What Is The htaccess File — How do I use it

3 min readApr 9, 2021

A file with the HTACCESS (Hyper Text Access) extension is an Apache Access Configuration File. These are text files used to invoke an exception to the global settings that apply to the various directories of an Apache website. Another common use for this file is for pointing to an HTPASSWD file that stores credentials preventing visitors from accessing that particular directory of files

The .htaccess file in Apache is a list of commands that allows Server configurations at the directory and subdirectory level. Using this file enables you to configure website permissions without having to altering Server configuration files. You can set 404 error pages, control the server’s configuration, modify the default settings, password protect directories, redirects, deny users based on IP and more

Advantages of .htaccess file

Reads all requests. Because .htaccess files are read on every request. Any changes made in these files take immediate effect. Opposed to the main configuration file which requires the Server to be restarted for the new settings to take effect. It can effectively manage user access based on the preference. Sets directory level configurations. Can increase SEO efforts

Working with the .htaccess file

You can access, view and edit the .htaccess file through cPanel File Manger or our preferred method is with a FTP program and a good Text Editor such as Note Pad++. Remember this file always starts with a period

Location of the .htaccess File

Normally this file in the root folder. If you are not able to find it in the root folder then it might be hidden. Enable hidden files in the settings of your program. Go to the “public_html” or “www” folder. This is where you will find all your website files. A single directory and multiple website subdirectories can have a separate .htaccess file

Example Files — Code Snippets

There are a vast amount of configuration possibilities that can be achieved within the .htaccess file. The list below is a few of the more commonly used examples

Allow All or Deny From

With this example it means that any person can access to your website or server
Notice the “allow from all”

<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory>

If you wanted to deny a user by way of their IP numbers it might look like this

<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny deny from 127.0.0.1 allow from all </Directory>

Removing file Extensions such as .PHP

RewriteEngine on RewriteCond %{REQUEST_FILENAME}.php -f RewriteRule !.*\.php$ %{REQUEST_FILENAME}.php [QSA,L]

Error Page Redirects

ErrorDocument 403 /forbidden.html ErrorDocument 404 /notfound.html ErrorDocument 500 /servererror.html

Setting the Default Directory Page

Most default website directory pages are named “index.html”. If you want your default to be something else like “home.html” use this format

DirectoryIndex home.html

Enabling SSI

Some web hosting servers will have Server Side Includes enabled by default. If not, you can enable it with your .htaccess file

AddType text/html .shtml AddHandler server-parsed .shtml Options Indexes FollowSymLinks Includes

Password Protect Directories

With this you will need two files, “.htaccess” and “.htpasswd”. The .htpasswd file needs to include some encryption. A tool like Htpasswd Generator to create the file works good

The .htaccess file should include this code;

AuthType Basic AuthName "Password Protected Area" AuthUserFile /path/to/.htpasswd Require valid-user