htaccess

The .htaccess file is a configuration file that resides in a directory and indicates which users or groups of users can be allowed access to the files contained in that directory. .htaccess is the default name for a file that is used to indicate who can or cannot access the contents of a specific file directory from the Internet or an intranet.

.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn ‘loaded via the Apache Web Server’, then the .htaccess file is detected and executed by the Apache Web Server software. These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality, for instance if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hot link prevention.

In order to create .htaccess, you may create a text file with directives (commands) and then leave it without file name and with file extension .htaccess. 644 permissions are recommended for .htaccess file.

Example of .htaccess directives:

1. Custom directory index files. It’s worth mentioning that .htaccess is where you can specify which files you want to use as your indexes, that is, if a user requests /foo/, Apache will serve up /foo/index.html, or whatever file you specify. You can also specify multiple files, and Apache will look for each in order, and present the first one it finds. It’s generally looks like the following:

   DirectoryIndex index.html index.php index.html
       

2. Control (Allow/Deny) Access. .htaccess is most often used to restrict or deny access to individual files and folders. A typical example would be an "includes" folder:

   NO ENTRY!
     # no one gets in here!
     deny from all NO ENTRY outside of the LAN!
     # no nasty crackerpots in here!
     Order Allow,Deny
     Deny from All
     Allow from 192.168.0.0/24
     # this would do the same thing..
     #Allow from 192.168.0
     NO ENTRY outside of the LAN!
     Order Allow,Deny
     Allow from 192.168.0

3. Custom error documents. .htaccess is where most folk configure their error documents. Usually like this:

   # custom error documents
     ErrorDocument 401 /err/401.php
     ErrorDocument 403 /err/403.php
     ErrorDocument 404 /err/404.php
     ErrorDocument 500 /err/500.php

   The "err" folder (with the custom pages) is usually in the root directory.
4. Password protected directories. The next most obvious use for our .htaccess files is to allow access to only specific users, or user groups, in other words; password protected folders. A simple authorization mechanism might look like this:

   AuthType Basic
   AuthName "restricted area"
   AuthUserFile /usr/local/var/www/html/.htpasses
   require valid-user

There are a lot of .htaccess directives for your website functionality and security reasons. In order to verify if .htaccess is enabled and what directives you may use, please contact your hosting provider.