How to use the .htaccess File

This topic shows how to use the .htaccess file and the common used in addition to the available references.

Developers Guide - 2015-11-01 - 1577 views

How to use the .htaccess File

An .htaccess file is a way to configure the details of your website without needed to alter the server config files. The period that starts the file name will keep the file hidden within the folder.

'.htaccess' is the filename in full, it is not a file extension. For instance, you would not create a file called, 'file.htaccess', it is simply called, '.htaccess'. This file will take effect when placed in any directory which is then in turn loaded via the Apache Web Server software. The file will take effect over the entire directory it is placed in and all files and subdirectories within the specified directory.

To create htaccess:

You can create the .htaccess file in a text editor (make sure to name it only .htaccess without any other extension or name) and then upload it to your site through an ftp client.

N.B. you can't create file without name in your pc's OS, so upload the file on your site and rename it.

When uploading your .htaccess files, it is very important you upload the file in 'ASCII' mode. 'ASCII' and 'BINARY' are different methods of transferring data and it is important .htaccess files are transferred in 'ASCII' mode and not 'BINARY'. It is likely your FTP software will default to 'BINARY' so look for a 'Transfer Mode' or 'Transfer Type' option in the menus.

A possible cause of error is if the file permissions on the .htaccess file are not set correctly. This only occurs on certain servers, but you may like to change the permissions on the file to '755' or 'executable'. You can do this with your FTP software, look for a 'File Permissions' or 'CHMOD' option, and input '0755'.

Here is an example of what you might include in a .htaccess file:

AuthName "Member's Area Name"

AuthUserFile /path/to/password/file/.htpasswd

AuthType Basic

require valid-user

ErrorDocument 401 /error_pages/401.html

AddHandler server-parsed .html

·         This is a fairly advanced example: it enables password protection on the directory; it offers redirection to a custom error page if a user fails to login correctly; and it enables SSI (server side includes) for use with '.html' files.


Things to be Aware of:

Although an .htaccess page can be immensely useful and can be used to make marked improvement to a site, there are 2 things that it can influence.

One: Speed—the .htaccess page may slow down your server somewhat; for most servers this will probably be an imperceptible change. This is because of the location of the page: the .htaccess file affects the pages in its directory and all of the directories under it. Each time a page loads, the server scans its directory, and any above it until it reaches the highest directory or an .htaccess file. This process will occur as long as the AllowOverride allows the use of .htaccess files, whether or not the file the .htaccess files actually exists.

Two: Security—the .htaccess file is much more accessible than standard apache configuration and the changes are made live instantly (without the need to restart the server). Granting users permission to make alterations in the .htaccess file gives them a lot of control over the server itself. Any directive placed in the .htaccess file, has the same effect as it would in the apache configuration itself.

Generally speaking, Apache discourages the use of the .htaccess if the user can easily reach the apache configuration files themselves.

Common Uses for an .htaccess Page

1. Mod_Rewrite: one of the most useful facets of the .htaccess file is mod_rewrite. You can use the space in the .htaccess file to designate and alter how URLs and web pages on your sites are displayed to your users.

Think about the last time you visited some shopping website, looking for that one specific thing you needed to buy. When you finally reached the page, the URL most likely looked something like this:

This is not because this website took the time to set up every single directory you would need to make your purchase, but because of a handy module called Mod_Rewrite. Mod_Rewrite allows you to make custom and simplified URLs as needed. In reality, the actual URL may have looked closer to this:

This tutorial will go over Activating Mod_Rewrite, Creating and Using the required .htaccess page, and setting up the URL rewrites.


2. Basic HTTP Authentication (Protect your folders):

 Although using the .htaccess file does not require as many permissions as accessing the apache2.conf file would require, we can still make effective changes to a site. Once such change is to require a password to access certain sections of the webpage.

The .htaccess passwords are kept in a file called .htpasswd. Go ahead and create and save that file, being sure to store it somewhere other than the web directory, for security reasons.

You should use the space inside the .htpasswd file to write in the name and passwords of all the users that you want to have access to the protected part of the site.

You can use this useful site to generate the username and encrypted password pair. If the username of your authorized user is jsmith and password is “awesome”, the pair would look like this: jsmith:VtweQU73iyETM. You can paste as many lines as needed into the .htpasswd file, but be sure that every user gets their own line.

Once you are finished with the .htpasswd file, you can type this code into the .htaccess file to begin using the password function:

AuthUserFile /usr/local/username/safedirectory/.htpasswd

AuthGroupFile /dev/null

AuthName "Please Enter Password"

AuthType Basic

Require valid-user

AuthUserFile: This line designates the server path to the .htpasswd file.

AuthGroupFile: This line can be used to convey the location of the .htgroup. As we have not created such a file, we can leave /dev/null in place.

AuthName: This is text that will be displayed at the password prompt. You can put anything here.

AuthType: This refers to the type of authentication that will be used to the check the passwords. The passwords are checked via HTTP and the keyword Basic should not be changed.

Require valid-user: This line represents one of two possibilities. “Require valid-user” tells the .htaccess file that there are several people who should be able to log into the password protected area. The other option is to use the phrase “require userusername” to indicate the specific permitted person.

3. Custom Error Pages: the .htaccess file additionally allows you to create custom error pages for your site. Some of the most common errors are:

  • 400 Bad Request
  • 401 Authorization Required
  • 402 Payment Required (not used yet)
  • 403 Forbidden
  • 404 Not Found
  • 405 Method Not Allowed
  • 406 Not Acceptable (encoding)
  • 407 Proxy Authentication Required
  • 408 Request Timed Out
  • 409 Conflicting Request
  • 410 Gone
  • 411 Content Length Required
  • 412 Precondition Failed
  • 413 Request Entity Too Long
  • 414 Request URI Too Long
  • 415 Unsupported Media Type 
  • 500 Internal Error

Host Server errors:

  • 500 Internal Server Error
  • 501 Not Implemented
  • 502 Bad Gateway
  • 503 Service Unavailable
  • 504 Gateway Timeout
  • 505 HTTP Version Not Supported 

To make a page look friendlier and to provide more information to the site visitor than the default server error page offers, you can use the .htaccess file to create custom error pages.

I’m going to create a 404 page in this tutorial. However, you can substitute that error for whatever you prefer:

Once you have created and uploaded desired error page, you can go ahead and designate its location in the .htaccess file.

ErrorDocument 404 /new404.html

Keep in mind that the Apache looks for the 404 page located within the site's root. If you placed the new error page in a deeper subdirectory, you need to include that in the line, making it look something like this:

ErrorDocument 404 /error_pages/new404.html



For more 25 uses for .htaccess file, Visit this page:


For the brief using methods download the following books:

1. htaccess Guide , Click here to download htaccess_Guiade.pdf - 358kb

2. شرح عمل جميع أوامر ملف .htaccess في الموقع بكل بساطة .. للتحميل اضغط هنا - 23kb



No Rights Reserved, Have fun !
Read more 14 Fantastic articles