What is an htaccess file?
This is a special file (starting with a dot) in which you can add specific directives such as :
- Performing redirections,
- Add entries for the cache,
- Create address rewriting rules,
- Modify PHP settings on your account,
- Perform an authentication (with the
.htpasswd), - Modify PHP properties (if PHP is executed in Apache module),
- Manage access (restrict, block totally..., for IP addresses, force the use of identifiers...) to a file and/or folder, to a URL,
- And many other features that we will not mention in this article which aims at an advanced and not expert use of the htaccess file.
The file .htaccess only changes the behavior of the directory (and subdirectories) where it is located, it is possible to put a file in a subdirectory that overrides or sets different rules than the one in the parent directory.
This configuration file of Apache, allows to define rules for directories of the web site. It is generally used to set up :
- access rights
- redirections
- personalized error messages
In this article we present some guidelines to help our subscribers understand the mechanism of this file.
Note that this help link is not a reference for expert use of htaccess.
Call a custom error page
First, you can block or allow access to your website for specific IP addresses and/or domains.
To do this, you must first create a .htaccess in the root folder of your website (/www/monsite/ for example) and add the following directives:
Blocking by IP address
order allow,deny Deny from 88.55.44.22
Deny from 44.62.53.21
Blocking by domain
Deny from yourdomain.com
Deny from sondomaine.fr
Authorize IPs
order allow,deny
Allow from 88.55.44.22
Allow from 44.62.53.21
Authorize a domain
order allow,deny
Allow from mondomaine.com
Allow from sondomaine.net
Authorize and block
order allow,deny
Allow from 88.55.44.22
Allow from 44.62.53.21
Allow from mondomaine.com
Allow from tondomaine.net
Deny from 77.56.44.22
Deny from 55.26.53.25
Deny from yourdomain.com
Deny from sondomaine.fr
If there is already an .htaccess file in your website folder, then add these directives to the existing file.
Prevent directory listing
First of all, add the following line to an .htaccess file in the directory in question: You must add lines of this type to an .htaccess file:
Options -Indexes
Forbidding a directory to everyone
First, enter this line in the .htaccess file of the directory in question:
deny from all
Create a secure authentication
In order to set up secure authentication to access a directory, please follow these steps first:
- First, generate a encrypted password
- Secondly, copy the login/password pair obtained in a file named .htpasswd
- Lastly, create an .htaccess file in the directory to be protected and write the following content in it (to be adapted according to your needs):
AuthName "Authentication required
AuthType Basic
AuthUserFile " /home/usersX/x/xxx/www/secret_directory/.htpasswd "
Require valid-user
Explanation:
- AuthName Set the text that will be displayed in the authentication window.
- AuthUserFile : contains the path to the file .htpasswd. Please note that you have to enter the absolute path to the file.
Redirect http to https
First of all, indicate the following lines at the beginning of your site's .htaccess file so that the http flow is automatically redirected to https :
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
or even
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Then contact your webmaster before adding this redirection if you use a CMS (WordPress, Drupal, Joomla, other) that will avoid creating loops of redirections that jeopardize the proper functioning of your website.
English 
Français 
Español