With the help of the con­fig­u­ra­tion file .htaccess, web­mas­ters using NCSA-com­pat­i­ble web servers like Apache HTTP Server are able to set up directory-related rules. This allows web­mas­ters to control which users have access to par­tic­u­lar files. Setting up automatic redirects is also a typical example of one of the many .htaccess hacks.

So what is a .htaccess file?

.htaccess concerns text-based files that allow au­tho­rized users to influence directory-specific matters related to NCSA-com­pat­i­ble web servers. This tech­nol­o­gy was developed in the nineties by the then-leading web server, NCSA HTTPD. The main ap­pli­ca­tion of .htaccess today, however, is most commonly as­so­ci­at­ed with the wide-spread Apache HTTP server. This server functions by con­trol­ling one or more central con­fig­u­ra­tion files, commonly named “.httpd.conf”. These high-ranking con­fig­u­ra­tion files are normally saved in the program directory of the web server itself and are defined by the server ad­min­is­tra­tor. With the help of .htaccess tricks, this file further de­ter­mines whether a user is allowed to receive an au­tho­riza­tion that enables server con­fig­u­ra­tion. In the case that such rights are granted, the user can then create and edit .htaccess files for every desired directory. This access also allows those with the re­spec­tive rights to overwrite con­fig­u­ra­tion parts on different directory levels.

Whenever a page is accessed, web servers re­cur­sive­ly scan all high-ranking di­rec­to­ries (.htaccess of a sub­di­rec­to­ry over­writes a higher-ranking one) without creating a cache. Server settings that are performed with a .htaccess file are valid the moment that same file is stored in its proper directory. No server reboot is required. Notation at this juncture needs to be 100 percent accurate. An im­prop­er­ly entered .htaccess file can, under some cir­cum­stances, prevent site access on the entire server. When correctly carried out, .htaccess tricks offer some helpful features for managing web servers. These .htaccess hacks can be quickly im­ple­ment­ed and are easy to embed into existing system struc­tures.

How .htaccess files work

Given that .htaccess files are com­plete­ly composed of text, they can be drafted and edited in any con­ven­tion­al text editor. Depending on available access to web servers, there are different ways to approach creating such files. Telnet or SSH access allows you to compile and edit .htaccess files directly on the server. Once the FTP access is available, the file has to be locally created and uploaded. As is typically the case with directory-specific files on Unix systems, this file also needs to begin with a dot. Such notation tells the operating system that the file is “hidden”, which can create the im­pres­sion that the uploaded .htaccess file is missing when a graphic FTP client is involved. The afore­men­tioned point can also be a source of problems when locally creating a .htaccess file; this, however, is easily fixed. In order to prevent the editor from including the typical .txt file ending, select under the file type “All files” when saving. Once the .htaccess file has been mounted with the proper command, it simply needs to be trans­port­ed to the desired directory. The file is im­me­di­ate­ly valid; this also counts for sub di­rec­to­ries.

Con­fig­ur­ing servers with .htaccess hacks

.htaccess files allow au­tho­rized users to quickly and easily influence the con­fig­u­ra­tion of a web server. HTTP au­then­ti­ca­tion makes it possible to protect entire di­rec­to­ries from unau­tho­rized access. Error pages or automatic transfers can also be set up with this process. There is a wide range of different .htaccess tips and tricks, and we have compiled 10 of the most useful ones for you below:

1. Al­ter­na­tive error pages

Default web servers display standard HTML files or hard-coded messages if an error occurs when a page is accessed. Such error reports are neither par­tic­u­lar­ly helpful nor aes­thet­i­cal­ly pleasing. .htaccess enables users to feed in pages or messages that refer users to al­ter­na­tive content. Here are the state­ments used to integrate custom error reports: 

#individual error reports at local storage 
locatioErrorDocument 404/directorypath/404.html

When error pages are located on an external URL or above the root directory of a website, it is possible to enter the entire URL into the .htaccess. The .htaccess file must be located in the root directory in the former case, however.  

#individual error report external storage location
ErrorDocument 404 www.domain.tld/directorypath/404.html

2. For­ward­ing

For­ward­ing and redirects comprise some of the main uses of .htaccess files. Requests can be forwarded to another domain or in­di­vid­ual file of a website, or can be redi­rect­ed within a given site. Once saved in the root directory, the following code ensures that requests headed for the original server domain are rerouted to the new one: 

#single forwarding
Redirect / http://www.new-domain.tld/

Using the same method, in­di­vid­ual files can also be trans­ferred within a website in the case that a site’s name is changed: 

#forwarding individual documents
Redirect /old-page.html new-page.html

3. Re­strict­ed areas

Those wishing to forego the need of composing extensive log-in scripts with PHP, yet still require a protected directory or file on their server can use .htaccess tricks to set up re­strict­ed areas. This type of password pro­tec­tion requires a second file called “.htpasswd”. Relevant passwords are stored here, and may only be entered into Unix systems when encrypted. To this end there are many different .htpasswd gen­er­a­tors available online. Protected di­rec­to­ries can be set up by executing the following commands: 

# basic password protection with .htaccess
AuthType Basic
AuthName "restricted area"
AuthUserFile /<absolute path to password file>/.htpasswd
AuthPGAuthoritative Off
require user User1 User2 User3

The .htpasswd is then created with the users, including their encrypted passwords. 

# .htpasswd file for usernames and passwords
User1:duCmo1zxkKx6Y
User2:mou3IYjSLpGWI
User3:HGKS9XzDXXAXQ

While the .htpasswd files should ideally be placed in the root directory, the .htaccess needs to be in the directory that is to be protected.

4. In­creas­ing PHP memory limits

PHP ap­pli­ca­tions are con­strained by a defined memory limit. This limit de­ter­mines the maximum amount of working memory that PHP scripts are allowed to cu­mu­la­tive­ly take up. The following command in the .htaccess increases this limit as necessary.

# PHP Memory Limit
php_value memory_limit 128M

The value “128M” stands for the limit of 128 megabytes in this case. Depending on memory and server re­quire­ments, other limits can also be es­tab­lished.

5. Changing the time zone of a server

If the server is running in the wrong time zone, the following entry allows the proper adaption to take place in the .htaccess:

# set time zone
SetEnv TZ US America/Chicago

6. Block IP addresses

It’s possible to prevent certain IP addresses or ranges from accessing websites. The right entry can suspend all IP addresses and grant access only to certain addresses. Doing this can make websites available ex­clu­sive­ly for the employees of pro­pri­etary intranets, for example. The following command is a summary of some of the possible access re­stric­tions: 

# File for adjusting IP ranges
Order deny,allow
Deny from .aol.com
Deny from 192.168
Allow from 192.168.220.102

The entry “Order” es­tab­lish­es the in­ter­pre­ta­tion sequence of the reg­is­tered entries; these can be entered in any order. The ensuing entries com­mu­ni­cate to the server that all users with .aol.com and numeric IP addresses in the range of 192.168 are barred from using the site. An exception is made with the IP 192.168.220.102.

7. Redi­rect­ing a web presence from HTTP to HTTPS

Those using SSL cer­tifi­cates for their domain have the pos­si­bil­i­ty of redi­rect­ing the domain to the encrypted HTTPS with the following command: 

# activate HTTPS
RewriteEngine On
RewriteCond %{Server_Port} !=443
RewriteRule ^(.*)$ http://yourdomain.tld/$1 [R=301,L]

8. Ac­ti­vat­ing file access through the browser

The following command enables the directory content to be shown in browsers and to be down­loaded by users:

# show directory content
Options +Indexes

9. Pro­hibit­ing pictures from being hotlinked

Hotlink­ing allows a third person to link media to their website (es­pe­cial­ly pictures) that are saved on a different host. Doing this increases the data volume for the actual owner. The following command allows users to prohibit certain file types on their own website form being linked:

# prohibit hotlinking
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://your-webhosting-domain/.*$ [NC] [OR]
RewriteCond %{HTTP_REFERER} !^http://www.your-webhosting-domain/.*$ [NC] [OR]
RewriteRule .*\.(gif|GIF|jpg|JPG|bmp|BMP|wav|mp3|wmv|avi|mpeg)$ - [F]

10. Specify charset in­for­ma­tion for documents

Without a proper charset, in­cor­po­rat­ing different accents or other char­ac­ters is not possible. This can be par­tic­u­lar­ly frus­trat­ing for those wishing to work in languages other than English. A .htaccess file is able to determine precisely which character coding should be employed for par­tic­u­lar types of documents. This command makes it possible to encode all documents with UTF-8:

#specify character coding
AddDefaultCharset utf-8

Use the following commands in case only specific documents are to be coded: 

#specify character coding for certain files
AddDefaultCharset utf-8 .css .htm .html .xhtml .php

.htaccess tricks: practical and easy to use

The afore­men­tioned tips and tricks are only but a small preview of the wide range of functions that .htaccess files can be applied to when con­fig­ur­ing servers. The server follows all the commands im­me­di­ate­ly, and no restart is necessary

Go to Main Menu