What is .htaccess? A Detailed Technical Guide
The .htaccess file is a powerful configuration file used by Apache-based web servers. It allows directory-level control over server behavior without requiring access to the main server configuration.
This makes it an essential tool for developers and system administrators who need to manage redirects, security rules, caching, and URL rewriting.
What Does .htaccess Do?
The .htaccess file defines how the server behaves for a specific directory and all its subdirectories.
- URL rewriting and clean URLs
- Redirects (301 and 302)
- Access control and authentication
- File and directory protection
- Caching and performance tuning
- Custom error pages
Where is .htaccess Located?
The file is usually located in the root directory of the website:
- /public_html/.htaccess
- /htdocs/.htaccess
- /www/.htaccess
It can also exist in subdirectories to override rules locally.
How to Access the .htaccess File
- Open File Manager and enable hidden files
- Use FTP/SFTP and enable dotfiles
- Use SSH and run:
cd /path/to/website
ls -laImportant Notes Before Editing
- Always create a backup before editing
- A syntax error can break the entire website
- Recommended file permission:
644
Default .htaccess File Example
# Enable Rewrite Engine
RewriteEngine On
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]
# Remove trailing slash
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Block access to sensitive files
<FilesMatch "\.(env|ini|log|conf)$">
Order allow,deny
Deny from all
</FilesMatch>
# Disable directory browsing
Options -Indexes
# Custom error pages
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
Explanation of Key Directives
RewriteEngine On enables URL rewriting.
RewriteCond and RewriteRule define conditions and actions.
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]This forces all traffic to use HTTPS.
FilesMatch is used to restrict access:
<FilesMatch "\.(env|ini|log)$">
Deny from all
</FilesMatch>Options -Indexes disables directory browsing.
ErrorDocument defines custom error pages.
Common Use Cases
Redirect HTTP to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Redirect Old URL to New URL
Redirect 301 /old-page.html /new-page.htmlPassword Protect a Directory
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-userSecurity Best Practices
- Block access to hidden files
- Restrict sensitive file types
- Disable directory listing
<FilesMatch "^\\.">
Deny from all
</FilesMatch>Performance Optimization Example
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 7 days"
</IfModule>When to Use .htaccess
- When server config access is not available
- When changes are directory-specific
- When quick updates are needed
Conclusion
The .htaccess file provides powerful control over server behavior at a granular level. When used correctly, it improves security, performance, and URL structure.
Care should always be taken when editing, as incorrect rules can impact the entire website.
