SEO — 8 MIN READ — NOV 8, 2017

The Ultimate Guide to .htaccess Files

The Ultimate Guide to Htaccess Files
Picture by: Maria Marikutsa

Sasneh R.
Brand Manager at TechWyse
.htaccess Apache configuration files are some kind of a mystery for many developers and SEOs. Learning the basics of this filename configuration can help with the automatic gzipping of content, improving caching, providing friendlier URLs, preventing hotlinking, and so on.

What is .htaccess?

.htaccess is not a file extension but a filename; it is an abbreviation for Hypertext Access. In other words, you will never find a file with the .htaccess extension, like file.htaccess.

.htaccess are used by Apache-based web servers to make configuration changes for each directory. Generally, a file containing at least one configuration directive is placed in a specific document directory. Next, the directives are applied to that directory and subdirectories.

Developers typically encounter .htaccess files when using a Content Management System (CMS), such as Wordpress or Magento. It is one of the files that lie on your web server which you can access via FTP, but it does not necessarily need to be edited before uploading. If you do change it, you must ensure that the filename remains as '.htaccess', and doesn't end up with .html, .txt., or another extension.

To edit the file, go the public_html directory, and open it using File Manager in the cPanel. Alternatively, connect to your account via your preferred FTP Client.

Directives

Apache uses this terminology 'Directives' for the commands in Apache's configuration files. They're usually fairly short commands that modify the behavior of the Apache. .htaccess files allow you to execute multiple directives without necessarily accessing the Apache core server configuration file named: httpd.conf or global configuration file.

Keep in mind that some web hosting services don't let you change the contents of the .htaccess file. However, in most cases, you should be able to create your own .htaccess file or edit the one that comes with your installed CMS. The .htaccess file is intended to give you control over a directory and all its contents.

You can use the .htaccess file to:

  • Protect specific folders with a password
  • Prevent directory listings
  • Create and use personalized error pages
  • Automatically redirect visitors to other pages
  • Ban or allow users using IP addresses
  • Change how files with specific extensions are utilized

How to use .htaccess

All you need to create a .htaccess file is a text editor like UltraEdit or TextPad, but not MS NotePad.
Here's another example:
AuthName “Subscriber's Name”
AuthUserFile /path/to/password/file/.htpasswd
AuthType Basic
Require valid-user 
ErrorDocument 401 /error_pages/401.html
AddHandler server-parsed.html
This example allows directory password protection; redirects visitors to a personalized error webpage if they input the wrong authentication information; and allows the use of SSI with '.html' files.

Using .htaccess file to create custom error pages for better SEO

You can use .htaccess files to redirect visitors to a custom error page. For instance, you can direct them to some of your best pages, a sitemap with links to the categories of your site, a specific landing page or feature your FAQ page to assist your visitors without forcing them to leave your site to find something.

The common error codes include:
  • 400 – bad request
  • 404 – file not found
  • 403 – forbidden
  • 401 – authorization required
  • 500 – internal server error

Using .htaccess to deny users based on their IP address

There are different ways to block visitors by IP address, whether from a specific country or specific users who are harassing your website. To enable visitor blocking and restrictions, simply create your custom .htaccess file and include the following text:
Order allow,deny 
Deny from 123.123.123.123 
Deny from 255.255.43. 
Allow from all 
This example tells the Apache Web server to deny web access to users from the two IP addresses: '123.123.123.123' and '255.255.43.' The fact that the second IP address does not have the 4th digits implies that all IP addresses matching the first three digits will automatically be denied access.

You can use different variations of IP addresses depending on what you want to block, including:

  • Blocking a specific IP address
  • Blocking a specific domain
  • Blocking multiple IP addresses
  • Blocking an entire subnet
  • Blocking an IP based on CIDR
  • Blocking IPv6 addresses
  • Blocking IP based on regular expression
  • Redirect based on IP address
  • Block specific request types
  • Complete notatio

You can also block all users except yourself (webmaster), by including the following lines in your .htaccess file:
Order allow, deny 
Allow from 255.1.1.1 
Deny from all 
These lines instruct the Apache Web Server to deny access to all users with the exception of visitors with the specified IP address - like your IP.

You can add as many 'allow from' and 'deny from' records as you want after the 'order allow,deny' line. Also remember to change the bottom line, 'allow from all' or 'deny from all' depending on what you want.

Blocked users will be directed to the '403 Forbidden' error message, which you can amend to your liking.

Changing server signature

The server signature displayed as part of the default Apache error documents can be changed using the following code:
ServerSignature Email 
SetEnv SERVER_ADMIN nospace@pleasenospace.com 
This sample code can be used to change the displayed/default address if it has been wrongly set. But to completely remove the server signature, use the following code instead:
ServerSignature Off

Final note

The ability to edit .htaccess files is particularly useful for hosting companies that offer shared hosting. The provider does not give clients access to the global configuration file. Allowing access to .htaccess, allows you and other webmasters to implement your own custom Apache directives.

That said, you should keep in mind that every edit that can be implemented with a .htaccess file is also doable with httpd.conf file, but the converse is not true. In fact, you must enable .htaccess files in the httpd.conf file for it to be executable. Once enabled, they can be superior to certain settings, which gives you greater control over the features and functions you can manipulate.

Recommended articles

Subscribe to our newsletter
Keep up to date with our latest news, events and blog posts!

Comments

Sign In Free Sign Up

You’ve reached your query limit.

Or email
Forgot password?
Or email
By clicking 'Sign Up Free' I agree to Serptat's
Terms of Service and Privacy Policy
Back To Login

Don’t worry! Just fill in your email and we’ll send over your password.

Are you sure?
Please pick the project to work on

Personal demonstration

Serpstat is all about saving time, and we want to save yours! One of our specialists will contact you and discuss options going forward. These may include a personal demonstration, a trial period, comprehensive training articles & webinar recordings, and custom adivce from a Serpstat specialist. It is our goal to make you feel comfortable while using Serpstat.

Name
Email
Phone
Skype or Google Hangouts
Comment

Upgrade your plan

Sign Up Free

Спасибо, мы с вами свяжемся в ближайшее время

Invite
E-mail
Role
Message
Optional

You have run out of limits

You have reached the limit for the number of created projects. You cannot create new projects unless you increase the limits or delete existing projects.

I want more limits