1. Home
  2. Scripting
  3. .htaccess Guides

.htaccess Guides


.htaccess files can be used to alter the configuration of the Apache Web Server.
For useful code to use in your .htaccess file, please see here.


Creating a .htaccess File

The .htaccess is a configuration file utilised by Apache web servers to alter a websites functionality.

1. Open a text editor such as Notepad ++.

2. From the View menu, ensure that Word Wrap is unchecked.

3. Click File > Save As.

4. Set the file type to All Types.

5. Name the file .htaccess and click Save.


Uploading your .htaccess via Filezilla

1. If you do not have a copy already, download & install Filezilla.

2. Open Filezilla and connect to your ftp account.

3. From the left hand menu, open the directory that contains your .htaccess file.

4. From the right hand open the web directory you wish to upload the .htaccess file to.

5. Drag the .htaccess file from your computer into the web directory.


Viewing the .htaccess in Filezilla

.htaccess is a hidden file by default, so an FTP client must be configured to view hidden files in order to make future edits to the .htaccess file.

1. Open Filezilla and select Server > Force showing hidden files.

2. Your .htaccess will now be viewable in Filezilla.


Editing the .htaccess File in Filezilla

Once you have found the code you wish to implement in your .htaccess, you will need to place it into your file.

1. Open Filezilla and connect to your FTP account.

2. Navigate to the directory the contains your .htaccess file.

3. Right click the .htaccess file and select View/Edit to open the file in your default text editor.

4. Input the code you wish to implement on your domain and select File > Save.

5. Within Filezilla a window prompt will appear. Select Yes to upload the changes made to your .htaccess file to the server.



.htaccess Useful Code

Useful code for use with your .htaccess configuration file.


Logging Errors Using .htaccess

1. Create and upload a .htaccess to your domain.

2. Stop PHP errors from displaying on your website by adding the following lines to your .htaccess file.

# Do not display PHP error messages
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off

3. Enable PHP error logging and specify your php_error.log by the following lines to your .htaccess file.

# enable PHP error logging
php_value error_reporting INSERT_VALUE_HERE
php_flag log_errors on
php_value error_log /hsphere/local/home/USERNAME/php_error_your_domain.log

INSERT_VALUE_HERE
The value used defines the level or error reporting you require, for example:

  • -1 = ALL errors, not recommended but can be useful when used sparingly.
  • 30719 = Same as E_ALL, less info than -1
  • 30711 = E_ALL but not E_NOTICE
  • 30709 = E_ALL but not E_NOTICE or E_WARNING
  • 22517 = E_ALL but not E_NOTICE or E_WARNING or E_DEPRECATED

Please ensure that the path used in ‘php_value error_log’ is correct, you can find this from within your control panel under FTP/User Account > FTP User > Home Directory

1. Create the php_error_your_domain.log file.

2. Depending on the PHP mode your site is running:

  • PHP libPHP mode you will need to give this file world writeable/777 permissions using your FTP client.
  • PHP FastCGI mode is recommend as you do not have to open additional permissions (FTP uploaded files will have 644 permissions by default).

Password Protecting Directories or Single Files Using .htaccess

We have a stand alone guide for protecting files and directories with your .htaccess file using a username and password. This should help to deny access to specific locations through a web browser if you don’t want people accessing certain parts of your website.


Canonical (preferred) 301 redirect with a .htaccess file

1. Create and upload a .htaccess to your domain.

2. Insert the following code into your .htaccess file.

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

Setting a new document root with .htaccess

1. Create and upload a .htaccess to your domain.

2. Place the following code within your .htaccess file replacing example.com with the relevant domain.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example.com$
RewriteCond %{REQUEST_URI} !public/
RewriteRule (.*) /public/$1 [L]

Redirecting HTTP to HTTPS using .htaccess

1. Create and upload a .htaccess to your domain.

2. Place the following lines into the .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Why redirect to HTTPS?

This section of code is particularly useful when you have just had an SSL certificate installed as it will redirect visitors to the https:// version of your site.
Without this code, your site’s visitors will most likely be sent to the http:// version of your site, meaning they’ll get notified their connection still isn’t secure despite the site having an SSL certificate installed.

One of the reasons to redirect your visitors over to HTTPS is due to Google now using this as a ranking indicator. We cover this in greater detail in our Google’s SSL ranking blog post.

Using HTTPS also provides visitors with another layer of security, encrypting their communication with the website. This is highly recommended when the data being sent to your website needs to be handled in a secure way. Examples of sensitive data that needs to be handled securely include things such as bank account details and login details, which will need to be encrypted to help try and prevent potential attackers from gaining unauthorised access to them.


Blocking Referer Link Spam with .htaccess

1. Create and upload a .htaccess to your domain.

2. Add the following lines to your .htaccess file, replacing example1.com & example2.com with the relevant domains.

RewriteEngine on
RewriteCond %{HTTP_REFERER} mygreatproduct.com [NC,OR]
RewriteCond %{HTTP_REFERER} anothergreatproduct.com [NC]
RewriteRule .* - [F]

Using a .htaccess File to Block IP Addresses

1. Create and upload a .htaccess to your domain.

2. Place one of the sets of code below with the relevant IP addresses changed.

Blocking Specific IP Addresses

Apache 2.2

order allow,deny
deny from 192.168.1.1
deny from 192.168.1.2
deny from 192.168.1.3
allow from all

Apache 2.4

<RequireAll>
Require all granted
Require not ip 192.168.1.1
Require not ip 192.168.1.2
#Repeat the "Require not ip x.x.x.x" for each IP you’re wanting to deny access from
</RequireAll>

 

Blocking Subnets, ISPs or Hostnames

Apache 2.2

order allow,deny
deny from someisp.co.uk
deny from 192.168.
allow from all

Apache 2.4


<RequireAll>
Require all granted
Require not host example.com
Require not IP 192.168
</RequireAll>

 

Deny All, But Allow Specific IPs or Networks

Apache 2.2

order deny,allow
deny from all
allow from 192.168.1.1

Apache 2.4

Require ip 192.168.2

Enabling Gzip with a .htaccess File

1. Create and upload a .htaccess to your domain.

2. Insert the following code into your .htaccess.

#Gzip
php_flag zlib.output_compression on
AddOutputFilterByType DEFLATE text/text text/html text/plain text/css text/xml application/x-javascript application/javascript text/javascript
#End Gzip

Leverage Browser Caching with .htaccess

1. Create and upload a .htaccess to your domain.

2. Add the following code, with any time lengths changed.

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>

Removing File Extensions using a .htaccess File

1. Create and upload a .htaccess to your domain.

2. Add the following code to your .htaccess file. This can be edited further to include other extensions such as .php by copying the RewriteRule lines and replacing .html

with another extension.

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)/$ $1.html
RewriteRule ^([^/]+)/([^/]+)/$ /$1/$2.html
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$
RewriteRule (.*)$ /$1/ [R=301,L]

Stop Image Hot-Linking via a .htaccess File

1. Create and upload a .htaccess to your domain.

2. Add the following code to your .htaccess file.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.co.uk(/)?.*$ [NC]
RewriteRule .*.(gif|jpg|png)$ http://www.domain.co.uk/nohotlinking.png [R,NC]

Block Spidering using a .htaccess File

1. Create and upload a .htaccess to your domain.

2. Add the following code with the relevant parts replaced.

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^searchbot1 [OR]
RewriteCond %{HTTP_USER_AGENT} ^searchbot2 [OR]
RewriteCond %{HTTP_USER_AGENT} ^searchbot3
RewriteRule ^(.*)$ http://www.yourSite.com/goAway.html

Or alternatively

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^searchbot1 [OR]
RewriteCond %{HTTP_USER_AGENT} ^searchbot2 [OR]
RewriteCond %{HTTP_USER_AGENT} ^searchbot3
RewriteRule ^(.*)$ http://www.someOtherWebsite.com/ [R, L]

Block Visitors From Specific Referring Site

1. Create and upload a .htaccess to your domain.

2. Add the following code.

RewriteEngine on
RewriteCond %{HTTP_REFERER} site-to-block.com [NC]
RewriteCond %{HTTP_REFERER} site-to-block-2.com [NC]
RewriteRule .* - [F]

Prevent Users Accessing Log Files via the Web Browser

1. Create and upload a .htaccess to your domain.

2. Add the following with NAME_OF_ERROR_LOG.log replaced with your log file name.

<Files NAME_OF_ERROR_LOG.log>
Order allow,deny
Deny from all
Satisfy All
</Files>

Implementing Custom Error Message Pages using .htaccess

1. Create and upload a .htaccess to your domain.

2. Implement the following code with the specific error documents you have set up.

ErrorDocument 403 /somePage1.html
ErrorDocument 404 /somePage2.html
ErrorDocument 500 /somePage3.html

Protecting WP-Admin with .htaccess

1. Create and upload a .htaccess to your domain.

2. Make a note of your IP Address.

3. Add the following code into your .htaccess replacing 192.168.0.1 with your IP Address.

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
    RewriteCond %{REMOTE_ADDR} !^192.168.0.1$
    RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

Enable/Disable Directory Browsing using a .htaccess File

1. Create and upload a .htaccess to your domain.

2. To Enable Directory Browsing add the following code.

Options +Indexes
## block a few types of files from showing
IndexIgnore *.wmv *.mp4 *.avi

3. To Disable Directory Browsing add the following code.

Options All -Indexes

 

Redirecting to another domain using your .htaccess file

1. Create and upload a .htaccess to your domain.

2. To Redirect to another domain add the following code.

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^OLDDOMAIN\.com$ [NC]
RewriteRule ^(.*)$ http://NEWDOMAIN.com [R=301,L]

Simply replace the OLDDOMAIN.COM & NEWDOMAIN.COM with your respected domains.


 

Changing PHP Memory Limits using .htaccess

1. Create and upload a .htaccess to your domain.

2. To Change the PHP memory limit add the following code. (By default this is 256M)

php_value memory_limit xxxM

Simply replace the xxx with your required PHP Memory (In megabytes).


Click here for full details

Classification: Public
Last saved: 2021/07/06 at 15:32 by Jamie

How can we help?