htaccess¶
HTTP and HTTPS protocols are used to provide access to the server for the website using web server software. One of the most widely used tools is the Apache HTTP server.
A special configuration file is used to configure Apache called httpd.conf or Apache.conf. The file is used to specify the configuration of the whole web server, but sometimes it is not reachable via FTP. Therefore, the system admin uses the particular .htaccess file to configure changes on a per-directory base. .htaccess file can customize the main configuration defined in httpd.conf/apache.conf.
Please note that .htaccess files slow the Apache HTTP server down slightly, so don't add access information. If you cannot see the file in the root, make sure of hidden files.
Listed are some main .htaccess usage scenarios.
Protecting the website¶
Comand to restrict the directory access:
Please note: This command restricts access to everyone, including you. If you want some specific IP to allow access, use this command:
Use this command to blacklist some IPs:
For password restrictions, add these directives to the htaccess:
For passwords, a text file named htpasswd should be created too, following the below structure:
You can find great online password generators like this.
The line
Redirects and rewrites¶
301 redirects is the most widely used htaccess feature among all. It is useful when you have moved your site to a new domain or changed the site's structure. It drives the search engines to the page's new location (URL).
Use this code to move the entire website to the new domain:
Use this code when you want to redirect particular files:
Even though the redirects setup is pretty straightforward, the rules are more complex, and we want you to check the primary source for more info.Forbid Hotlinking¶
Hotlinks mean the direct links from Website X to Website Y for non-HTML objects like images, movie files, etc. Hotlinks impact a lot on bandwidth usage and CPU load. To prevent this, add these directives to your htaccess on your server:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
yourdomain.com should be changed to the corresponding name of your domain
Website Optimisation¶
You can use many external extensions with Apache servers to extend the default functionality. One of them is mod_gzip and compress your HTML, JS, and CSS files. Add these directives to htaccess for such thing:
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
Usage of the caches can be specified by means of the mod_expires extension. Use this sample code:
<ifModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 1 seconds"
ExpiresByType image/gif "access plus 2592000 seconds"
ExpiresByType image/jpeg "access plus 2592000 seconds"
ExpiresByType image/png "access plus 2592000 seconds"
ExpiresByType text/css "access plus 604800 seconds"
ExpiresByType text/javascript "access plus 216000 seconds"
ExpiresByType application/x-javascript "access plus 216000 seconds"
</ifModule>
It is challenging to modify the htaccess as it may occur an immense amount of problems. There are several tools available to validate the file and make it free of any syntax errors. Here is one for ref.