Industry Leading Control Panel (cPanel) ⁃ Manage almost everything for your Hosting Account
A file with the .HTACCESS (Hyper Text Access) extension is an Apache Access Configuration File. These are text files used to invoke an exception to the global settings that apply to the various directories of an Apache website. Another common use for this file is for pointing to an .HTPASSWD file that stores credentials preventing visitors from accessing that particular directory of files.
The .htaccess file in Apache is a list of commands that allows Server configurations at the directory and subdirectory level. Using this file enables you to configure website permissions without having to altering Server configuration files. You can set 404 error pages, control the server's configuration, modify the default settings, password protect directories, redirects, deny users based on IP and more.
Warning: Because the .htaccess file is a Server Configuration File. A typo can cause your Server to be misconfigured. This can result in the Server or your Website not working. If you are not sure of modifying this file, consult with a web developer. Be sure to make backups of your original .htaccess file and proceed carefully.
Note: If you have access to HTTPD main Server config file, you should avoid using .htaccess files. Using the .htaccess files can slow down your Apache HTTP Server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance.
Note: If you want to call your .htaccess file something else, you can change the name of the file using the AccessFileName directive. For example, if you would rather call the file .config then you can put the following in your server configuration file:
AccessFileName ".config"
Reads all requests. Because .htaccess files are read on every request. Any changes made in these files take immediate effect. Opposed to the main configuration file, which requires the Server to be restarted for the new settings to take effect. It can effectively manage user access based on the preference. Sets directory level configurations. Can increase SEO efforts.
Normally this file in the root folder. If you are not able to find it in the root folder, then it might be hidden. Enable hidden files in the settings of your program. Go to the "public_html" or "WWW" folder. This is where you will find all your website files. A single directory and multiple website subdirectories can have a separate .htaccess file.
There are a vast amount of configuration possibilities that can be achieved within the .htaccess file. The list below is a few of the more commonly used examples.
You can access, view and edit the .htaccess file through cPanel's File Manger or our preferred method is with a FTP program and a good Text Editor such as Note Pad++. Remember, this file always starts with a period.
With this example, it means that any person can access to your website or server
Notice the "allow from all".
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>If you wanted to deny a user by way of their IP numbers, it might look like this.
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
deny from 127.0.0.1
allow from all
</Directory>
A 404 error is an HTTP status code that means that the web page you were trying to reach could not be found.
ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notfound.html
ErrorDocument 500 /servererror.html
With this Directories, you will need two files, ".htaccess" and ".htpasswd". The .htpasswd file needs to include some encryption. A tool like Htpasswd Generator to create the file works good.
The .htaccess file should include this code;
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
Most default website directory pages are named "index.html". If you want your default to be something else like "home.html" use this format.
DirectoryIndex home.html
Some web hosting servers will have Server Side Includes enabled by default. If not, you can enable it with your .htaccess file.
AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes
For our example we will use this page, the full name is actually:
blog-what-is-the-htaccess-file.php
But with this code it becomes just:
blog-what-is-the-htaccess-file
This looks cleaner in your Browsers address bar, and Google even uses this cleaner looking version of the URL in the search results.
You can remove any file extension by substituting the ".php" for your extension.
RewriteEngine on
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule !.*\.php$ %{REQUEST_FILENAME}.php [QSA,L]
This is one of the easiest to do and only needs two lines of code to be included in your .htaccess file.
Options -Indexes
Have you ever clicked a PDF link and had it open in your browser instead of downloading? Or an MP3 starts playing right there? That’s the browser’s default behavior for certain file types: PDFs, images, audio, and video often display inline. With .htaccess, you can force these files to download instead, giving the user a file they can save and open later.
AddType application/octet-stream .mov .mp3 .zip
This would be use if you do not want scripts such as CGI or PHP to run.
Options -ExecCGI
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
If you need to move your whole site, an example might be if your switching from a "olddomain.com" name to a "newdomain.com", or shifting from HTTP to HTTPS for security. Redirecting every page manually can be a nightmare, but with a .htaccess file you can handle it in just a few lines of code, sending all traffic to a new destination. It is also great for SEO (keeping your search rankings) and user experience (no broken links).
Redirect 301 / https://example.com/
Redirect 301 /page.html /newpage.html
Redirect 301 /page.html https://example.com/page.html
Switching your site from static .html pages to dynamic .php ones is a common upgrade. With .htaccess, you can seamlessly redirect all .html requests to their .php equivalents (e.g., page.html to page.php), keeping everything working properly.
RedirectMatch 301 (.*)\.html https://example.com/$1.php
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule (.*) https://example.com/$1 [R=301,L]
If your site has an SSL certificate (most hosts offer free ones via cPanel), you can use .htaccess to redirect all HTTP traffic (e.g., http://yourdomain.com) to HTTPS (e.g., https://yourdomain.com). It’s a simple tweak that boosts security, trust and stops Browser Warnings.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
Page speed isn't just about keeping visitors happy, it's a big deal for SEO and user experience. A slow site can drive people away and tank your Google rankings. Luckily, the .htaccess file offers simple tricks to speed things up, no coding degree required.
One of the easiest ways to increase site speed and reduce server load is to leverage browser caching. Browser caching stores resources from your website page on a visitor's computer.
RewriteBase /
# compress text, HTML, JavaScript, CSS, and XML
<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE image/svg+xml
</ifmodule>
# remove browser bugs
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType video/mp4 "access plus 1 year"
ExpiresByType audio/mp3 "access plus 1 year"
ExpiresByType video/mpeg "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 1 month"
ExpiresByType font/ttf "access plus 1 year"
ExpiresByType font/otf "access plus 1 year"
ExpiresByType font/woff "access plus 1 year"
ExpiresByType font/woff2 "access plus 1 year"
ExpiresByType application/font-woff "access plus 1 year"
</IfModule>
## EXPIRES CACHING ##
In general, you should only use the .htaccess files when you do not have access to your main Server configuration files. There is, for example, a common misconception that user authentication should always be done with the .htaccess files, and in more recent years another misconception that mod_rewrite directives must go in the .htaccess files. This is simply not the case. You can add user authentication configurations in the main Servers configuration, and this is the preferred way to do this. Likewise, mod_rewrite directives work better and in many respects faster with better security.
The .htaccess files should be used in cases where the content providers need to make configuration changes to the Server on a "Per Directory" basis. But do not have root access to the Web Server system. Or in the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes for themselves. This is particularly true, for example, in cases where hosting companies are hosting multiple websites on a single Server. And allow their users to be able to alter their own website's configuration.
There are two main reasons to avoid the use of the .htaccess files.
Performance. When AllowOverride is set to allow the use of .htaccess files, HTTPD will look in every directory for other .htaccess files. As a result, permitting, .htaccess files causes a performance hit. Whether there are any others. Also, the .htaccess file "Loads" every time a document is requested.
Security. You are permitting users to modify Server configurations. This could result in changes over which you have no control. Carefully consider whether you want to give your users this privilege. Note also that giving users less privileges than they need will lead to additional technical support requests. Make sure you clearly tell your users what level of privileges you have given them. Specifying exactly what you have set AllowOverride to, and pointing them to the relevant documentation, will save yourself a lot of confusion later.
Most website hosting companies use cPanel on shared Apache servers. It's great for simplicity but comes with limits:
Redirect /test / When you are new to the .htaccess file and editing it, things can go wrong fast, and they often do.
Just a tiny typo might break your site with a dreaded 500 Internal Server Error
Here's how to avoid them:
RewriteEngine On Skip this, and nothing will happen..htaccess might be an old school tool, but it still has an important role to play with certain functions of your website. Almost all Apache Servers have a preset configuration file. But this applies to the whole Web Server. That is where the .htaccess can can come in handy. You can set directory and subdirectory level configuration to override the Apache configuration settings. Or to set specific configuration rules for your website.
A guest blogger hailing from Switzerland, dedicated to assisting local companies in expanding their reach from regional to national and international levels. With a proven track record in...
Tweet Share Pin Email
