A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.
Htaccess files are hidden plain text files that are on the server to help control how your visitors interact with your website. The htaccess file is also used to block specific traffic from being able to view your website. If you look for your .htaccess file you'll see that there's no filename. The extension is .htaccess which tells the server what type of file it is. In cPanel you can see if you have a current .htaccess file using file manager but you will need to make sure you have selected to view hidden files. If you are not familiar with using file manager please read our article. To view hidden files in file manager, select the 'file manager' icon in cPanel and make sure the box is checked next to 'Show Hidden Files.' Then click 'OK' and you will be able to view hidden files.
What can you do with a .htaccess file?
You might have a private area of your website you wish to keep password protected. This password protection is actually set up in the .htaccess file. Most of the functions of the htaccess file, you do not have to concern yourself with as they will be automatically written through cPanel. This is the case of password protecting directories. While you set it up in cPanel, it actually writes a directive to your htaccess file.
Other functions of the htaccess file include, prohibiting hotlinks, rewriting URLs, setting default pages, creating redirects, reconfiguring account settings, and much more. It's really important to realize how the htaccess file can affect your entire account. Changing something in the htaccess file can alter how your website functions so it's really important BEFORE making changes to your htaccess to backup your current htaccess file.
Five Common Uses for an .htaccess Page
You might have a private area of your website you wish to keep password protected. This password protection is actually set up in the .htaccess file. Most of the functions of the htaccess file, you do not have to concern yourself with as they will be automatically written through cPanel. This is the case of password protecting directories. While you set it up in cPanel, it actually writes a directive to your htaccess file.
Other functions of the htaccess file include, prohibiting hotlinks, rewriting URLs, setting default pages, creating redirects, reconfiguring account settings, and much more. It's really important to realize how the htaccess file can affect your entire account. Changing something in the htaccess file can alter how your website functions so it's really important BEFORE making changes to your htaccess to backup your current htaccess file.
Five Common Uses for an .htaccess Page
1. Mod_Rewrite: one of the most useful facets of the .htaccess
file is mod_rewrite. You can use the space in the .htaccess file to
designate and alter how URLs and web pages on your sites are displayed
to your users. You can find the entire tutorial on how to do this here.
2. Authentication: Although using the .htaccess file does not
require as many permissions as accessing the apache2.conf file would
require, we can still make effective changes to a site. Once such change
is to require a password to access certain sections of the webpage.
The .htaccess passwords are kept in a file called .htpasswd. Go ahead
and create and save that file, being sure to store it somewhere other
than the web directory, for security reasons.
You should use the space inside the .htpasswd file to write in the
name and passwords of all the users that you want to have access to the
protected part of the site.
You can use this useful site
to generate the username and encrypted password pair. If the username
of your authorized user is jsmith and password is “awesome”, the pair
would look like this: jsmith:VtweQU73iyETM. You can paste as many lines
as needed into the .htpasswd file, but be sure that every user gets
their own line.
Once you are finished with the .htpasswd file, you can type this
code into the .htaccess file to begin using the password function:
AuthUserFile /usr/local/username/safedirectory/.htpasswd
AuthGroupFile /dev/null
AuthName "Please Enter Password"
AuthType Basic
Require valid-user
- AuthUserFile: This line designates the server path to the .htpasswd file.
- AuthGroupFile: This line can be used to convey the location of the .htgroup. As we have not created such a file, we can leave /dev/null in place.
- AuthName: This is text that will be displayed at the password prompt. You can put anything here.
- AuthType: This refers to the type of authentication that will be used to the check the passwords. The passwords are checked via HTTP and the keyword Basic should not be changed.
- Require valid-user: This line represents one of two possibilities. “Require valid-user” tells the .htaccess file that there are several people who should be able to log into the password protected area. The other option is to use the phrase “require user username” to indicate the specific permitted person.
3. Custom Error Pages: the .htaccess file additionally allows you to create custom error pages for your site. Some of the most common errors are:
- 400 Bad Request
- 401 Authorization Required
- 403 Forbidden Page
- 404 File not Found
- 500 Internal Error
To make a page look friendlier and to provide more information to the
site visitor than the default server error page offers, you can use the
.htaccess file to create custom error pages.
I’m going to create a 404 page in this tutorial. However, you can substitute that error for whatever you prefer:
Once you have created and uploaded desired error page, you can go ahead and designate its location in the .htaccess file.
ErrorDocument 404 /new404.html
Keep in mind that the Apache looks for the 404 page located within
the site's root. If you placed the new error page in a deeper
subdirectory, you need to include that in the line, making it look
something like this:
ErrorDocument 404 /error_pages/new404.html
4. Mime Types: In cases where your site features some
application files that your server was not set up to deliver, you can
add MIME types to your Apache server in the .htaccess file with the
following code.
AddType audio/mp4a-latm .m4a
Be sure to replace application and file extension with the Mime Type that you want to support.
5. SSI: Server Side Includes are a great time-saver on a
website. One of the most common uses of SSI is to update a large number
of pages with some specific data, without having to update each page
individually (for example, if you want to change a quotation at the
bottom of a page).
To enable SSI, type the following code into your .htaccess file.
AddType text/html .shtml
AddHandler server-parsed .shtml
These three lines have the effect of telling the .htaccess that
.shtml files are valid, with the second line specifically making the
server parse all files ending in .shtml for any SSI commands.
However, if you have many .html pages that you are not eager to
rename with .shtml extensions, you can use another tactic to parse them
for SSI commands, the XBitHack.
Adding this line to the .htaccess file makes Apache check all the
html files with the appropriate permissions for Server Side Includes.
No comments:
Post a Comment