Apache .htaccess file: A beginner’s guide (with simple examples)

Introduction

When first delving into the world of web server configuration, the .htaccess file can seem like a significant obstacle. However, this powerful Apache file enables server configuration at the directory level, providing incredible flexibility. This beginner-level guide introduces .htaccess and presents simple, practical examples to enhance your website management expertise.

What is .htaccess?

The .htaccess, shorthand for ‘hypertext access,’ is a distributed Apache web server configuration file. It allows users to override the server’s global settings for the directory in which the file is placed and is processed by the server when a request is made. Permissions, URL redirections, and rewrite rules are just a few capabilities it supports.

Creating and Editing .htaccess

To create or edit a .htaccess file, you’ll need a plain text editor such as Notepad or a code editor of your choice. The file has no default extension and begins with a dot, making it hidden on Unix-like operating systems. Upload the file to the directory where you want your rules to apply.

Here are key points to remember while dealing with .htaccess:

• One .htaccess affects the directory it’s placed in and all subdirectories.
• For .htaccess to work, the Apache server configuration must have the AllowOverride directive set appropriately.
• Since .htaccess files are read on every request, high traffic sites may experience performance hits if overly dependent on these files. Consider using server configuration files for such cases.

Simple Redirects

To redirect visitors from an old webpage to a new one, use the following syntax in your .htaccess:

Redirect 301 /oldpage.html /newpage.html

This is a 301 redirect, which tells browsers and search engines that the page has permanently moved.

Rewrite URLs

You can also use mod_rewrite to create cleaner, ‘pretty’ URLs. To enable it, first check if mod_rewrite is active:

RewriteEngine On

Then, for example, you could redirect a URL with a query string to a cleaner version:

RewriteCond %{QUERY_STRING} ^id=12$
RewriteRule ^oldpage.html /newpage/? [R=301,L]

The R=301 flags a permanent redirect, and the L stops the rewriting process after the rule is applied.

Custom Error Pages

With .htaccess, setting up custom error pages is straightforward. For a custom 404 Not Found page:

ErrorDocument 404 /notfound.html

Change the error code and the document path to set up different error pages.

Enabling CORS

If you need to allow cross-origin requests to resources on your server, .htaccess can help:

Header set Access-Control-Allow-Origin "*"

This sets the CORS policy to allow requests from any origin.

Directory Listing

To enable viewing the contents of a directory in the absence of an index file, use:

Options +Indexes

To disable this feature:

Options -Indexes

Blocking Users

To block access from specific IP addresses or domains, .htaccess rules like below can be used:

Deny from 192.168.1.1
Deny from .somedomain.com

Protecting Files

Password-protecting files or directories uses a combination of .htaccess and a password file. First, you’ll need to create a .htpasswd file with your username and encrypted password:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /full/path/to/.htpasswd
Require valid-user

Ensure your .htpasswd file is stored in a secure location, not in a publicly accessible directory.

Conclusion

Though powerful, use .htaccess with caution, as misconfigurations can cause server errors or security vulnerabilities. Always test new rules in a controlled setting before going live.

With these rudimentary examples, you should be well-equipped to begin exploring the versatile applications of the .htaccess file on your Apache server. Keep learning, experimenting and tweaking to make the most of this unique tool at your disposal.