.htaccess files can be used to alter the configuration of the Apache Web Server.
For useful code to use in your .htaccess file, please see here.
- Creating a .htaccess File
- Uploading your .htaccess via Filezilla
- Viewing the .htaccess in Filezilla
- Editing the .htaccess File in Filezilla
- .htaccess Useful Code
Creating a .htaccess File
The .htaccess is a configuration file utilised by Apache web servers to alter a websites functionality.
1. Open a text editor such as Notepad ++.
2. From the View menu, ensure that Word Wrap is unchecked.
3. Click File > Save As.
4. Set the file type to All Types.
5. Name the file .htaccess and click Save.
Uploading your .htaccess via Filezilla
1. If you do not have a copy already, download & install Filezilla.
2. Open Filezilla and connect to your ftp account.
3. From the left hand menu, open the directory that contains your .htaccess file.
4. From the right hand open the web directory you wish to upload the .htaccess file to.
5. Drag the .htaccess file from your computer into the web directory.
Viewing the .htaccess in Filezilla
.htaccess is a hidden file by default, so an FTP client must be configured to view hidden files in order to make future edits to the .htaccess file.
1. Open Filezilla and select Server > Force showing hidden files.
2. Your .htaccess will now be viewable in Filezilla.
Editing the .htaccess File in Filezilla
Once you have found the code you wish to implement in your .htaccess, you will need to place it into your file.
1. Open Filezilla and connect to your FTP account.
2. Navigate to the directory the contains your .htaccess file.
3. Right click the .htaccess file and select View/Edit to open the file in your default text editor.
4. Input the code you wish to implement on your domain and select File > Save.
5. Within Filezilla a window prompt will appear. Select Yes to upload the changes made to your .htaccess file to the server.
.htaccess Useful Code
Useful code for use with your .htaccess configuration file.
- Logging Errors Using .htaccess
- Password Protecting Directories or Single Files Using .htaccess
- Canonical (preferred) 301 redirect with a .htaccess file
- Setting a New Document Root with .htaccess
- Redirecting HTTP to HTTPS using .htaccess
- Blocking referer link spam with .htaccess
- Using a .htaccess File to Block IP Addresses
- Enabling Gzip with a .htaccess File
- Leverage Browser Caching with .htaccess
- Removing File Extensions using a .htaccess File
- Stop Image Hot-Linking via a .htaccess File
- Block Spidering using a .htaccess File
- Block Visitors From Specific Referring Sites
- Prevent Users Accessing Log Files via the Web Browser
- Implementing Custom Error Message Pages using .htaccess
- Protecting WP-Admin with .htaccess
- Enable/Disable Directory Browsing using a .htaccess File
- Redirecting to another domain using .htaccess
- Changing PHP Memory Limits using .htaccess
Logging Errors Using .htaccess
1. Create and upload a .htaccess to your domain.
2. Stop PHP errors from displaying on your website by adding the following lines to your .htaccess file.
# Do not display PHP error messages php_flag display_startup_errors off php_flag display_errors off php_flag html_errors off
3. Enable PHP error logging and specify your php_error.log by the following lines to your .htaccess file.
# enable PHP error logging php_value error_reporting INSERT_VALUE_HERE php_flag log_errors on php_value error_log /hsphere/local/home/USERNAME/php_error_your_domain.log
INSERT_VALUE_HERE
The value used defines the level or error reporting you require, for example:
- -1 = ALL errors, not recommended but can be useful when used sparingly.
- 30719 = Same as E_ALL, less info than -1
- 30711 = E_ALL but not E_NOTICE
- 30709 = E_ALL but not E_NOTICE or E_WARNING
- 22517 = E_ALL but not E_NOTICE or E_WARNING or E_DEPRECATED
Please ensure that the path used in ‘php_value error_log’ is correct, you can find this from within your control panel under FTP/User Account > FTP User > Home Directory
1. Create the php_error_your_domain.log file.
2. Depending on the PHP mode your site is running:
- PHP libPHP mode you will need to give this file world writeable/777 permissions using your FTP client.
- PHP FastCGI mode is recommend as you do not have to open additional permissions (FTP uploaded files will have 644 permissions by default).
Password Protecting Directories or Single Files Using .htaccess
We have a stand alone guide for protecting files and directories with your .htaccess file using a username and password. This should help to deny access to specific locations through a web browser if you don’t want people accessing certain parts of your website.
Canonical (preferred) 301 redirect with a .htaccess file
1. Create and upload a .htaccess to your domain.
2. Insert the following code into your .htaccess file.
RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
Setting a new document root with .htaccess
1. Create and upload a .htaccess to your domain.
2. Place the following code within your .htaccess file replacing example.com with the relevant domain.
RewriteEngine on RewriteCond %{HTTP_HOST} ^example.com$ [NC,OR] RewriteCond %{HTTP_HOST} ^www.example.com$ RewriteCond %{REQUEST_URI} !public/ RewriteRule (.*) /public/$1 [L]
Redirecting HTTP to HTTPS using .htaccess
1. Create and upload a .htaccess to your domain.
2. Place the following lines into the .htaccess file.
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Why redirect to HTTPS?
This section of code is particularly useful when you have just had an SSL certificate installed as it will redirect visitors to the https:// version of your site.
Without this code, your site’s visitors will most likely be sent to the http:// version of your site, meaning they’ll get notified their connection still isn’t secure despite the site having an SSL certificate installed.
One of the reasons to redirect your visitors over to HTTPS is due to Google now using this as a ranking indicator. We cover this in greater detail in our Google’s SSL ranking blog post.
Using HTTPS also provides visitors with another layer of security, encrypting their communication with the website. This is highly recommended when the data being sent to your website needs to be handled in a secure way. Examples of sensitive data that needs to be handled securely include things such as bank account details and login details, which will need to be encrypted to help try and prevent potential attackers from gaining unauthorised access to them.
Blocking Referer Link Spam with .htaccess
1. Create and upload a .htaccess to your domain.
2. Add the following lines to your .htaccess file, replacing example1.com & example2.com with the relevant domains.
RewriteEngine on RewriteCond %{HTTP_REFERER} mygreatproduct.com [NC,OR] RewriteCond %{HTTP_REFERER} anothergreatproduct.com [NC] RewriteRule .* - [F]
Using a .htaccess File to Block IP Addresses
1. Create and upload a .htaccess to your domain.
2. Place one of the sets of code below with the relevant IP addresses changed.
Blocking Specific IP Addresses
Apache 2.2
order allow,deny deny from 192.168.1.1 deny from 192.168.1.2 deny from 192.168.1.3 allow from all
Apache 2.4
<RequireAll> Require all granted Require not ip 192.168.1.1 Require not ip 192.168.1.2 #Repeat the "Require not ip x.x.x.x" for each IP you’re wanting to deny access from </RequireAll>
Blocking Subnets, ISPs or Hostnames
Apache 2.2
order allow,deny deny from someisp.co.uk deny from 192.168. allow from all
Apache 2.4
<RequireAll> Require all granted Require not host example.com Require not IP 192.168 </RequireAll>
Deny All, But Allow Specific IPs or Networks
Apache 2.2
order deny,allow deny from all allow from 192.168.1.1
Apache 2.4
Require ip 192.168.2
Enabling Gzip with a .htaccess File
1. Create and upload a .htaccess to your domain.
2. Insert the following code into your .htaccess.
#Gzip php_flag zlib.output_compression on AddOutputFilterByType DEFLATE text/text text/html text/plain text/css text/xml application/x-javascript application/javascript text/javascript #End Gzip
Leverage Browser Caching with .htaccess
1. Create and upload a .htaccess to your domain.
2. Add the following code, with any time lengths changed.
<IfModule mod_expires.c> ExpiresActive On ExpiresByType image/jpg "access 1 year" ExpiresByType image/jpeg "access 1 year" ExpiresByType image/gif "access 1 year" ExpiresByType image/png "access 1 year" ExpiresByType text/css "access 1 month" ExpiresByType text/html "access 1 month" ExpiresByType application/pdf "access 1 month" ExpiresByType text/x-javascript "access 1 month" ExpiresByType application/x-shockwave-flash "access 1 month" ExpiresByType image/x-icon "access 1 year" ExpiresDefault "access 1 month" </IfModule>
Removing File Extensions using a .htaccess File
1. Create and upload a .htaccess to your domain.
2. Add the following code to your .htaccess file. This can be edited further to include other extensions such as .php by copying the RewriteRule lines and replacing .html
with another extension.
RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^([^/]+)/$ $1.html RewriteRule ^([^/]+)/([^/]+)/$ /$1/$2.html RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$ RewriteRule (.*)$ /$1/ [R=301,L]
Stop Image Hot-Linking via a .htaccess File
1. Create and upload a .htaccess to your domain.
2. Add the following code to your .htaccess file.
RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.co.uk(/)?.*$ [NC] RewriteRule .*.(gif|jpg|png)$ http://www.domain.co.uk/nohotlinking.png [R,NC]
Block Spidering using a .htaccess File
1. Create and upload a .htaccess to your domain.
2. Add the following code with the relevant parts replaced.
RewriteEngine on RewriteCond %{HTTP_USER_AGENT} ^searchbot1 [OR] RewriteCond %{HTTP_USER_AGENT} ^searchbot2 [OR] RewriteCond %{HTTP_USER_AGENT} ^searchbot3 RewriteRule ^(.*)$ http://www.yourSite.com/goAway.html
Or alternatively
RewriteEngine on RewriteCond %{HTTP_USER_AGENT} ^searchbot1 [OR] RewriteCond %{HTTP_USER_AGENT} ^searchbot2 [OR] RewriteCond %{HTTP_USER_AGENT} ^searchbot3 RewriteRule ^(.*)$ http://www.someOtherWebsite.com/ [R, L]
Block Visitors From Specific Referring Site
1. Create and upload a .htaccess to your domain.
2. Add the following code.
RewriteEngine on RewriteCond %{HTTP_REFERER} site-to-block.com [NC] RewriteCond %{HTTP_REFERER} site-to-block-2.com [NC] RewriteRule .* - [F]
Prevent Users Accessing Log Files via the Web Browser
1. Create and upload a .htaccess to your domain.
2. Add the following with NAME_OF_ERROR_LOG.log replaced with your log file name.
<Files NAME_OF_ERROR_LOG.log> Order allow,deny Deny from all Satisfy All </Files>
Implementing Custom Error Message Pages using .htaccess
1. Create and upload a .htaccess to your domain.
2. Implement the following code with the specific error documents you have set up.
ErrorDocument 403 /somePage1.html ErrorDocument 404 /somePage2.html ErrorDocument 500 /somePage3.html
Protecting WP-Admin with .htaccess
1. Create and upload a .htaccess to your domain.
2. Make a note of your IP Address.
3. Add the following code into your .htaccess replacing 192.168.0.1 with your IP Address.
<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteCond %{REMOTE_ADDR} !^192.168.0.1$ RewriteRule ^(.*)$ - [R=403,L] </IfModule>
Enable/Disable Directory Browsing using a .htaccess File
1. Create and upload a .htaccess to your domain.
2. To Enable Directory Browsing add the following code.
Options +Indexes ## block a few types of files from showing IndexIgnore *.wmv *.mp4 *.avi
3. To Disable Directory Browsing add the following code.
Options All -Indexes
Redirecting to another domain using your .htaccess file
1. Create and upload a .htaccess to your domain.
2. To Redirect to another domain add the following code.
RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^OLDDOMAIN\.com$ [NC] RewriteRule ^(.*)$ http://NEWDOMAIN.com [R=301,L]
Simply replace the OLDDOMAIN.COM & NEWDOMAIN.COM with your respected domains.
Changing PHP Memory Limits using .htaccess
1. Create and upload a .htaccess to your domain.
2. To Change the PHP memory limit add the following code. (By default this is 256M)
php_value memory_limit xxxM
Simply replace the xxx with your required PHP Memory (In megabytes).
Classification: Public
Last saved: 2021/07/06 at 15:32 by Jamie