articles

Home / DeveloperSection / Articles / What is .htaccess and the basic rules you need to know

What is .htaccess and the basic rules you need to know

What is .htaccess and the basic rules you need to know

James Dan 1337 25-Jul-2019

What is .htaccess 

Generally speaking, an .htaccess file is a Apache configuration file. This document file located in an Apache HTTP server which usually just called Apache.

.htaccess is a powerful file that used to control the directory and files in the Apache server. The common things associated with .htaccess are displaying the error message, URL rewrite rules, hotlinking protection, and many more. 

Where can I find my .htaccess file?

First of all, you can’t locate the file if your web server is not running on an Apache server - for example Microsoft IIS, NGINX, etc.

Otherwise, you should be able to find the file inside the File Manager. Most of the small business hosting services you found in the market are running on Apache.

What is .htaccess and the basic rules you need to know

As .htaccess file is hidden by default, so you need to make sure to enable the Show Hidden Files within the settings.

What is .htaccess and the basic rules you need to know

By now, you should be able to see the .htaccess file. Just right-click, edit if you want to access the content.

You can have more than one .htaccess file on your web server. But, each directory or subfolder only can have one. For example, if you want certain rules for subfolder1, you can put a .htaccess file in subfolder1. If you want rules that apply to the entire domain, you can have a .htaccess file in your root folder.

Since .htaccess is important and sensitive, you have to be extra careful when editing and make sure you do the steps correctly.

Examples of Useful .htaccess Hacks

If you want to know the complete .htaccess rules, you should check out this one-page htaccess cheat sheet, which pretty much gathers all the rules you need.

So, here are some .htaccess hacks that I find useful.

Manage URL Redirects

One of the common situations that most websites encounter is that the search engine displays a 404 error message when you have moved your content to a new location. A 404 error message tells the search engine that it has arrived at a dead-end and will cause the search engine to remove your link from their database. Which is why you will notice search traffic drops right after you have moved the content.

The best action to tackle this is to use a 301 redirect. Here’s what a typical 301 redirect looks like:

Redirect 301 http://domain.com/old-location-here/ http://domain.com/archive/new-location-here/

By using the code above, you will point the search engine from the old location to a new location. And, the content is moved permanently.

The record in the search engine database will update according. Rather than to force the search engine to remove the old link entirely and caused you to lose traffic, now you are updating the search engine database without starting all over again.

Note that, there’s a space between the old URL and the new URL.

Protect Site Against Hotlinking

Hotlinking occurs when someone links directly to your website files and display them on their website. For example, when the owner of website A wants to use the image from the owner of website B, instead of downloading and hosting it, the owner of the website A links directly to the website B to get the image.

When a person hotlinks your website assets, they are utilizing your server resources to bring up the files.

To prevent hotlinking, you can add the following code to your .htaccess file;

RewriteCond %{HTTP_REFERER} unwanteddomain\.com [NC,OR]
RewriteCond %{HTTP_REFERER} unwanteddomain2\.com
RewriteRule .* - [F]

Use can also use the hotlink protection tool to generate the .htaccess file with the setting of your choice. With this tool, you can allow certain domains or prevent all from accessing your images.

Manage Custom Error Pages

When someone bumped into the wrong page on your website, by default, most of the web servers will display a blank error page to your visitors. You can make the experience more pleasing by displaying a more user-friendly error page and guide them where to go next.

Let says you have a custom 404 error page called “404.html” and saved it into a folder named “error_pages”. Using the following line of codes in .htaccess, you can call that page up whenever a 404 error is encountered by a visitor

ErrorDocument 404 /error_pages/404.html

Using this method, you can also include the necessary error code in your .htaccess file and displaying the same error page. The common error codes include:

  • 400 - Bad request
  • 403 - Forbidden
  • 404 - File not found
  • 500 - Internal Server Error
  • 503 - Service Unavailable

Disable Directory Browsing

If your website has directory browsing enabled, you are exposing your site to potential hacks. Through directory browsing, hackers can find files with known vulnerabilities and take advantage of these files to gain access.

Besides, other people can look into your files, copy images, and steal your information if you leave your directory without protecting.

For security reasons, it’s highly recommended that you turn off directory indexing and browsing. To do this, add this line of code to your .htaccess file

Options All -Indexes

This simple code will disable directory browsing on your website. The people who are trying to locate a directory index on your website will be redirected to the 404 error page.

However, if you want to enable directory browsing, you can change it to the following

Options All +Indexes

Additional Resources for .htaccess

Here are additional resources to learn .htaccess

  • Htaccess-guide
  • Guide to htaccess
  • Apache htaccess

Conclusions

There’s much more you can do with .htaccess, for instance, speed by the website load time and set automatic translation of your pages, force redirects non HTTPS request to a HTTPS request.

It’s highly recommended to always backup the original version of .htaccess before you make any changes. So if things don’t go your way, you have a working copy to revert to.


James is the website administrator and social media enthusiast. He loves to connect with like-minded people.

Leave Comment

Comments

Liked By