.htaccess tips

Topics Covered:

What is .htaccess file?

.htaccess file is used on Apache Web Server to make configuration changes on per-directory basis. This file contains the configuration directives and are applied to the directory and all its sub directories. The configuration directives in .htaccess files may overwrite the directives in any .htaccess file found higher up in the directory tree and even the main server configuration.

To enable use of .htaccess file the AllowOverride Directive has to be set in the Apache Server configuration.

When to use .htaccess file?

.htaccess file should be used when the main server configuration file cannot be accessed or modified. It is always best to use the server configuration files over .htaccess files.

.htaccess files are used when some configurations are to be made on per-directory basis. Also, it can be used to redirect users from old site to new site or old pages to new pages.

Disadvantages of using .htaccess files

  • Performance: Every time a document is requested apache has to look for the .htaccess files in the directory and each directory higher up in the document tree till the root directory. All these files may or may not exists, but the server still has to try to fetch them and apply all the directives to the file being fetched.
  • Security: Mis-configuration of directives in the .htaccess files can cause issues for the document inside the directory and all sub-directories.

Authentication using .htaccess file

.htaccess file can be used to password protect a directory on the server. To password protect the directory first we will need to create a .htpasswd file. This file can be generated using any .htpasswd file generator or use the htpasswd command in Apache. e.g. to create a .htpasswd file for user “testuser” with password “testpassword” use the following command

htpasswd -c /usr/local/var/www/html/.htpasses testuser

This will ask you for the password 2 times.

Note: The above command will work only if the Apache bin folder is in your PATH, else you will have to cd into that directory and then execute the above command.

This command would be executed as

htpasswd -c /usr/local/var/www/html/.htpasses testuser
New password: testpassword
Re-type new password: testpassword
Adding password for user testuser

After creating the htpasswd file we will add the following to the .htaccess file

AuthType Basic
AuthName "restricted area"
AuthUserFile /usr/local/var/www/html/.htpasses
require valid-user

Custom Error Document

You might want to show users a custom error page instead of the default Apache error page. It is always a good idea to have custom error page rather than the standard Apache errors. The following code can be used to show the custom error page.

# custom error documents
ErrorDocument 401 /401.php #Unauthorized
ErrorDocument 403 /403.php #Forbidden
ErrorDocument 404 /404.php #Not Found
ErrorDocument 500 /500.php #Internal Server Error

Note: The path to the error documents are relative paths from the web directory

Allow/Disallow Directory Listings

The files in a directory can be listed in browser if the directory does not contains the index file (typically index.html or index.php). To allow or disallow directory listings .htaccess file can be used.

Allow directory listings: Use the following directives

Options +Indexes

Disallow directory listings: Use any of the following directives

Options -Indexes


IndexIgnore *

Disallow certain file types from directory listings: Use the following directives to display all files except files with extension .jpg and .gif

IndexIgnore *.jpg *.gif
These are only a few tips on .htaccess files. There are many more things like redirecting users to different pages, redirecting specific pages, URL starting in certain format, etc. can be achieved using .htaccess files. I will try to cover more .htaccess rules in my future posts.
Update: Check out my my next post on more .htaccess tips.
Note: I do not take responsibility for proper functioning of the above mentioned steps under all circumstances. If you download any files, programs from my blog then make sure you protect yourself. I am not responsible for any damages to your computer, website, blog, application or any thing else. I am not affiliated with or do not endorse any of the above mentioned sites.

Related posts:

  1. more .htaccess tips
  2. How to generate passwords for .htpasswd using PHP
  3. Creating multiple virtual hosts/websites in Wampserver
  4. How to hide apache information with ServerTokens and ServerSignature directives

4 thoughts on “.htaccess tips”

      1. Also note that the code in my previous comment is a 302 redirect. I am assuming you wanted this. If not then we can use the following for a 301 redirect:

        RewriteEngine on
        RewriteRule ^lang/([^/]+)/([^/]+) /$2/index.php?l=$1 [R=301,NC]

  1. Pingback: Error 404 personalizado – Apache Tips, PHP Tips | rubenlacasa

Leave a Reply