Apache TechNotes      |     Apache Home

What is the .htaccess file? .htaccess is a file extension, not a file. An htaccess file is simply an ASCII text file. It can be added to any standard Apache configuration to provide customers with the ability to manage the content of their own site. The file contains Apache directives provided by the Apache web servers to execute commands for controlling a website.   .htaccess is an abbreviation for Hypertext Access; the default name for Apache's directory-level configuration file. These configuration directives apply to the documents in all the directories and the subdirectories where the .htaccess file remains located. However, the other .htaccess files in the subdirectories may alter or nullify the effects of the ones in the parent directories.   The .htaccess file dictates how your site is accessed and utilized. It's important to be extremely careful when editing this file. Even the smallest mistake can render your site inoperable. Once you change the .htaccess file you should immediately test your site to ensure it is functioning properly. One of the negative sides of the .htaccess files is they can slow down servers considerably. If you're going to use a directive in this file, do a series of tests to evaluate the impact it has to your website.   Edit a .htaccess file with any text editing software Any text editing software can be used to create or modify the .htaccess files. You'll want to keep all the commands on a single line. This can be achieved by disabling word-wrap in the editor. I recommend using Notepad, it's the easiest and available on all Windows systems.   If your editor does not allow you to save the file as .htaccess, then save it as htaccess.txt. After you upload the file, rename it to .htaccess. Occasionally you may also need to change permissions on the file after it's uploaded. The file should have 644 or (RW-R--R--). This serves a two-way purpose: for making the file usable by the server and to prevent it from being read by a browser. When you upload your new .htaccess file, make sure you're transferring it in ASCII mode, not in BINARY mode.   To hide the inner content of the .htaccess file, use the following directive: <Files .htaccess> order allow,deny deny from all </Files>   Allowing and Preventing Directory Access Most web servers are configured to prevent browsing content directories of your website. This is a good idea for security purposes and to keep prying eyes out of your website. If this function has not been disabled, you can add a line to the .htaccess file and prevent this kind of access.   To deny directory access, use the following directive: IndexIgnore */*   In case you want to override the servers settings regarding stopping of unauthorized access, write the following in the command line of your .htaccess file. Options +Indexes   Blocking Intrusion or unauthorized access to a website You can stop certain IP addresses or domains from accessing your website as well. This maybe something you want to do to limit bots from utilizing your bandwidth and overloading your site. The banned users will receive a 403 error and the message "You do not have permission to access this site".   To deny IP/domain access, use the following directive: order allow,deny deny from 123.456.78.90 deny from 123.456.78 deny from .aol.com allow from all   Preventing Linking to the Images of a website Some web sites want to use the images directly from your website instead of uploading them to their own web server. This saves their disk space; but it can seriously exhaust your bandwidth. If your website has high traffic volume, it is a very good precaution to prevent this kind of practice. But even if your site isn't high traffic, you might want to block people from stealing from your resources.   To deny graphic/bandwidth stealing, use the following directive: RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www.)?yourdomainname.com/.*$ [NC] RewriteRule .*\.(gif|jpe?g|png|bmp)$ [F,NC]   If you have parked domains on your main domain, this directive will disallow your graphics to be displayed on those parked domains. The solution is to permanently redirect your parked domains to your maindomain. Assuming of course that the content on the parked domains are exactly the same as the main domain. Stopping the Email address collectors Some robot visitors maybe important to your website. Such as search engines that visit your website. However, there are other malevolent robots that you may need to block. Especially those that collect e-mail addresses and add them to spam mail lists.   To deny e-mail collections, use the following directive: RewriteCond %{HTTP_USER_AGENT} A [OR] RewriteCond %{HTTP_USER_AGENT} B [OR] RewriteCond %{HTTP_USER_AGENT} C RewriteRule ^.*$ X.html [L]   A, B, C are the name of the robots and must be followed by '[OR]', except for the last entry. [You'll replace the A, B, and C with the actual name(s) of the robots you're trying to block]. Though this directive is by no means a sure fire method to block getting spammed, it is very useful for known robots. You can do a search and find many of the common culprits, then add them to your list. Keeping an exhaustive list is a big a task, and each line adds a little bit of degradation to your website's response. But it can be a helpful tool to use.   Editing .htaccess for redirecting parked domains Some of the previous directives can play havoc with your parked domains. So here’s a solution, permanently redirect your parked domains to the main domain.   Use the following directive to redirect parked domains to you main domain. # Perm. Redirect Parked Domains RewriteEngine on RewriteCond %{HTTP_HOST} ^parkeddomain1.com$ RewriteRule ^(.*)$ http://maindomain.com/$1 [R=301]   If you have more than one parked domain, use [or] in the directive: # Perm. Redirect Parked Domains RewriteEngine on RewriteCond %{HTTP_HOST} ^parkeddomain1.com$ [OR] RewriteCond %{HTTP_HOST} ^parkeddomain2.com$ RewriteRule ^(.*)$ http://maindomain.com/$1 [R=301]   If you are trying to redirect unqualified URLs to fully qualified DNS names use the following format: # Perm. Redirect Parked Domains RewriteEngine on RewriteCond %{HTTP_HOST} ^parkeddomain1.com$ [OR] RewriteCond %{HTTP_HOST} ^parkeddomain2.com$ RewriteRule ^(.*)$ http://www.maindomain.com/$1 [R=301]   Editing .htaccess for redirecting to Files/Directories A major website overhaul often involves renaming large number of web pages. If these pages were indexed by search engines and/or book-marked by users, the only solution is a redirect meta tag on the head of the old pages. This shall redirect the users to the new pages, but if a search engine fails to do so, then .htaccess is the last straw.   The following directive can be repeated for each file that needs to be redirected. The directory name must be included if the file is placed some where other than the root directory. Redirect permanent /oldfile.html http://www.domain.com/filename.html   Changing the Default Directory Page The default directory page is usually named as index.htm or index.html, and many servers allow a range of pages called index (with multiple extensions) to be the default page. But .htaccess makes it possible for other combinations to be used. Such as abc.htm, or xyz.html.   To change your default page name, use the following directive: Directory Index xyz.html   This directive can also be used to specify alternatives, in case the first filename doesn't exist. For instance, if your server doesn't find index.html, it looks for index.htm, if neither of those files are found, it looks for xyz.html   To change your default page name, and provide for alternative name, use the following directive: Directory Index index.html index.htm x.html y.html Allowing Server Side Includes (SSI) in .html files Most servers are configured to allow for Server Side Includes (SSI) in files with an shtml extension. If all of the pages on your website will be created with a side bar menu that you want to use as an SSI file, you may want to change this configuration to recognize all htm and html files as SSI compatible. Keep in mind this will slow down the response of your website and add time to loading your pages.   To change the SSI extension, use the following directive: AddType text/html .html AddHandler server-parsed .html AddHandler server-parsed .htm   Additional Things to Remember It's important to remember the power of the .htaccess file. If there are unrecognized directives, or minor mistakes in these configuration files, your server will log an error message and could fail to start. And visitors to your site will receive an 'Internal Server Error' page.   What is listed here are just the most common directives utilized in an .htaccess file. For additional directives and information, refer to the Apache User's Guide for more information. You might also find these other sites helpful.   Apache’s Guide To .htaccess A Simple Guide To .htaccess BigNoseBird.com Apache Reference