10 .htaccess tricks that everyone should know.
With the help of the configuration file .htaccess, webmasters using NCSA-compatible web servers like Apache HTTP Server are able to set up directory-related rules. This allows webmasters to control which users have access or to make the web site behave differently due to the input of the client viewing the site.
Configuring servers with .htaccess hacks
.htaccess files allow authorized users to quickly and easily influence the configuration of a web server. HTTP authentication makes it possible to protect entire directories from unauthorized access. Error pages or automatic transfers can also be set up with this process. There is a wide range of different .htaccess tips and tricks, and we have compiled 10 of the most useful ones for you below:
1. Alternative error pages
Default web servers display standard HTML files or hard-coded messages if an error occurs when a page is accessed. Such error reports are neither particularly helpful nor aesthetically pleasing. .htaccess enables users to feed in pages or messages that refer users to alternative content. Here are the statements used to integrate custom error reports:
#individual error reports at local storage
locatioErrorDocument 404/directorypath/404.html
When error pages are located on an external URL or above the root directory of a website, it is possible to enter the entire URL into the .htaccess. The .htaccess file must be located in the root directory in the former case, however.
#individual error report external storage location
ErrorDocument 404 www.domain.tld/directorypath/404.html
2. Forwarding
Forwarding and redirects comprise some of the main uses of .htaccess files. Requests can be forwarded to another domain or individual file of a website, or can be redirected within a given site. Once saved in the root directory, the following code ensures that requests headed for the original server domain are rerouted to the new one:
#single forwarding
Redirect / http://www.new-domain.tld/
Using the same method, individual files can also be transferred within a website in the case that a site’s name is changed:
#forwarding individual documents
Redirect /old-page.html new-page.html
3. Restricted areas
Those wishing to forego the need of composing extensive log-in scripts with PHP, yet still require a protected directory or file on their server can use .htaccess tricks to set up restricted areas. This type of password protection requires a second file called “.htpasswd”. Relevant passwords are stored here, and may only be entered into Unix systems when encrypted. To this end there are many different .htpasswd generators available online. Protected directories can be set up by executing the following commands:
# basic password protection with .htaccess
AuthType Basic
AuthName "restricted area"
AuthUserFile /<absolute path to password file>/.htpasswd
AuthPGAuthoritative Off
require user User1 User2 User3
The .htpasswd is then created with the users, including their encrypted passwords.
# .htpasswd file for usernames and passwords
User1:duCmo1zxkKx6Y
User2:mou3IYjSLpGWI
User3:HGKS9XzDXXAXQ
While the .htpasswd files should ideally be placed in the root directory, the .htaccess needs to be in the directory that is to be protected.
4. Increasing PHP memory limits
PHP applications are constrained by a defined memory limit. This limit determines the maximum amount of working memory that PHP scripts are allowed to cumulatively take up. The following command in the .htaccess increases this limit as necessary.
# PHP Memory Limit
php_value memory_limit 128M
The value “128M” stands for the limit of 128 megabytes in this case. Depending on memory and server requirements, other limits can also be established.
5. Changing the time zone of a server
If the server is running in the wrong time zone, the following entry allows the proper adaption to take place in the .htaccess:
# set time zone
SetEnv TZ US America/Chicago
6. Block IP addresses
It’s possible to prevent certain IP addresses or ranges from accessing websites. The right entry can suspend all IP addresses and grant access only to certain addresses. Doing this can make websites available exclusively for the employees of proprietary intranets, for example. The following command is a summary of some of the possible access restrictions:
# File for adjusting IP ranges
Order deny,allow
Deny from .aol.com
Deny from 192.168
Allow from 192.168.220.102
The entry “Order” establishes the interpretation sequence of the registered entries; these can be entered in any order. The ensuing entries communicate to the server that all users with .aol.com and numeric IP addresses in the range of 192.168 are barred from using the site. An exception is made with the IP 192.168.220.102.
7. Redirecting a web presence from HTTP to HTTPS
Those using SSL certificates for their domain have the possibility of redirecting the domain to the encrypted HTTPS with the following command:
# activate HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{HTTP_HOST} ^yourdomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.yourdomain\.com$
RewriteRule ^/?$ "https\:\/\/yourdomain\.com\/" [R=301,L]
8. Activating file access through the browser
The following command enables the directory content to be shown in browsers and to be downloaded by users:
# show directory content
Options +Indexes
9. Prohibiting pictures from being hotlinked
Hotlinking allows a third person to link media to their website (especially pictures) that are saved on a different host. Doing this increases the data volume for the actual owner. The following command allows users to prohibit certain file types on their own website form being linked:
# prohibit hotlinking
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://your-webhosting-domain/.*$ [NC] [OR]
RewriteCond %{HTTP_REFERER} !^http://www.your-webhosting-domain/.*$ [NC] [OR]
RewriteRule .*\.(gif|GIF|jpg|JPG|bmp|BMP|wav|mp3|wmv|avi|mpeg)$ - [F]
10. Specify charset information for documents
Without a proper charset, incorporating different accents or other characters is not possible. This can be particularly frustrating for those wishing to work in languages other than English. A .htaccess file is able to determine precisely which character coding should be employed for particular types of documents. This command makes it possible to encode all documents with UTF-8:
#specify character coding
AddDefaultCharset utf-8
Use the following commands in case only specific documents are to be coded:
#specify character coding for certain files
AddDefaultCharset utf-8 .css .htm .html .xhtml .php
.htaccess tricks: practical and easy to use
The aforementioned tips and tricks are only but a small preview of the wide range of functions that .htaccess files can be applied to when configuring servers. The server follows all the commands immediately, and no restart is necessary
