Using Apache Web Server .htaccess files
This article explains the role of Apache`s .htaccess files and how to use and configure them.
About the Apache .htaccess files
The .htaccess files (or
distributed configuration files) provide a way to make configuration changes on a per-directory basis.
A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.
Using .htaccess files slows down your Apache http server. You should avoid using .htaccess files completely if you have access to httpd main server config file. However, in general, use of .htaccess files should be avoided whenever is possible. Any configuration that you would consider putting in a .htaccess file, can just as effectively be made in a
<Directory>section in your main server configuration file.
When you put configuration directives in a
.htaccessfile, and you don't get the desired effect, there are a number of things that may be going wrong. Most commonly, the problem is that AllowOverride is not set such that your configuration directives are being honored. Make sure that you don't have a AllowOverride None in effect for the file scope in question. A good test for this is to put garbage in your
.htaccessfile and reload the page. If a server error is not generated, then you almost certainly have AllowOverride None in effect.
What should .htaccess files generaly be used for
- Redirects and URL Rewrites
- Cross-origin Resources
- Custom Error Pages/Messages
- Media Types and Character Encodings
- Content Security Policy (CSP)
- Set the Cache Expiration Policy (for specific resources)
- Compress media types
- Directory access / Block access to some files or directories
- Password protection for directories
- HTTP Strict Transport Security (HSTS)
- Referrer Policy
- Disable TRACE HTTP Method
- Remove the X-Powered-By response header
- Fix broken AcceptEncoding Headers
.htaccessfiles are written in the Apache Directives variant of the Perl Compatible Regular Expressions (PCRE) language. Learning basic PCRE itself can help in mastering work with these files. Because the
.htaccessfiles are read on every request, changes made in these files take immediate effect - as opposed to the main configuration file which requires the server to be restarted for the new settings to take effect. The use of
.htaccessfiles allows easy per directory customizations because the main server configuration files do not need to be changed.
Below there are several .htaccess samples for various purposes
## Sample .htaccess file for restrict any access to a directory # Disable any access to a directory IndexIgnore * AuthType Basic AuthName "Forbidden Area" require valid-user Order allow,deny Deny from all
## Sample .htaccess file for restrict any access to a directory but allow the IP 127.0.0.1 # Restrict by IP order deny,allow deny from all allow from 127.0.0.1
## Sample .htaccess file to be placed in the top level of a website to allow cross-domain access to certain type of files # Cross Origin Access for some resources (uncomment this for use with multiple sub-domains for cross domain requests) <FilesMatch "\.(woff2|woff|ttf|svg|png|gif|jpg|jpe|jpeg|webm)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch>