A quick introduction of .htaccess with examples

What is .htaccess?

The .htaccess file is a configuration file that affects how a web server responds to various requests.

.htaccess files provide a way to make configuration changes on a per-directory basis.

Why is it called .htaccess?

(Hyper Text + Access) These files were first used to control user access on a per-directory basis.

Where is the .htaccess file?

every folder (directory) on your server could have one

Why can’t I find my .htaccess file?

On most file systems, file names that begin with a dot ( . ) are hidden files. This means they are not typically visible by default.

Request Status

    200-        OK
    300-        Redirect
    400-        Client
    500-        Server
Client Request Errors

    400 — Bad Request

    401 — Authorization Required

    402 — Payment Required (not used yet)

    403 — Forbidden

    404 — Not Found

    405 — Method Not Allowed

    406 — Not Acceptable (encoding)

    407 — Proxy Authentication Required

    408 — Request Timed Out

    409 — Conflicting Request

    410 — Gone

    411 — Content Length Required

    412 — Precondition Failed

    413 — Request Entity Too Long

    414 — Request URI Too Long

    415 — Unsupported Media Type.
Server Errors

    500 — Internal Server Error

    501 — Not Implemented

    502 — Bad Gateway

    503 — Service Unavailable

    504 — Gateway Timeout

    505 — HTTP Version Not Supported.

URL Redirects and URL Rewriting

301 vs. 302
301 means “Permanently Moved”
302 means “Moved Temporarily”

Redirect vs. Rewrite
#Redirect
#Basic Page Redirect
Redirect 301 /relative-url.html http://urfusion.net/full-url.html
#Redirecting a large section
Redirect 301 /old-directory http://urfusion.net/new-directory
#Redirecting an entire site
Redirect 301 / http://urfusion.net
#Rewrite
#Redirecting www to non-www
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^www\.urfusion\.net [NC]
RewriteRule ^(.*)$ http://urfusion.com/$1 [R=301,NC]
#Redirecting to www
RewriteEngine On
RewriteCond %{http_host} ^urfusion.net [NC
RewriteRule ^(.*) http://www.urfusion.net/$1 [R=301,NC]

Hiding Your .htaccess File

order allow,deny
deny from all

Magick things happend with .htaccess

1. Stopping hot linking of images:

    #Block hotlinking
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?urfusion.net [NC]
    RewriteRule \.(jpg|jpeg|png|gif|css)$ - [NC,F,L]

2. Block bad crawlers

#To block an IP address
RewriteCond %{REMOTE_HOST} 208.96.122.142 [OR]
#To block user-agents
RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]

RewriteRule ^.* - [F,L]
#or Blacklisting by IP

order allow,deny
deny from 111.22.3.4
deny from 789.56.4.
allow from all
#or Whitelisting by IP

order deny,allow
deny from all
allow from 111.22.3.4
allow from 789.56.4.7
#or Domain names instead of IP addresses

order allow,deny
deny from example.com
allow from all

3. Optimize the performance of your site

#Gzip:

     AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
     AddOutputFilterByType DEFLATE application/javascript
     AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
     AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
     AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype


#Max-age expires:

# If you don't use filenames to version, lower the CSS  and JS to something like



ExpiresActive on
# Perhaps better to whitelist expires rules? Perhaps.

ExpiresDefault                          "access plus 1 month"

# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
ExpiresByType text/cache-manifest       "access plus 0 seconds"

# Your document html
ExpiresByType text/html                 "access plus 0 seconds"

# Data
ExpiresByType text/xml                  "access plus 0 seconds"
ExpiresByType application/xml           "access plus 0 seconds"
ExpiresByType application/json          "access plus 0 seconds"

# Feed
ExpiresByType application/rss+xml       "access plus 1 hour"
ExpiresByType application/atom+xml      "access plus 1 hour"

# Favicon (cannot be renamed)
ExpiresByType image/x-icon              "access plus 1 week"

# Media: images, video, audio
ExpiresByType image/gif                 "access plus 1 month"
ExpiresByType image/png                 "access plus 1 month"
ExpiresByType image/jpeg                "access plus 1 month"
ExpiresByType video/mp4                 "access plus 1 month"

# Webfonts
ExpiresByType application/x-font-ttf    "access plus 1 month"
ExpiresByType font/opentype             "access plus 1 month"
ExpiresByType application/x-font-woff   "access plus 1 month"
ExpiresByType image/svg+xml             "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

# CSS and JavaScript
ExpiresByType text/css                  "access plus 1 year"
ExpiresByType application/javascript    "access plus 1 year"


4. Fix broken links, preserve SEO

Redirect /pdf_press /products/pdf-press
5. Custom error pages

ErrorDocument 404 /error/error404.htm
ErrorDocument 500 /error/error500.htm

6. Require SSL

# require SSL
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "urfusion.net"
ErrorDocument 403 https://urfusion.net

# require SSL without mod_ssl
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
7. Setting Environment Variables

SetEnv SPECIAL_PATH /foo/bin

8. Password Protection With .htpasswd

#Usernames and passwords for the .htaccess system are stored in a file name .htpasswd
#These are stored each on a single line, in the form:

username:encryptedpassword

AuthUserFile /usr/local/etc/.htpasswd
AuthName "Name of Secure Area"
AuthType Basic

require valid-user

You can also put users into groups and allow access based on group. This is done by adding another file which specifies the groups.

The group file, which could be named (for example) .htgroups looks like this:

admin: johnsmith janedoe
staff: jackdoe cindysmith

Then you can specify it in your .htaccess file:

AuthUserFile /usr/local/etc/.htpasswd
AuthGroupFile /usr/local/etc/.htgroup
AuthName "Admin Area"
AuthType Basic

require group admin

9. Block Users by Referrer

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*urfusion\.net [NC,OR]
RewriteRule .* - [F] 

10. Specifying a Default File for a Directory

DirectoryIndex home.html

11. Force Download by MIME Type

AddType application/octet-stream pdf doc docx rtf

12. Disable or Enable Index

#Disabling Indexes
Options -Indexes

#Enabling Indexes
Options +Indexes

#Hiding some files from the Index
IndexIgnore *.gif *.jpg
IndexIgnore secret-image.jpg

13. Scripts as Source pre

RemoveHandler cgi-script .php .py
AddType text/plain .php .py

14. Configuring PHP Settings

php_value upload_max_filesize  10M

more coming soon…

You may also like...

Creating a Shopify App using Laravel How to Create Custom WordPress Plugin? How to Build a Telegram Bot using PHP How to Convert Magento 2 into PWA?