Apache web servers implement the use of .htaccess (hypertext access) files to govern the way information is managed for a client. These directory-level configuration files are placed inside a web tree and allow for decentralized management of a web server’s configuration, capable of overriding the server’s global configuration.
The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access specific content). Today .htaccess can override many other configuration settings, commonly related to content control and proves a powerful tool in the world of Search Engine Optimisation.
Some very useful and common uses of .htaccess files are listed below.
Custom Directory Index Files
You can change a default index file of directory so that a user is served a default page should they request a directory. For example if a user requests /foo/, Apache will serve up /foo/index.html
Syntax:
DirectoryIndex < default-file >
Example:
DirectoryIndex index.html index.php index.htm
Note: In the above code snippet Apache will first try to serve the file index.html should it exist, failing the existence of index.html Apache will then attempt to serve index.php and so on.
Custom Error Pages
Standard error messages can be unsupportive and worse they actually drive viewers off your site! You may therefore wish to redirect your users to a custom error page. Error message can be mapped to a specified webpage, or you may also write a common page for all the http errors as follows:
Syntax:
ErrorDocument < error-code > < location -of-custom-page>
Example:
ErrorDocument /error.html
ErrorDocument 403 /403.html
ErrorDocument 404 /404.html
File and directory access control
.htaccess can be used to restrict access to individual files and folders.
One way to restrict user access would be by IP
Syntax:
order <setting-priority>
deny from <address>
allow from <address>
Example – Only those on the local IP 192.168.0.1 would be granted access
order deny,allow
deny from all
allow from 192.168.0.1
These types of rules become useful for filtering out undesirable IP blocks, known risks, perhaps some persistent robot that doesn’t play by the rules. In which case you would use a deny from < ip-address>
You may also wish to password protect a file. In which case you will need to create a .htpasswd file. This file stores your credentials for validating a user and should NOT be placed in a folder reachable externally.
Syntax:
AuthType <authentication-method>
AuthUserFile <passwordfile-location>
<Files <file-type>>
Require <requirement>
Example – The file test.mp3 will ask for a username and password to match that of those stored in the file C:/web-site/.htpasswd on the web server.
AuthName “Restricted Area”
AuthType Basic
AuthUserFile C:/ web-site/.htpasswd
<Files test.mp3>
require valid-user
</Files>
Modifying Environment Variables
Environment variables contain information used by the web server. Set/Unset environment variables using SetEnv and UnSetEnv.
Syntax:
SetEnv <environment-option> <option-setting>
Example – To set your website webmaster
SetEnv SITE_WEBMASTER “Robert Longworth”
Compression
Example – If your web server has the mod_gzip module enabled
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
Example – If your web server has the mod_deflate module enabled
<Location>
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI
.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI
.(?:exe|t?gz|zip|gz2|sit|rar)$ no-gzip dont-vary
</Location>