Learn The Basics of .htaccess
Learn the key basics of .htaccess such as customizing error pages, managing redirects, implementing password protection, enabling cache and expire headers, restricting user access by IP and files.
What is an .htaccess File?
An .htaccess (Hypertext Access) file is a directory level configuration file used in Apache web servers to control different behaviors like directory access, redirects, error pages, caching and compression without affecting server's core configuration. This file works on any directory it resides in, which can be either website's root directory or any sub-directory.
How to Create .htaccess file?
We do not need any special program for creating .htaccess file just simple text editor will do. When we save .htaccess file, we have to keep in mind this file has no name just ".htaccess" extension so when saving the file, choose "All Files" in file type box and file name must be only ".htaccess".
Error Redirection with .htaccess
We can redirect users to specific pages when they try to access invalid pages. For example if a user tries to visit a page that does not exist causing 404 error. Show a 404 page with .htaccess with this directive which tells server to display /404.html to user, whenever a user hits a URL that does not exist.
ErrorDocument 404 /404.html
Common Error Codes:
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 403 | Forbidden Access |
| 404 | Not Found |
| 500 | Internal Server Error |
| 502 | Bad Gateway |
| 504 | Gateway Timeout |
Custom Redirection with .htaccess
We can enable redirection with .htaccess so user visiting a certain page will be redirected to another page of our choice. Redirect user from old page to a new page it with .htaccess like this:
Redirect /OldDir/OldFile.html /NewDir/NewFile.html
Password Protection with .htaccess
We can also password protect web pages with .htaccess. To achieve this we will need to create a new file (.htpasswd) that contains all the username and passwords. We have to create ".htpasswd" file just like we created .htaccess. The structure of .htpasswd file to store usernames and passwords is like:
admin:123456 user:123123
After creating .htpasswd, it is important that we add the below content to our .htaccess file. Remember this password protection will apply on the directory ".htaccess" resides in and all the sub-directories.
AuthUserFile /absolute/pathto/.htpasswd AuthType Basic AuthName "Authorization Required" require valid-user
Deny Users Access via IP Address with .htaccess
We can also deny access with .htaccess to restrict visitors with specific IP Address from viewing our web pages. For example if we wanted to block IP "199.155.88.25" the directive would be as below:
order allow,deny deny from 199.155.88.25 allow from all
Restricting Access to Certain Files with .htaccess
We can restrict access to certain files with .htaccess like below:
<Files .env>
Order Allow,Deny
Deny From All
</Files>
# For multiple files
<FilesMatch "\.env|\.htaccess">
Order Allow,Deny
Deny From All
</FilesMatch>
Enable Gzip Compression with .htaccess
We can enable compression with .htaccess for better page performance. The compression with .htaccess can be enabled on directory level or certain MIME types.
# Enables compression for documents where htaccess is places
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
# Enables compression by MIME type for plain text files, html, css, javascript and xml files
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/xml
</IfModule>
Enable Cache and Expiry with .htaccess
We can enable cache with .htaccess and set expiry headers with .htaccess to help reduce the load times. The directives are as below:
# Cache headers
<ifModule mod_headers.c>
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=691200, s-max-age=691200, public"
</FilesMatch>
</ifModule>
# Expire headers
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 month"
ExpiresByType text/plain "access plus 1 month"
ExpiresByType text/html "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-icon "access plus 1 month"
</IfModule>
NOTE: .htaccess file requires "mod_rewrite" to be enabled.