Apache web servers implement the use of .htaccess (hypertext access) files to govern the way information is managed for a client. These directory-level configuration files are placed inside a web tree and allow for decentralized management of a web server’s configuration, capable of overriding the server’s global configuration.

The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access specific content). Today .htaccess can override many other configuration settings, commonly related to content control and proves a powerful tool in the world of Search Engine Optimisation.

Some very useful and common uses of .htaccess files are listed below.

Custom Directory Index Files

You can change a default index file of directory so that a user is served a default page should they request a directory. For example if a user requests /foo/, Apache will serve up /foo/index.html

Syntax:

DirectoryIndex < default-file >

Example:

DirectoryIndex index.html index.php index.htm

Note: In the above code snippet Apache will first try to serve the file index.html should it exist, failing the existence of index.html Apache will then attempt to serve index.php and so on.

Custom Error Pages

Standard error messages can be unsupportive and worse they actually drive viewers off your site! You may therefore wish to redirect your users to a custom error page. Error message can be mapped to a specified webpage, or you may also write a common page for all the http errors as follows:

Syntax:

ErrorDocument < error-code > < location -of-custom-page>

Example:

ErrorDocument  /error.html

ErrorDocument 403 /403.html

ErrorDocument 404 /404.html

File and directory access control

.htaccess can be used to restrict access to individual files and folders.

One way to restrict user access would be by IP

Syntax:

order <setting-priority>

deny from <address>

allow from <address>

Example – Only those on the local IP 192.168.0.1 would be granted access

order deny,allow

deny from all

allow from 192.168.0.1

These types of rules become useful for filtering out undesirable IP blocks, known risks, perhaps some persistent robot that doesn’t play by the rules. In which case you would use a deny from < ip-address>

You may also wish to password protect a file. In which case you will need to create a .htpasswd file. This file stores your credentials for validating a user and should NOT be placed in a folder reachable externally.

Syntax:

AuthType <authentication-method>

AuthUserFile <passwordfile-location>

<Files <file-type>>

Require <requirement>

Example – The file test.mp3 will ask for a username and password to match that of those stored in the file C:/web-site/.htpasswd on the web server.

AuthName “Restricted Area”

AuthType Basic

AuthUserFile C:/ web-site/.htpasswd

<Files test.mp3>

require valid-user

</Files>

Modifying Environment Variables

Environment variables contain information used by the web server. Set/Unset environment variables using SetEnv and UnSetEnv.

Syntax:

SetEnv <environment-option> <option-setting>

Example – To set your website webmaster

SetEnv SITE_WEBMASTER “Robert Longworth”

Compression

Example – If your web server has the mod_gzip module enabled

<IfModule mod_gzip.c>

mod_gzip_on       Yes

mod_gzip_dechunk  Yes

mod_gzip_item_include file      .(html?|txt|css|js|php|pl)$

mod_gzip_item_include handler   ^cgi-script$

mod_gzip_item_include mime      ^text/.*

mod_gzip_item_include mime      ^application/x-javascript.*

mod_gzip_item_exclude mime      ^image/.*

mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

</IfModule>

Example – If your web server has the mod_deflate module enabled

<Location>

SetOutputFilter DEFLATE

SetEnvIfNoCase Request_URI 

.(?:gif|jpe?g|png)$ no-gzip dont-vary

SetEnvIfNoCase Request_URI 

.(?:exe|t?gz|zip|gz2|sit|rar)$ no-gzip dont-vary

</Location>