A .htaccess file lets you control the behavior of your site or a specific directory on your site. For example, if you place a .htaccess file in your root directory, it will affect your entire site (www.myonlinefurniture.com). If you place it in a /content directory, it will only affect that directory (www.myonlinefurniture.com/content).
.htaccess works on all of Linux hosting accounts.
Some examples of what a .htaccess file can be used for are:
- Customize the error pages for your site
- Protect your site with a password
- Enable server-side includes
- Deny access to your site based on IP
- Change the default page (index.html) that is loaded for your site
- Redirect visitors to another page
- Prevent directory listing
- Add MIME types
A .htaccess file is a simple text file with the name .htaccess. It is not a file extension like .html or .txt, as the entire file name is .htaccess. It is a distributed configuration file and is how Apache handles configuration changes on a per-directory basis.
Here are the various configurations & basic .htaccess file to restore a corrupted .htaccess file (e.g. a misbehaving plugin)
Basic .htaccess file for WordPress
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
General Configurations
1. Options
Any options preceded by a + are added to the options currently in force, and any options preceded by a – are removed from the options currently in force.
Possible values for the Options directive are any combination of:
None
All options are turned off.
All
All options except for MultiViews. This is the default setting.
ExecCGI
Execution of CGI scripts using mod_cgi is permitted.
FollowSymLinks
The server will follow symbolic links in this directory.
Includes
Server-side includes provided by mod_include are permitted.
IncludesNOEXEC
Server-side includes are permitted, but the #exec cmd and #exec cgi are disabled.
Indexes
URL maps to a directory, and no DirectoryIndex, a formatted listing of the directory.
MultiViews
Content negotiated “MultiViews” are allowed using mod_negotiation.
SymLinksIfOwnerMatch
Only follow symbolic links where target is owned by the same user id as the link.
This will disable all options, and then only enable FollowSymLinks, which is necessary for mod_rewrite.
Options None Options FollowSymLinks
2. DirectoryIndex
DirectoryIndex sets the file that Apache will serve if a directory is requested.
Several URLs may be given, in which case the server will return the first one that it finds.
DirectoryIndex index.php index.html /index.php
3. DefaultLanguage
DefaultLanguage will cause all files that do not already have a specific language tag associated with it will use this.
DefaultLanguage en
4. Default Charset
Set the default character encoding sent in the HTTP header.
AddDefaultCharset UTF-8
Set Charset for Specific Files
AddType 'text/html; charset=UTF-8' .html
Set for specific files
AddCharset UTF-8 .html
5. ServerSignature
The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents. Optionally add a line containing the server version and virtual host name to server-generated pages (internal error documents, FTP directory listings, mod_status and mod_info output etc., but not CGI generated documents or custom error documents).
On
adds a line with the server version number and ServerName of the serving virtual host
Off
suppresses the footer line
creates a “mailto:” reference to the ServerAdmin of the referenced document
SetEnv SERVER_ADMIN admin@site.com ServerSignature Email
6. Force Files to be Downloaded
The below will cause any requests for files ending in the specified extensions to not be displayed in the browser but instead force a “Save As” dialog so the client can download.
AddType application/octet-stream .avi .mpg .mov .pdf .xls .mp4
7. HTTP Compression
The AddOutputFilter directive maps the filename extension extension to the filters which will process responses from the server before they are sent to the client. This is in addition to any filters defined elsewhere, including SetOutputFilter and AddOutputFilterByType. This mapping is merged over any already in force, overriding any mappings that already exist for the same extension.
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Force Compression for certain files
SetOutputFilter DEFLATE
8. Send Custom HTTP Headers
The Header directive lets you send HTTP headers for every request, or just specific files. You can view a sites HTTP Headers using Firebug, Chrome Dev Tools, Wireshark or an online tool.
Header set X-Pingback "http://www.askapache.com/xmlrpc.php" Header set Content-Language "en-US"
9. Unset HTTP Headers
This will unset HTTP headers, using always will try extra hard to remove them.
Header unset Pragma Header always unset WP-Super-Cache Header always unset X-Pingback
10. Password Protect Login
This is very useful for protecting the wp-login.php file. You can use this htpasswd generator.
Basic Authentication
AuthType Basic AuthName "Password Protected" AuthUserFile /full/path/to/.htpasswd Require valid-user Satisfy All
Digest Authentication
AuthType Digest AuthName "Password Protected" AuthDigestDomain /wp-login.php https://www.askapache.com/wp-login.php AuthUserFile /full/path/to/.htpasswd Require valid-user Satisfy All
11. Require Specific IP
This is a way to only allow certain IP addresses to be allowed access.
ErrorDocument 401 default ErrorDocument 403 default Order deny,allow Deny from all Allow from 198.101.159.98 localhost
12. Protect Sensitive Files
This denies all web access to your wp-config file, error_logs, php.ini, and htaccess/htpasswds.
Order deny,allow Deny from all
13. Require SSL
This will force SSL, and require the exact hostname or else it will redirect to the SSL version. Useful in a /wp-admin/.htaccess file.
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "www.wordpress.com"
ErrorDocument 403 https://www.wordpress.com
Thanks for visiting. For queries and suggestions, emails are welcome at learnweb@hostingcolumn.com.
Subscribe to Hosting Column for latest updates and posts.