In this article, we will look at the topic of .htaccess: how to create this configuration file, what it is for, and how to manage redirects, access rights and other settings with it.
What is .htaccess file
.htaccess is an additional configuration (service) file with which you can manage server settings. It is used if the hosting provider uses Apache software.
Htaccess file will be useful if your site is hosted on shared hosting. On it, several users share the resources of one server. The general settings for managing this server are hidden from clients so that they cannot influence other sites. At the same time, users can manage server settings only within their site through the creation of .htaccess.
Why do you need .htaccess
In the .htaccess file, you can set some Apache server settings for a specific site or a specific folder. For example:
Fix the encoding . The way the code is displayed in the form of printable characters depends on the encoding (Charset). The most common encodings are UTF-8 and Windows-1251. If the texts on the site have turned into a set of incomprehensible characters, it means that the encoding has disappeared on the site. You can fix it in .htaccess.
Set up a redirect . A redirect is a redirect from one address to another. For more information about the purpose of redirects, their types and settings, we talked in the article . The .htaccess file allows you to set flexible redirects: for example, for a separate IP, from pages without the www prefix to pages with it, redirects for all pages except the main one, and others.
Assign error pages . There are various errors on the sites (404 – page not found, 403 – access denied, etc.). Then the user sees a page with a description of the error that occurred. By default, such pages are practically undesigned and can be very different from the design of the rest of the site. The way out is to create your own colorful error page and set its appearance in .htaccess.
Change home page
In the site architecture, by default, the main page (index file) is selected, which is displayed first when the site is opened. If you want to make some other page first, use .htaccess.
Enable file caching
Caching allows you to put some of the static information on the site in the cache . Thanks to this, the pages of the site will load faster in users’ browsers. Setting up caching in .htaccess will speed up your site.
Create CNC . CNC stands for “human-readable URL”. Sometimes URLs can be too long or contain page numbers. This negatively affects the user factor, and therefore the SEO metrics. In .htaccess, using one command, you can assign Latin characters to the URL (or specify another suitable method).
Protect the folder with a password
If the site contains a folder with confidential information, it needs additional protection. Through .htaccess, you can configure basic authentication by login and password. This will reduce the risk of hacking and data theft.
Configure php parameters
PHP is the programming language used in the development of most sites with dynamic content. You can configure PHP in the php.ini file, or you can work with it as a .htaccess module and manage the settings in one configuration file.
Restrict access to the site
In .htaccess, you can restrict access to the site for unwanted IPs, which will allow you to control access, as well as repel hacker attacks. For example, a DDoS attack, at the moment of which they try to load the processor with so many requests that it is unable to process. Typically, requests come from one / more IP addresses. Read more: What is a DDoS attack .
Close access to the site from search bots
For a site to appear in search results, it must be bypassed by search robots that collect information necessary for indexing. However, some search bots may be unwanted (SolomonoBot and others). In .htaccess, you can restrict access to the site for unwanted bots by User-Agent.
Thus, .htaccess allows flexible customization of individual sites without changing the general server settings. Also, this configuration file can be transferred to freelance SEO specialists: they will get access to the settings of SEO optimization without the ability to change the settings on the site or hosting.
How to do .htaccess on Windows
If your site was created using CMS ( WordPress , Joomla , 1C Bitrix and others), the .htaccess file will be generated automatically. You can find it in the root folder of the site in the hosting control panel. As a rule, by default there will be no information in the file, except for a few lines of comments.
Note! On hosting with cPanel, .htaccess and all other files that start with a dot are hidden by default. To make it appear in the root folder, follow the instructions .
If the site was written from scratch, and not on a CMS, or if the file was deleted for some reason, you can create it on your computer. To create a .htaccess file on a Windows machine:
1.Open Notepad .
2.Click File → Save As (or use the keyboard shortcut Ctrl + Shift + S ):
create file 1
3.In the Save as type box, select All Files . Then in the “Filename” field enter “.htaccess” and click Save :
create file 2
Done, the file has been created.
If the file is saved under the name .htaccess.txt, you need to remove the extension of text files (.txt). To do this, open the explorer, go to the View tab and uncheck the box next to the “File name extensions” item:
create file 3
Explorer interface in Windows 10
When the file is ready, upload it to the root folder of the site. To do this, log into the control panel and follow the appropriate instructions:
ISPmanager
1.Go to File Manager → www and select your website domain.
2.Click the Upload button in the icon bar at the top.
3.Click Select File , locate the created .htaccess file on your local disk and click Ok :
create file 4
Done, the file has been added to the “root” of the site.
cPanel
1.In the “Files” section, click File Manager :
create file 5
2.Find the domain of your site in the list on the left, click on it and click Download in the top line :
create file 6
3.In the window that opens, click Select File and select the .htaccess file.
Done, the file will be uploaded.
Plesk
1.In the block of the required domain, select the File manager :
create file 7
2.Click Download in the top bar and open the generated .htaccess file.
Done, the file will be uploaded.
Working with the .htaccess file
Creating a file and uploading it to the root folder of the site is just the first step. The next and most important one is to start working with the settings that we described above.
All configurations in .htaccess are set using directives (or commands). They include Latin characters,%, curly and square brackets, and others. Each directive consists of a key (immutable part) and a value. For example, a directive to change the main page of the site:
DirectoryIndex index.php
Where DirectoryIndex is the key and index.php is the value (the page you want to use as your site’s homepage).
To add a directive to your site’s config file:
1.Open the .htaccess file in the root folder. Or create a new one if the directive should be applied not to the entire site, but to a specific file or folder.
2.Copy the required directive and paste it into the file.
3.Replace the value for your site (desired domain, page, etc.).
4.Save your changes.
Note! Do not add modified commands to .htaccess if you are not sure how they work. Damage to the file may cause the site to malfunction.
Below you will find directives for several of the most common operations in the .htaccess file.
How to deny access to a file, folder, or the entire site
When the site is undergoing “repair work”, it is unstable. So that at this time no one except the developers comes into it, you can restrict access to the site or individual files.
To close access to the entire site, add the following lines to the file:
Order Deny,Allow
Deny from all
To close access to a specific folder, create a new .htaccess file in that folder and add the code above to it.
To block access from all visitors, except for a specific IP (you can specify several IP addresses separated by commas), enter:
Order Deny,Allow
Deny from all
Allow from 123.123.123.123
Where 123.123.123.123 is the IP address for which access is allowed.
To close access to a specific file, create a new .htaccess file in the folder where the file you want is located and add the following lines:
<Files example.exe>
Order Deny.Allow
Deny from all
</Files>
Where example.exe is the name of the file to which you want to block access.
How to deny access to files of a certain type
If you need to deny access to multiple files of the same format, you can add a directive for each. It should be borne in mind that it will be more difficult for the server to process a large number of parameters in the .htaccess file. To save server resources, you can close access not to every file, but to all files of a similar extension.
To do this, add the following lines:
<Files “\.(txt|pdf|jpg)$”>
Order Deny.Allow
Deny from all
</Files>
Where instead of txt , pdf , jpg are the extensions you need.
How to prevent directory browsing in .htaccess
With some knowledge, anyone can look at the structure of your site (first of all, listing is a list of all site directories). To disable viewing the listing, you can enter one line in .htaccess:
Options -Indexes
To open the listing display, type:
Options +Indexes
How to set up 301 redirects for a website
We have devoted a separate article to setting up redirects in .htaccess, in which we looked at 10 different variations of redirects .
Let’s take a look at the most commonly used type: a redirect from one domain to another. It is used if the site has moved to a new domain due to rebranding, a change in the official name of the company, or technical reasons.
To redirect, add the following lines to .htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} site1.ru
RewriteRule (.*) http://site2.ru/$1 [R=301,L]
Where site1.ru is the source domain, site2.ru is the target domain.
How to enable error handling
To install custom error pages, you need to use the ErrorDocument directive. Add the directive with the error number and the URL of the created page to .htaccess:
ErrorDocument 404
http://site.ru/error/404.html
Where:
site.ru – the domain of your site;
error – the folder where the error page is located (if it is not there, skip this link);
404.html – the title of the error page.
Sample .htaccess file
Below is an example of a “combat” .htaccess file with comments. Comments are not displayed in the main code and are used for clarification. To add a comment, precede the line with a sharp (#).
# Closed access to viewing the listing (list of directories) of the site:
Options -Indexes
# Set custom page for 404 error:
ErrorDocument 404 /404.php
<IfModule mod_php5.c>
# Setting php parameters for version 7.x:
<IfModule mod_php7.c>
php_flag session.use_trans_sid off
#php_flag default_charset UTF-8
#php_value display_errors 1
</IfModule>
# Configuring CNC for 1C-Bitrix:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/bitrix/urlrewrite.php$
RewriteRule ^(.*)$ /bitrix/urlrewrite.php [L]
RewriteRule .* – [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>
# Specifying the index file:
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>
# Enabling the mod_expires module and setting the caching time settings for static files:
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/jpeg “access plus 3 day”
ExpiresByType image/gif “access plus 3 day”
ExpiresByType image/png “access plus 3 day”
ExpiresByType text/css “access plus 3 day”
ExpiresByType application/javascript “access plus 3 day”
</IfModule>
So, we have covered the creation of .htaccess (Windows), as well as the commonly used directives that are needed to manage the site. Follow the instructions to set the desired settings.
