How to create and use .htaccess file? Common usage and risks
.htaccess (hypertext access) is a a directory-level configuration file in several web servers.This is most common in Apache Web Server. .htaccess file allows for decentralized management of web server configuration.
The directives in the .htaccess file apply to the current directory, and to all sub-directories. .htaccess files are read on every request.Changes made in these files will have immediate effect as opposed to the main configuration file. The changes to the web server’s main configuration files requires the server to be restarted for the new settings to take effect.
How do we create and edit .htaccess file?
The .htaccess will be present in the root of your web application,normally under httpdocs.If the file is not present there you can create a new file. You can use any text editor like notepad. You enter the appropriate code into a text editor and click on “Save As“. All you need to do is to save the file by entering the name as “.htaccess“. This will create the file .htaccess. .htaccess is the file extension.
Upload the file to server. make sure that you upload .htaccess files in ASCII mode.Thats all.
As mentioned above the directives in the .htaccess file apply to the current directory, and to all sub-directories.
What you can do with .htaccess file?
You can specify your own ErrorDocuments for error codes like 404 and 500.
One thing to remember here is that you should not specify error documents for all types of http response codes. For example if you specify an ErrorDocument for code 200 OK it might cause an infinite loop.
Read more about specifying the error document here:How to specify your own ErrorDocuments using .htaccess file?
- Authorization, authentication
Another common use of .htaccess files is to specify the security restrictions for the particular directory.(That is the reason behind the name “access”) The .htaccess file is has associated .htpasswd file which stores valid user-names and their passwords.
- Cache Control
The .htaccess files allow a server to control caching by web browsers and proxies to reduce bandwidth usage.
This is one of the optimization technique for websites.
- Preventing directory listing
You can disallow directory browsing by adding restriction in the .htaccess file.
- MIME types
By adding instructions in the .htaccess file server can handle varying file types.
Security issues when handling .htaccess file
Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.You may need to CHMOD the htaccess file to 644 (RW-R–R–).
This prevents .htaccess file from being read by a browser but makes the file usable by the server.It is not advisable to give more rights which can seriously compromise your website security.
- 7 steps to Speed up website loading – Website Optimization Tips -Part 1
- Check website/ web page for css/script Gzip/ Deflate compression – Optimization Tips -Part 3