What is .htaccess used for ?

With this htaccess tutorial you will learn more about the this hidden file used to alter a website’s configuration without tweaking the server config files.

Htaccess can be created directly on any terminal or file manager, just make sure to name it only .htaccess . To make it easier for users, there are various htaccess generators on the web. 

We retained our favorit and user friendly one https://hostingfacts.com/htaccess-generator/ 

Additionally, remember your .htaccess must be placed in the home directory of your website.

Things to be Aware of

Although an .htaccess page can be immensely useful and can be used to make marked improvement to a site, there are 2 things that it can influence.

Speed Factor —the .htaccess page may slow down your website loading time. This is because of the location of the page: the .htaccess file affects the pages in its directory and all of the directories under it. 

Each time a page loads, the server scans its directory, and any above it until it reaches the highest directory or your .htaccess file.

 This process will occur as long as the AllowOverride allows the use of .htaccess files, whether or not the file the .htaccess files actually exists.

Security risks—the .htaccess file is much more accessible than standard apache configuration and the changes are made live instantly as you won’t probably need to reload your apache configuration or restart it.

The .htaccess grants users permission to make alterations in the and  gives them a lot of control over the server itself. Any directive placed in the .htaccess file, has the same effect as it would in the apache or httpd configuration itself.

It is important to note that  Apache discourages the use of the .htaccess if the user can easily reach the apache configuration files themselves.

With that out of the way, let’s proceed with the .htaccess info.

How to create an .htaccess file

If you have access to the server settings you can edit the configuration to allow the .htaccess file to override standard website configs. Open the httpd or apache2 default host configuration file. 

sudo nano /etc/apache2/sites-available/default

Once inside that file, find the section that says AllowOverride from None to All. The section should now look like this:

<Directory /var/www/>

                Options Indexes FollowSymLinks MultiViews

                AllowOverride All

                Order allow,deny

                allow from all

 </Directory>

After you save and exit that file, restart apache or httpd 

sudo service apache2 restart  or sudo service httpd restart 

Creating the .htaccess File:

Now you can create the .htaccess file in a text editor, you have to name it directly .htaccess without any alteration or extension to it and then upload it to your site through an ftp client or if you have a file manager such as the case in Plesk or cPanel, you could simply create it using the same file manager.

Alternatively you can use this command, replacing the netulip.host with the name of your site, to create your htaccess file in terminal.

sudo nano /var/www/vhosts/netulip.host/.htaccess

In this case we are using a vhost, if you have a lamp installation your path should be /var/www/netulip.host/.htaccess 

The Five Common Uses of an .htaccess file

1. Mod_Rewrite: You can use the space in the .htaccess file to designate and alter how URLs and web pages on your sites are displayed to your users. 

2. Authentication: This is not a widely used function of htaccess but it can be a nice way to secure access or deny it to certain files or folders on your web hosting or server. 

The .htaccess passwords are kept in a file called .htpasswd. Go ahead and create and save that file, being sure to store it somewhere other than the web directory, for security reasons.

You could for example store it in /var/www/passwd/ and set the permissions of /passwd/ to something secure using chmod. 

You should use the space inside the .htpasswd file to write in the name and passwords of all the users that you want to have access to the protected part of the site.

You can use this useful password generator  to generate the username and encrypted password pair. If the username of your authorized user is myadministrator and password is “awesome”, the pair would look like this: myadministrator:xHQWEm#c&5yK. You can paste as many lines as needed into the .htpasswd file, but be sure that every user gets their own line.

Once done you will simply need to copy paste what you have created inside the .htpasswd as follow : 

AuthUserFile /usr/local/username/safedirectory/.htpasswd

AuthGroupFile /dev/null

AuthName « Please Enter Password »

AuthType Basic

Require valid-user

  • AuthUserFile: This line designates the server path to the .htpasswd file.
  • AuthGroupFile: This line can be used to convey the location of the .htgroup. As we have not created such a file, we can leave /dev/null in place.
  • AuthName: This is text that will be displayed at the password prompt. You can put anything here.
  • AuthType: This refers to the type of authentication that will be used to the check the passwords. The passwords are checked via HTTP and the keyword Basic should not be changed.
  • Require valid-user: This line represents one of two possibilities. “Require valid-user” tells the .htaccess file that there are several people who should be able to log into the password protected area. The other option is to use the phrase “require user username” to indicate the specific permitted person.

3. Custom Error Pages: the .htaccess file additionally allows you to create custom error pages for your site. Some of the most common errors are:

  • 400 Bad Request
  • 401 Authorization Required
  • 403 Forbidden Page
  • 404 File not Found
  • 500 Internal Error

You could customize the pages to look user friendly and define them directly in the .htaccess

Once you have created and uploaded desired error page, you can go ahead and designate its location in the .htaccess file.

ErrorDocument 404 /new404.html

It is important to mention that Apache  always looks for the default error pages located within the site’s root. If you placed the new error page in a deeper subdirectory, you will need to add the value and customized location directly inside the .htaccess file. 

ErrorDocument 404 /error_pages/custom404.php

4. Mime Types: In cases where your site features some application files that your server was not set up to deliver, you can add MIME types to your Apache server in the .htaccess file with the following code.

AddType audio/mp4a-latm .m4a

Be sure to replace application and file extension with the Mime Type that you want to support.

5. Caching

The .htaccess plays a major role for static resources caching, it can indicate cashed resources directly to the browser. Your server configuration for example the use of Gzip in addition to this, it is important if combined with well known caching plugins such as RankMath and WP-Rocket

See More

 This htaccess tutorial demonstrates how .htaccess is a flexible tool that will help you in terms of website control,, If you have any further questions about the specific capabilities of the .htaccess file, feel free to submit a support request or ask our web hosting support team directly at https://netulip.host/contact