authentication for any directory or file on your server by using the following code:

14. Redirect an Old Domain to a New Domain

By using the .htaccess file you can redirect a old domain name to a new domain by adding the following code into the htaccess file. Basically what it does is it will remap the old domain to the new one.

15. Force Caching

The following code will not directly increase the loading speed of your website. What it will do is, load the content of your site faster when the same user revisits your website by sending 304 status when requested components have not been modified. You can change the cache expiry by changing the number of seconds(it’s currently set at 1 day).

16. Compress Components By Enabling Gzip

By making use of Gzip you can compress files in order to make your website load faster.

17. Remove “category” from a URL

To transform this url: http://yourdomain.com/category/blue to -> http://yourdomain.com/blue, just add the following code at the bottom of your .htaccess file.

18. Disable Directory Browsing

To prevent people from accessing any directories that might contain valueble information or reveal security weaknesses(e.g. plugin directories of wordpress), add the following code to your .htacess file:

19. Redirect WordPress Feeds to FeedBurner

The following snippet redirects WordPress’ default RSS feed feedburner’s feed.

20. Deny Comments from No Referrer Requests

The problem is that bots just post comments about how to increase your private parts all naturally to your blogs without coming from any other site. It’s like they fall from the sky. This neat hack prevents people from posting if they did not come from somewhere else(they can comment just fine if they came from e.g. google).

Source: How to: Deny comment posting to no referrer requests

21. Remove File Extension From URL

Thanks to Kartlos Tchavelachvili for this one. What the following code does is, it removes the .php extension(you can change it to whatever you like e.g. html) in a url. It makes the URL prettier & SEO friendlier.

22. Remove www from URL

Thanks to Mahalie for the following 2 .htaccess codes.
If you wish to take out the www from your website’s URL and transform it from http://www.example.com into http://example.com, add the following to your .htaccess.

23. Add Trailing Slash to URL

Some search engines remove the trailing slash from urls that look like directories – e.g. Yahoo does it. But – it could result into duplicated content problems when the same page content is accessible under different urls. The following code makes sure there’s a slash at the end of your URL:

24. Remove the www. from your website’s URL

Below I’ve provided a simple htaccess snippet to forcefully remove the “www” from your website’s URL.

3	RewriteRule (.*) http://example.com/$1 [R=301,L]

Be aware that mod_rewrite (RewriteRule, RewriteBase, and RewriteCond) code is executed for each and every HTTP request that accesses a file in or below the directory where the code resides, so it’s always good to limit the code to certain circumstances if readily identifiable.

For example, to limit the next 5 RewriteRules to only be applied to .html and .php files, you can use the following code, which tests if the url does not end in .html or .php and if it doesn’t, it will skip the next 5 RewriteRules.

---

RewriteRule !\.(html|php)$ - [S=5]
RewriteRule ^.*-(vf12|vf13|vf5|vf35|vf1|vf10|vf33|vf8).+$ - [S=1]

.htaccess rewrite examples should begin with:

Options +FollowSymLinks

RewriteEngine On
RewriteBase /

Require the www

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule ^(.*)$ http://www.askapache.com/$1 [R=301,L]

Loop Stopping Code

Sometimes your rewrites cause infinite loops, stop it with one of these rewrite code snippets.

RewriteCond %{REQUEST_URI} ^/(stats/|missing\.html|failed_auth\.html|error/).* [NC]
RewriteRule .* - [L]

RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule .* - [L]

Cache-Friendly File Names

This is probably my favorite, and I use it on every site I work on. It allows me to update my javascript and css files in my visitors cache’s simply by naming them differently in the html, on the server they stay the same name. This rewrites all files for /zap/j/anything-anynumber.js to /zap/j/anything.js and /zap/c/anything-anynumber.css to /zap/c/anything.css

RewriteRule ^zap/(j|c)/([a-z]+)-([0-9]+)\.(js|css)$ /zap/$1/$2.$4 [L]

SEO friendly link for non-flash browsers

When you use flash on your site and you properly supply a link to download flash that shows up for non-flash aware browsers, it is nice to use a shortcut to keep your code clean and your external links to a minimum. This code allows me to link to site.com/getflash/ for non-flash aware browsers.

RewriteRule ^getflash/?$ http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash [NC,L,R=307]

Removing the Query_String

On many sites, the page will be displayed for both page.html and page.html?anything=anything, which hurts your SEO with duplicate content. An easy way to fix this issue is to redirect external requests containing a query string to the same uri without the query_string.

RewriteCond %{THE_REQUEST} ^GET\ /.*\;.*\ HTTP/
RewriteCond %{QUERY_STRING} !^$
RewriteRule .* http://www.askapache.com%{REQUEST_URI}? [R=301,L]

Sending requests to a php script

This .htaccess rewrite example invisibly rewrites requests for all Adobe pdf files to be handled by /cgi-bin/pdf-script.php

RewriteRule ^(.+)\.pdf$  /cgi-bin/pdf-script.php?file=$1.pdf [L,NC,QSA]

Setting the language variable based on Client

For sites using multiviews or with multiple language capabilities, it is nice to be able to send the correct language automatically based on the clients preferred language.

RewriteCond %{HTTP:Accept-Language} ^.*(de|es|fr|it|ja|ru|en).*$ [NC]
RewriteRule ^(.*)$ - [env=prefer-language:%1]

Deny Access To Everyone Except PHP fopen

This allows access to all files by php fopen, but denies anyone else.

RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^.+$ [NC]
RewriteRule .* - [F,L]

If you are looking for ways to block or deny specific requests/visitors, then you should definately read Blacklist with mod_rewrite. I give it a 10/10

Deny access to anything in a subfolder except php fopen

This can be very handy if you want to serve media files or special downloads but only through a php proxy script.

RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+)/.*\ HTTP [NC]
RewriteRule .* - [F,L]

Require no www

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^askapache\.com$ [NC]
RewriteRule ^(.*)$ http://askapache.com/$1 [R=301,L]

Check for a key in QUERY_STRING

Uses a RewriteCond Directive to check QUERY_STRING for passkey, if it doesn’t find it it redirects all requests for anything in the /logged-in/ directory to the /login.php script.

RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !passkey
RewriteRule ^/logged-in/(.*)$ /login.php [L]

Removes the QUERY_STRING from the URL

If the QUERY_STRING has any value at all besides blank than the?at the end of /login.php? tells mod_rewrite to remove the QUERY_STRING from login.php and redirect.

RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} .
RewriteRule ^login.php /login.php? [L]

Fix for infinite loops

An error message related to this isRequest exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.or you may seeRequest exceeded the limit,probable configuration error,Use 'LogLevel debug' to get a backtrace, orUse 'LimitInternalRecursion' to increase the limit if necessary

RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule .* - [L]

External Redirect .php files to .html files (SEO friendly)

RewriteRule ^(.*)\.php$ /$1.html [R=301,L]

Internal Redirect .php files to .html files (SEO friendly)

Redirects all files that end in .html to be served from filename.php so it looks like all your pages are .html but really they are .php

RewriteRule ^(.*)\.html$ $1.php [R=301,L]

block access to files during certain hours of the day

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
# If the hour is 16 (4 PM) Then deny all access
RewriteCond %{TIME_HOUR} ^16$
RewriteRule ^.*$ - [F,L]

Rewrite underscores to hyphens for SEO URL

Converts all underscores “_” in urls to hyphens “-” for SEO benefits… See the full article for more info.

Options +FollowSymLinks
RewriteEngine On
RewriteBase /

RewriteRule !\.(html|php)$ - [S=4]
RewriteRule ^([^_]*)_([^_]*)_([^_]*)_([^_]*)_(.*)$ $1-$2-$3-$4-$5 [E=uscor:Yes]
RewriteRule ^([^_]*)_([^_]*)_([^_]*)_(.*)$ $1-$2-$3-$4 [E=uscor:Yes]
RewriteRule ^([^_]*)_([^_]*)_(.*)$ $1-$2-$3 [E=uscor:Yes]
RewriteRule ^([^_]*)_(.*)$ $1-$2 [E=uscor:Yes]

RewriteCond %{ENV:uscor} ^Yes$
RewriteRule (.*) http://d.com/$1 [R=301,L]

Require the www without hardcoding

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\.[a-z-]+\.[a-z]{2,6} [NC]
RewriteCond %{HTTP_HOST} ([a-z-]+\.[a-z]{2,6})$     [NC]
RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]

Require no subdomain

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} \.([a-z-]+\.[a-z]{2,6})$ [NC]
RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]

Require no subdomain

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} \.([^\.]+\.[^\.0-9]+)$
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

Redirecting Wordpress Feeds to Feedburner

Full article:Redirecting Wordpress Feeds to Feedburner

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/feed\.gif$
RewriteRule .* - [L]

RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator) [NC]
RewriteRule ^feed/?.*$ http://feeds.feedburner.com/apache/htaccess [L,R=302]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Only allow GET and PUT Request Methods

Article: Request Methods

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} !^(GET|PUT)
RewriteRule .* - [F]

Prevent Files image/file hotlinking and bandwidth stealing

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?askapache.com/.*$ [NC]
RewriteRule \.(gif|jpg|swf|flv|png)$ /feed/ [R=302,L]

Stop browser prefetching

RewriteEngine On
SetEnvIfNoCase X-Forwarded-For .+ proxy=yes
SetEnvIfNoCase X-moz prefetch no_access=yes

# block pre-fetch requests with X-moz headers
RewriteCond %{ENV:no_access} yes
RewriteRule .* - [F,L]

This module uses a rule-based rewriting engine (based on a regular-expression parser) to rewrite requested URLs on the fly. It supports an unlimited number of rules and an unlimited number of attached rule conditions for each rule, to provide a really flexible and powerful URL manipulation mechanism. The URL manipulations can depend on various tests, of server variables, environment variables, HTTP headers, or time stamps. Even external database lookups in various formats can be used to achieve highly granular URL matching.

This module operates on the full URLs (including the path-info part) both in per-server context (httpd.conf) and per-directory context (.htaccess) and can generate query-string parts on result. The rewritten result can lead to internal sub-processing, external request redirection or even to an internal proxy throughput.