Learn The Basics of .htaccess

Learn the key basics of .htaccess, such as customizing error pages, managing redirects, implementing password protection, enabling cache and expire headers, and restricting user access by IP and files.

Basics of .htaccess

What is an .htaccess File?

An .htaccess (Hypertext Access) file is a directory-level configuration file used in Apache web servers to control different behaviors like directory access, redirects, error pages, caching, and compression without affecting the server's core configuration. This file works on any directory it resides in, which can be either the website's root directory or any subdirectory.

How to Create an .htaccess file?

We do not need any special program for creating the .htaccess file, just a simple text editor will do. When we save the .htaccess file, we have to keep in mind that this file has no name, just a ".htaccess" extension, so when saving the file, choose "All Files" in the file type box and the file name must be only ".htaccess".

Error Redirection with .htaccess

We can redirect users to specific pages when they try to access invalid pages. For example, if a user tries to visit a page that does not exist, causing a 404 error. Show a 404 page with .htaccess with this directive, which tells the server to display /404.html to the user, whenever a user hits a URL that does not exist.

ErrorDocument 404 /404.html 

Common Error Codes:

Code Description
400 Bad Request
401 Unauthorized
403 Forbidden Access
404 Not Found
500 Internal Server Error
502 Bad Gateway
504 Gateway Timeout

Custom Redirection with .htaccess

We can enable redirection with .htaccess so the user visiting a certain page will be redirected to another page of our choice. Redirect user from an old page to a new page with .htaccess like this:

Redirect /OldDir/OldFile.html /NewDir/NewFile.html 

Password Protection with .htaccess

We can also password protect web pages with .htaccess. To achieve this, we will need to create a new file (.htpasswd) that contains all the usernames and passwords. We have to create a ".htpasswd" file just like we created .htaccess. The structure of the .htpasswd file to store usernames and passwords is like:

admin:123456
user:123123

After creating .htpasswd, it is important that we add the following content to our .htaccess file. Remember, this password protection will apply to the directory ".htaccess" and all the sub-directories.

AuthUserFile /absolute/pathto/.htpasswd
AuthType Basic
AuthName "Authorization Required"
require valid-user

Deny Users Access via IP Address with .htaccess

We can also deny access with .htaccess to restrict visitors with a specific IP Address from viewing our web pages. For example, if we wanted to block IP "199.155.88.25", the directive would be as follows: 

order allow,deny
deny from 199.155.88.25 
allow from all 

Restricting Access to Certain Files with .htaccess

We can restrict access to certain files with .htaccess, like below:

<Files .env>
Order Allow,Deny
Deny From All
</Files>

# For multiple files
<FilesMatch "\.env|\.htaccess">
Order Allow,Deny
Deny From All
</FilesMatch>
 

Enable Gzip Compression with .htaccess

We can enable compression with .htaccess for better page performance. The compression with .htaccess can be enabled on a directory level or for certain MIME types. 

# Enables compression for documents where htaccess is placed 
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>

# Enables compression by MIME type for plain text files, html, css, javascript and xml files
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/xml
</IfModule>
 

Enable Cache and Expiry with .htaccess

We can enable cache with .htaccess using the headers directive, and we can also set expiry headers with .htaccess to help reduce the load times. The directives are as follows:

# Cache headers
<ifModule mod_headers.c>
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=691200, s-max-age=691200, public"
</FilesMatch>
</ifModule>

# Expire headers
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 month"
ExpiresByType text/plain "access plus 1 month"
ExpiresByType text/html "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-icon "access plus 1 month"
</IfModule>

NOTE: .htaccess file requires "mod_rewrite" to be enabled.