Comprehensive guide to .htaccess – Apache web server

August 8, 2008 25 Comments

The Apache web server has a number of configuration options that are available to the server administrator. In a shared hosting environment, you don’t have access to the main Apache configuration so you’re stuck with the default configuration. However, it is possible to override some of the default settings by creating (or editing) a file named .htaccess.

The .htaccess is a simple ASCII text file placed in your www directory or in a subdirectory of your www directory. You can create or edit this file in any text editor (such as NotePad) and then upload it to the directory for which you want to modify the settings. Be sure that the file is uploaded in ASCII (not BINARY) format, and be sure that the file permissions for the file are set to 644 (rw-r–r–). This allows the server to access the file, but prevents visitors from accessing the file through their web browser (a security risk.)

Commands in the .htaccess file affect the directory that it’s placed in and all subdirectories. If you place the .htaccess file in your www directory, it will affect your entire web site. If you place it in a subdirectory of your www directory, it will affect only that directory plus and subdirectories of that directory.

Most .htaccess commands are designed to be placed on one line. If your text editor wraps lines automatically, you should disable that function before saving and uploading your file. Also, note that .htaccess commands are case-sensitive.

Please note that we do not technically support overriding the default server settings. The information presented here may work and it may not, or it may work today and not tomorrow. Use it at your own risk.

Some of the things you can do with .htaccess include:

Customize Error Messages

If you want to override the server’s error pages, you can use .htaccess to define your own messages. This capability is discussed in the Custom Error Messages section of the manual. An example of the syntax is:

ErrorDocument 500 /error.html

Override SSI Settings

By default, only pages ending in the .shtml extension will parse server-side includes (SSI) on our servers. You can override this restriction in your .htaccess file:

If you want to override the default server configuration so that SSI will work with .html documents, you can create a file named .htaccess and upload it (in ASCII mode) to your main www directory. Add the following lines to your .htaccess file:

AddType text/html .html
AddHandler server-parsed .html

If you want both .html and .htm documents to parse SSI, create your .htaccess file with these lines:

AddType text/html .html
AddHandler server-parsed .html
AddHandler server-parsed .htm

Change Your Default Home Page

In order to browse your site by specifying the domain name only (e.g., http://www.hostingmanual.net) instead of having to specify an exact page filename (e.g., http://www.hostingmanual.net/filename.html), you must have an index page in your www directory. Default acceptable file names for index pages include index.htm,index.html,index.cgi,index.shtml, index.php, etc. Note that they’re all named index.*.

There is also a default order of precedence for these names. So if you have both a file named index.cgi and a file named index.html in your directory, the server will display index.cgi because that name takes a higher precedence than index.html.

Using .htaccess, you can define additional index filenames and/or change the order of precedence. To define your index page as hieronymous.html add the following line to your .htaccess file:

DirectoryIndex hieronymous.html

This will cause the server to look for a file named hieronymous.html. If it finds that file, it will display it. If it does not find that file, it will return a 404 Missing Page error.

To change the order of precedence, enter a DirectoryIndex command with multiple file names on the same line. The order in which the file names are listed (from left to right) determines the order of precedence. For example,

DirectoryIndex hieronymous.html index.cgi index.php index.html

Enable Directory Browsing

Due to security concerns we have removed the default setting that allowed directory indexing. This is the option that allows the contents of a directory to be displayed in the browser when the directory does not contain an index page.

For example, if you make an http call to a directory such as http://yourdomain.com/images/, it would list all the images in that directory without the need for an html page with links.

If you require this option on specific directories it is still available. You can reactivate it by adding the following line to your .htaccess file:

Options +Indexes

Once this is added, the directory will fully index again.

Block Users from Accessing Your Web Site

If you want to deny access to a particular individual, and you know the IP address or domain name that the individual uses to connect to the Internet, you can use .htaccess to block that individual from your web site.


order deny,allow
deny from 123.456.789.000
deny from 456.78.90.
deny from .aol.com
allow from all

In the example above, a user from the exact IP number 123.456.789.000 would be blocked; all users within a range of IP numbers from 456.78.90.000 to 456.78.90.999 would be blocked; and all users connecting from America Online (aol.com) would be blocked. When they attempted to browse your web site, they would be presented with the 403 Forbidden (“You do not have permission to access this site”) error.

Redirect Visitors to a New Page or Directory

Let’s say you re-do your entire web site, renaming pages and directories. Visitors to the old pages will receive the 404 File Not Found error. You can solve this problem by redirecting calls to an old page to the new page. For example, if your old page was named oldpage.html and that page has been replaced by newpage.html, add this line to your .htaccess file:
Redirect permanent /oldpage.html http://www.mydomain.com/newpage.html

Of course, you want to replace mydomain.com with your actual domain name. Now, when the visitor types in http://www.mydomain.com/myoldpage.html, they will be automatically redirected to http://www.mydomain.com/mynewpage.html.

If you’ve renamed a directory, you can use one redirect line to affect all pages within the directory:
Redirect permanent /olddirectory http://www.mydomain.com/newdirectory/

Note that the old page or directory is specified using the system path relative to your www directory, while the new page or directory is specified by the absolute URL.

Prevent Hot Linking and Bandwidth Leeching

What if another web site owner is stealing your images and your bandwidth by linking directly to your image files from his/her web site? You can prevent this by adding this to your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ – [F]

Replace mydomain.com with your actual domain name. With this code in place, your images will only display when the visitor is browsing http://mydomain.com. Images linked from other domains will appear as broken images.

If you’re feeling particularly nasty, you can even provide an alternative image to display on the hot linked pages — for example, an image that says “Stealing is Bad … visit http://mydomain.com to see the real picture that belongs here.” Use this code to accomplish that:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.mydomain.com/dontsteal.gif [R,L]

This time, replace mydomain.com with your domain name, and replace dontsteal.gif with the file name of the image you’ve created to discourage hot linking.

Prevent viewing of .htaccess or other files

To prevent visitors from seeing the contents of your .htaccess file, place the following code in the file:


order allow,deny
deny from all

If you want to prevent visitors from seeing another file, just substitute that file’s name for .htaccess in the Files specification.

Eliminate Code Red and NIMDA Virus Attacks from your Access Log

The following suggestion was provided by a customer:

For the last few months my logs have been filling up with Nimda and Code Red failed attacks … placing the below redirects in my .htacess appears to have eliminated the logging problem without affecting my personalized error redirecting scripts. I just thought others may find this handy.

redirect /scripts http://www.stoptheviruscold.invalid
redirect /MSADC http://www.stoptheviruscold.invalid
redirect /c http://www.stoptheviruscold.invalid
redirect /d http://www.stoptheviruscold.invalid
redirect /_mem_bin http://stoptheviruscold.invalid
redirect /msadc http://stoptheviruscold.invalid
RedirectMatch (.*)\cmd.exe$ http://stoptheviruscold.invalid$1

Tags: , Software, TelePhone, Tips

25 Responses to “Comprehensive guide to .htaccess – Apache web server”

  1. 1
    shopping Says:

    Online shopping is rapidly becoming the first choice of people in the world for modernized or traditional shopping. Gradually, online shopping is being accepted as the new and fashionable way of shopping. It is becoming popular because people have many other things to do in their busy life and shopping online saves time in numerous ways.

  2. 2
    Cyndi Less Says:

    Awesome advice here! I plan to come back soon!

  3. 3
    bessey clamp pads Says:

    The new K Body REVO clamp range from BESSEY offers some 30% more clamping force, and newly-designed pressure caps and work-piece contact elements also protect the work-piece exceptionally well. The Vario K Body REVO clamp enables the head to be adjusted at the press of a button. The new K Body REVO clamp from BESSEY achieves a powerful 7,000 N clamping force – some 2,000 N more than usual. In addition, the jaw face has been increased by 30%.

  4. 4
    teeth whitening at home Says:

    This site just made my week! I had been searching close to for details on this. I’m glad now that I ran across this webpage. Woohoo!

  5. 5
    teeth whitening at home Says:

    Greetings, You write some excellent blogs. I check back here usually to find out in case you have kept up to date. I notion you’ll be able to need to know, as soon as I click your RSS feed it re-directs me to another website.

  6. 6
    Andrew Pelt Says:

    My friend has recommended me to this site and I just want to thank you for providing such useful information. Thank you. If you would like to learn more about webhosting, visit the following website at: http://www.mosotechnology.com

  7. 7
    aion eng Says:

    Usually I do not post on blogs, but I would like to say that this article really forced me to do so! Thanks, really nice article.

  8. 8
    low rate mortgages Says:

    It’s the first time I have heard that in Macedonia, obits are an unusual observe. You have wonderfully written the post. I have liked your way of writing this. Thanks for sharing this.

  9. 9
    how to lose upper stomach fat Says:

    Such a well written post.. Thnkx for sharing this post!

  10. 10
    Bok Nolet Says:

    Lawl I just noticed, you have the same name as I do. We both think the same way. Anyway, I’ve been coming by your Blog lately especially when I’m bored and have nothing to do .

  11. 11
    Alonzo Silletto Says:

    This article is a part of universe. I love universe. Ever since I was little. Nice post .

  12. 12
    Kira Swilley Says:

    Great information! I’ve been looking for something like this for a while now. Thanks!

  13. 13
    gold guide wow 600g an hour Says:

    Such a well written post.. Thnkx for sharing this post!

  14. 14
    insanity dvd Says:

    A great method to shed fat is following a excellent fitness routine and a sensible diet plan. It’s that easy.

  15. 15
    traffic Says:

    Incredible publish which has received me considering in regards to the possible of the idea. Definitely genuinely incredible.

  16. 16
    auto Says:

    hey. I just found tremendous site and I should certainly mention that this unique is a great article post on the blog. Thx pertaining to this excellent important info.

  17. 17
    farmville secrets free Says:

    This site is a walk-through for all the information you wanted about this and didn’t know who to ask. Look here, and you’ll definitely find it.

  18. 18
    evony exploits Says:

    Hi buddy, your blog’s design is simple and clean and i like it. Your blog posts are superb. Please keep them coming. Greets!!!

  19. 19
    aqha ibha Says:

    It’s the first time I have heard that in Macedonia, obits are an unusual observe. You have wonderfully written the post. I have liked your way of writing this. Thanks for sharing this.

  20. 20
    cook lobster Says:

    This site is a walk-through for all the information you wanted about this and didn’t know who to ask. Look here, and you’ll definitely find it.

  21. 21
    how to use your existing mafia wars account on iphone Says:

    Dear admin, thnx for sharing this blog post. I found it wonderful. Best regards, Victoria…

  22. 22
    how to get girlfriends Says:

    Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.

  23. 23
    sister of the groom speech Says:

    Such a well written post.. Thnkx for sharing this post!

  24. 24
    Valarie Shabel Says:

    Think about this again although if you are seriously considering you should read that.

  25. 25
    Stop Sweating Says:

    my God, i thought you were going to chip in with some decisive insght at real end there, not leave it with ‘we leave it to you to decide’.

Leave a Reply

Powered by WP Hashcash

World Trade Center Building 7 was NOT hit by an aircraft.

9/11 Controlled Demolitions of September 11, 2001 World Trade Center Building 7 was NOT hit by an aircraft. This...

HAPPY DIWALI AND NEW YEAR, CELEBRATE Diwali

HAPPY DIWALI AND NEW YEAR TO U *. * . * . * . * . * . *...

Dipawali 2009 pooja time, Diwali Muhurats 2009, Auspicious time forLakshmi Puja

Diwali Pooja Muhurats, Auspicious time, Shubh Samay in 2009 Pushya Nakshatra October 12, 2009 is the ‘Pushya Nakshatra’ which...

Diwali sms, Free Diwali sms, Happy Diwali sms, Free Send Diwali sms

Diwali sms Diwali aai, masti chahi, rangi rangoli, Diwali aai, masti chahi, rangi rangoli, deep jalaye, Dhoom Dhadaka, chhoda...

Munna bhai Free SMS, Mobile Text Messages, Tapoti Style Akdom Zakasss

Tera bahot memory aa rela tha,Itna tem ho gela hai,tere ko dekha bhi nai,Akha life mei tere jesa 1...

Find Popular Searches in the web solutions Development Outsourcing

cheap internet marketing web design birmingham website hosting website submission ecommerce web hosting content management systems strategic internet marketing...

Some easy steps you can take to tackle a flu / swine flu virus of any kind

It is essential to remember that all kinds of viruses and bacteria can attack you when your immune system...

Mobile Phone Etiquettes – all good things should be enjoyed responsibly

We all love our mobiles… we talk, we text, we listen to music and we stay in touch.Can we...

Adsense Alternatives – available to webmasters wishing to monetize the web

Here are the Adsense Alternatives that are available to webmasters wishing to monetize the web! Adbrite AdEngage Adgenta Adhearus...

Worldwide Mobile Operator MMSC Settings – For receiving and sending MMS

Worldwide Mobile Operator MMSC Settings Setting For receiving and sending MMS From your mobile phone or GSM Modem [Albania...