Home > Help Center > General > htaccess - Distributed Configuration File

htaccess - Distributed Configuration File

.htaccess files (or "distributed configuration files") provide a way to make changes to the web server configuration.

You can create the .htaccess file in a text editor (make sure to name it only .htaccess without any other extension or name).

.htaccess files use the same syntax as the main configuration files.

.htaccess files should be used when content providers have to make configuration changes to the directory-based server, but they do not have access to the main configuration of web server.

However, in general, the use of .htaccess files should be avoided when possible for two main reasons - performance and security.

The web server (httpd) checks for the availability of .htaccess in any directory specified in an HTTP request. In addition, the server checks all higher-level directories to get the full set of directives to follow.

In practice, if the request searches for a file in the /user/public_html/ folder, and an empty .htaccess file is placed in the same directory, httpd will check for .htaccess file in all upper-level folders even if the .htaccess file is empty or not existing:

/.htaccess 
/user/.htaccess 
/user/public_html/.htaccess 
/user/public_html /example/.htaccess 

... which is a complete waste of time and resources.

Things get even more complicated in the case of RewriteRule directives because in .htaccess context these regular expressions must be re-compiled with every request to the directory.

The second consideration is related to security.

In the context of shared hosting, users do not have access to the server configuration, and changing configuration settings in the .htaccess will affect only the performance of current account applications and do not pose a threat to the security of the web server.

.htaccess Most Used Functions

Manage directory access

Order deny,allow 
Deny from all 
Allow from 123.123.123.123 

Prevent directory index listings

Options Indexes 

Directory Access with Authentication

AuthName "Under Development" 
AuthUserFile /web/sitename.com/.htpasswd 
AuthType basic 
Require valid-user 
Order deny, allow 
Deny from all 
Allow from 123.123.123.123  any-site.com 
Satisfy Any 

The content of the .htpasswd file can be created at this address: http://www.htaccesstools.com/htpasswd-generator/

Password Protected Files

This adds another layer of protection against the WordPress administration attack:

<Files wp-login.php>
Order Deny,Allow 
Deny from All 
Satisfy Any 
AuthName "Protected" 
AuthUserFile /user/.htpasswdwp 
AuthType Basic 
Require valid-user 
</Files> 

Set index files priority

Set the order of files to get served by Apache:

DirectoryIndex index.html index.php 

Custom Error Pages

When Apache cannot deliver a web page, the server responds with an error code that indicates why the resource has not been delivered.

Here are some of the common errors:

400 Bad Request 
401 Authorization Required 
403 Forbidden Page 
404 File not Found 
500 Internal Error 

The existing of such pages is highly recommended as it retains the site's design and the webmaster can provide additional information to visitors.

Create the page, upload it to a directory by choice and enter the record below in the .htaccess file in the root directory:

ErrorDocument 404 /404custom.html 

Make sure the path to the new page is correct.

If you put it in subdirectory /errors/ enter the correct path to the file in .htaccess:

ErrorDocument 404 /errors/404custom.html 

Hide an existing entry in .htaccess

#DirectoryIndex index.html index.php 

Conclusion

The .htaccess file allows you to create your own web server settings. Managing these settings requires advanced knowledge and should not be used for testing in a hosting environment.

If you are experiencing uncertainty about creating .htaccess entries, please consult our support team and they will be happy to assist you.

Still not finding what you're looking for?

Contact our support team with any additional questions or concerns.

Contact support