htaccess - Distributed Configuration File
.htaccess files (or "distributed configuration files") provide a way to make changes to the web server configuration.
You can create the
.htaccess file in a text editor (make sure to name it only
.htaccess without any other extension or name).
.htaccess files use the same syntax as the main configuration files.
.htaccess files should be used when content providers have to make configuration changes to the directory-based server, but they do not have access to the main configuration of web server.
However, in general, the use of
.htaccess files should be avoided when possible for two main reasons - performance and security.
The web server (httpd) checks for the availability of
.htaccess in any directory specified in an HTTP request. In addition, the server checks all higher-level directories to get the full set of directives to follow.
In practice, if the request searches for a file in the
/user/public_html/ folder, and an empty
.htaccess file is placed in the same directory, httpd will check for
.htaccess file in all upper-level folders even if the
.htaccess file is empty or not existing:
/.htaccess /user/.htaccess /user/public_html/.htaccess /user/public_html /example/.htaccess
... which is a complete waste of time and resources.
Things get even more complicated in the case of RewriteRule directives because in
.htaccess context these regular expressions must be re-compiled with every request to the directory.
The second consideration is related to security.
In the context of shared hosting, users do not have access to the server configuration, and changing configuration settings in the
.htaccess will affect only the performance of current account applications and do not pose a threat to the security of the web server.
.htaccess Most Used Functions
Manage directory access
Order deny,allow Deny from all Allow from 184.108.40.206
Prevent directory index listings
Directory Access with Authentication
AuthName "Under Development" AuthUserFile /web/sitename.com/.htpasswd AuthType basic Require valid-user Order deny, allow Deny from all Allow from 220.127.116.11 any-site.com Satisfy Any
The content of the .htpasswd file can be created at this address:
Password Protected Files
This adds another layer of protection against the WordPress administration attack:
<Files wp-login.php> Order Deny,Allow Deny from All Satisfy Any AuthName "Protected" AuthUserFile /user/.htpasswdwp AuthType Basic Require valid-user </Files>
Set index files priority
Set the order of files to get served by Apache:
DirectoryIndex index.html index.php
Custom Error Pages
When Apache cannot deliver a web page, the server responds with an error code that indicates why the resource has not been delivered.
Here are some of the common errors:
400 Bad Request 401 Authorization Required 403 Forbidden Page 404 File not Found 500 Internal Error
The existing of such pages is highly recommended as it retains the site's design and the webmaster can provide additional information to visitors.
Create the page, upload it to a directory by choice and enter the record below in the .htaccess file in the root directory:
ErrorDocument 404 /404custom.html
Make sure the path to the new page is correct.
If you put it in subdirectory
/errors/ enter the correct path to the file in
ErrorDocument 404 /errors/404custom.html
Hide an existing entry in .htaccess
#DirectoryIndex index.html index.php
.htaccess file allows you to create your own web server settings. Managing these settings requires advanced knowledge and should not be used for testing in a hosting environment.
If you are experiencing uncertainty about creating .htaccess entries, please consult our support team and they will be happy to assist you.