Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

What is .htaccess file in PHP ?

  • Difficulty Level : Medium
  • Last Updated : 23 Nov, 2021

The .htaccess (Hypertext Access) file is an Apache distributed server configuration file. You can use the .htaccess file to set server configurations for a specific directory. This directory can be the root directory of your website or another subdirectory where the .htaccess file is created in order to enable extra features for that subdirectory.

You can use the .htaccess file to modify various configurations and thus make changes to your website. These changes include authorization, error handling, redirects for specific URLs, user permissions, etc. Like any other Apache configuration file, the .htaccess file is read from top to bottom. That is, the above configurations are performed before those below.

Common uses of the .htaccess file:

1. Change the default start page: Suppose you want to change your home page (e.g. index.html) with some other HTML page (e.g. home.html) while keeping the index.html file intact, you can change the default landing page by adding the code below in your .htaccess file.

DirectoryIndex home.html

In the configuration file, it is also possible to add more than one file. Here in this example, first, the server will check for index.html, if it does not find a file with that name, it continues to home.htm and so on.

DirectoryIndex index.html home.html config.php

2. Block a specific IP or range of IPs: You can also block a specific IP address or a range of IP addresses from visiting your website. To do this, you need to add these lines to your .htaccess file:

  • Denying specific IP: By using this template you can block any desired IP address

    Order Deny,Allow
    Deny from 192.206.221.140 
    (Here 192.206.221.140 is a specific IPv4 Address)
  • Denying list of IPs: By listing IP addresses line by line you can block a set of IP addresses.

    Order Deny,Allow
    Deny from 185.120.120.120
    Deny from 192.190.190.190
  • Denying access from a specific domain: Suppose you want to deny access to your hosted website from a particular domain (e.g., www.redirectingdomain.com) which contains a link to your website, in that case, you can use the code below in your .htaccess file. This will show 403 Forbidden error on clicking the link to your website from redirectingdomain.com

    SetEnvIfNoCase Referer "redirectingdomain.com" bad_referer
    Order Allow,Deny
    Allow from ALL
    Deny from env=bad_referer
  • Block or allow ranges of IP addresses :

    Order Allow,Deny
    Deny from 192.192.*.*
    Allow from all

    Where * is used for whole octets

Note: To restrict access from certain countries, you must obtain the IP address ranges assigned to that particular country. It is important to note that this method is not 100% efficient as the IP address assignments may change and the IP address ranges may overlap. Even so, this method blocks most of the traffic from the specified countries.

3. 301 Permanent Redirect: 301 is an HTTP response code to your web browser from the webserver. A 301 status code indicates that the requested resources have been permanently moved to a new URL. 301 redirects are very useful when a page is no longer relevant or the page is deleted. You can use the below code to apply 301 redirects.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain1.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.domain1.com [NC]
RewriteRule ^(.*)$ http://domain2.com/$1 [L,R=301,NC]

Or you can simply use the code below

Redirect 301 / http://domain.com

4. WWW to non-WWW and non-WWW to WWW: As search engines consider “www” and “non-www” URLs two different things, so redirecting requests from non-preferred domains becomes very important. Let’s take an example of “www.example.com”

  • To make the 301 redirects from www to non-www you have to add the following code into your .htaccess file:

    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^geeksforgeeks.com [NC]
    RewriteRule ^(.*)$ http://www.geeksforgeeks.com/$1 [L,R=301,NC]
  • If you want to make 301 redirects from non-www to www domain add the following code:

    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^www.geeksforgeeks.com [NC]
    RewriteRule ^(.*)$ http://geeksforgeeks.com/$1 [L,R=301,NC]

5. Redirect from HTTP to HTTPS: 

Why redirect traffic from HTTP to HTTPS?

There are two main reasons, one is Security because it ensures that the user data is encrypted from the user browser to the webserver and the second reason is the SEO(Search Engine Optimization) because HTTPS websites have higher advantages of ranking over HTTP websites. If you want to transfer the entire traffic of your website from HTTP to HTTPS, that you will need to add the following to your .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

6. Customize your Error Page: If you want to customize your 404 error page, you can define your own custom error page in the .htaccess file. Just copy the below text in your .htaccess file.

# Example 1: redirect errors to html files
ErrorDocument 404 /404.html

# Example 2: redirect errors to PHP file
ErrorDocument 404 /error.php?q=404

7. Authenticated folder: For authentication purposes, you can protect a directory of an application by adding the code given below in your .htaccess file. Once the .htaccess file is updated your directory will require a username and password to access it.

AuthName "Your Authenticated Folder"
AuthUserFile /path/.htpasswd
AuthType Basic
require valid-user

Here the first line of the code tells the Apache webserver that the name of the password-protected directory is “Your Authenticated Folder”. Second-line tells the path of that folder and the next line determines the type of authentication, in this example, we are using HTTP Basic authentication. Finally, the last line says we need valid credentials.

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!