What Is The htaccess File

Rewriterule, AllowOverride, Redirects, RewriteEngine

Complete Guide - Proper and Common Uses with Examples

Updated: August 6, 2023
By: RSH Web Editorial Staff

Contact Us

The htaccess File


A file with the .HTACCESS (Hyper Text Access) extension is an Apache Access Configuration File. These are text files used to invoke an exception to the global settings that apply to the various directories of an Apache website. Another common use for this file is for pointing to an .HTPASSWD file that stores credentials preventing visitors from accessing that particular directory of files.

What is an .htaccess File?

The .htaccess file in Apache is a list of commands that allows Server configurations at the directory and subdirectory level. Using this file enables you to configure website permissions without having to altering Server configuration files. You can set 404 error pages, control the server's configuration, modify the default settings, password protect directories, redirects, deny users based on IP and more.

Warning: Because the .htaccess file is a Server Configuration File. A typo can cause your Server to be misconfigured. This can result in the Server or your Website not working. If you are not sure of modifying this file, consult with a web developer. Be sure to make backups of your original .htaccess file and proceed carefully.

Note: If you have access to HTTPD main Server config file, you should avoid using .htaccess files. Using the .htaccess files can slow down your Apache HTTP Server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance.

Note: If you want to call your .htaccess file something else, you can change the name of the file using the AccessFileName directive. For example, if you would rather call the file .config then you can put the following in your server configuration file:
AccessFileName ".config"

Advantages of .htaccess file

Reads all requests. Because .htaccess files are read on every request. Any changes made in these files take immediate effect. Opposed to the main configuration file, which requires the Server to be restarted for the new settings to take effect. It can effectively manage user access based on the preference. Sets directory level configurations. Can increase SEO efforts.

Working with the .htaccess file

You can access, view and edit the .htaccess file through cPanel's File Manger or our preferred method is with a FTP program and a good Text Editor such as Note Pad++. Remember, this file always starts with a period.

Location of the .htaccess File

Normally this file in the root folder. If you are not able to find it in the root folder, then it might be hidden. Enable hidden files in the settings of your program. Go to the "public_html" or "WWW" folder. This is where you will find all your website files. A single directory and multiple website subdirectories can have a separate .htaccess file.

Example Files - Code Snippets

There are a vast amount of configuration possibilities that can be achieved within the .htaccess file. The list below is a few of the more commonly used examples.

Allow All or Deny From

With this example, it means that any person can access to your website or server
Notice the "allow from all".

<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

If you wanted to deny a user by way of their IP numbers, it might look like this.

<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
deny from
allow from all

Removing file Extensions such as .PHP

Example is this page: The full name is actually:

But with this code it becomes just:

Looks better in the Browsers address bar, and Google even uses this version of the URL in the search results.

RewriteEngine on
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule !.*\.php$ %{REQUEST_FILENAME}.php [QSA,L]

Error Page Redirects

A 404 error is an HTTP status code that means that the web page you were trying to reach could not be found.

ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notfound.html
ErrorDocument 500 /servererror.html

Setting the Default Directory Page

Most default website directory pages are named "index.html". If you want your default to be something else like "home.html" use this format.

DirectoryIndex home.html

Enabling SSI

Some web hosting servers will have Server Side Includes enabled by default. If not, you can enable it with your .htaccess file.

AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes

Password Protect Directories

With this Directories, you will need two files, ".htaccess" and ".htpasswd". The .htpasswd file needs to include some encryption. A tool like Htpasswd Generator to create the file works good.

The .htaccess file should include this code;

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

Disable Directory Browsing

This is one of the easiest to do and only needs two lines of code to be included in your .htaccess file.

Options -Indexes

Force Files to Download Instead of Showing in Browser

AddType application/octet-stream .mov .mp3 .zip

Disallow Script Execution

This would be use if you do not want scripts such as CGI or PHP to run.

Options -ExecCGI
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Kids Safe Online

.htaccess Redirect Examples

Redirect a page on the same domain

Redirect 301 /page.html /newpage.html

Redirect a page to a different domain

Redirect 301 /page.html https://example.com/page.html

Redirect an entire Website

Redirect 301 / https://example.com/

Redirect from .html to .php

RedirectMatch 301 (.*)\.html https://example.com/$1.php

Remove www from all URLs

RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule (.*) https://example.com/$1 [R=301,L]


RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
Online Privacy

.htaccess and Page Speed

Site speed is one of the most important technical SEO factors.

Leverage Browser Caching

One of the easiest ways to increase site speed and reduce server load is to leverage browser caching. Browser caching stores resources from your website page on a visitor’s computer.

RewriteBase /
# compress text, HTML, JavaScript, CSS, and XML
<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE image/svg+xml
# remove browser bugs
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType video/mp4 "access plus 1 year"
ExpiresByType audio/mp3 "access plus 1 year"
ExpiresByType video/mpeg "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 1 month"
ExpiresByType font/ttf "access plus 1 year"
ExpiresByType font/otf "access plus 1 year"
ExpiresByType font/woff "access plus 1 year"
ExpiresByType font/woff2 "access plus 1 year"
ExpiresByType application/font-woff "access plus 1 year"

When Not to use the .htaccess file

In general, you should only use the .htaccess files when you do not have access to your main Server configuration files. There is, for example, a common misconception that user authentication should always be done with the .htaccess files, and in more recent years another misconception that mod_rewrite directives must go in the .htaccess files. This is simply not the case. You can add user authentication configurations in the main Servers configuration, and this is the preferred way to do this. Likewise, mod_rewrite directives work better and in many respects faster with better security.

The .htaccess files should be used in cases where the content providers need to make configuration changes to the Server on a "Per Directory" basis. But do not have root access to the Web Server system. Or in the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes for themselves. This is particularly true, for example, in cases where hosting companies are hosting multiple websites on a single Server. And allow their users to be able to alter their own website's configuration.

There are two main reasons to avoid the use of the .htaccess files.

Performance. When AllowOverride is set to allow the use of .htaccess files, HTTPD will look in every directory for other .htaccess files. As a result, permitting, .htaccess files causes a performance hit. Whether there are any others. Also, the .htaccess file "Loads" every time a document is requested.

Security. You are permitting users to modify Server configurations. This could result in changes over which you have no control. Carefully consider whether you want to give your users this privilege. Note also that giving users less privileges than they need will lead to additional technical support requests. Make sure you clearly tell your users what level of privileges you have given them. Specifying exactly what you have set AllowOverride to, and pointing them to the relevant documentation, will save yourself a lot of confusion later.


.htaccess might be an old school tool, but it still has an important role to play with certain functions of your website. Almost all Apache Servers have a preset configuration file. But this applies to the whole Web Server. That is where the .htaccess can can come in handy. You can set directory and subdirectory level configuration to override the Apache configuration settings. Or to set specific configuration rules for your website.

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
If you need specific help with your account, feel free to contact us anytime
Thank you

Tweet  Share  Pin  Email

More Articles Of Interest

Professional, Reliable and Secure Web Hosting from our professional team. at affordable prices. Offering cPanel, Free SSL (HTTPS) Certificate, Free Domain Name and Domain Private Registration