.Htaccess Reference

by Scott Allen - February 7, 2007 
Filed Under .htaccess, SEO, URL Rewriting, Website Security

.htaccess is a configuration file used on Apache and other nix servers. It is one of the most configurable and powerful tools for website functionality, security, and search engine optimization. Here is a comprehensive reference.

(Hypertext Access) is the default name of Apache’s directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccess context and the user needs appropriate permissions.

Statements such as the following can be used to configure a server to send out customized documents in response to client errors such as “404: Not Found” or server errors such as “503: Service Unavailable” (see List of HTTP status codes):

ErrorDocument 404 /error-pages/404.html
ErrorDocument 503 /error-pages/503.html

When setting up custom error pages, it is important to remember that these pages may be accessed from various different URLs, so the links in these error documents (including those to images, stylesheets and other documents) must be specified using URLs that are either absolute (e.g., starting with “http://”) or relative to the document root (starting with “/”). Also, the error page for “403: Forbidden” errors must be placed in a directory that is accessible to users who are denied access to other parts of the site. This is typically done by making the directory containing the error pages accessible to everyone by creating another .htaccess file in the /error-pages directory containing these lines:

Order allow,deny
Allow from all


Password protection

Make the user enter a name and password before viewing a directory.

AuthUserFile /home/newuser/www/stash/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Directory"
AuthType Basic
<Limit GET POST>
require user newuser

The same behavior can be applied to specific files inside a directory.

<Files protected_file.php>
AuthUserFile /home/newuser/www/stash/.htpasswd
AuthName "Protected File"
AuthType Basic
Require valid-user

Now run this command to create a new password for the user ‘newuser’.

htpasswd /home/newuser/www/stash/.htpasswd newuser

Next: .htaccess Reference: Part 2

Submit Your Site to Best of the Web!


7 Responses to “.Htaccess Reference”

  1. .Htaccess IP Banning - Block Bad Visitors | WebGeek on December 21st, 2006 2:00 pm

    […] have nuisance visitors, site scrapers, or spammers, you may want to add some lines of code to your .htaccess file that will block bad visitors by IP address or by blocks of IP addresses. You want to […]

  2. User-Agents: Cloak and Dagger for Web Sites - Part 2 | WebGeek on February 18th, 2007 4:00 pm

    […] sending scraper bots to steal your data and use in their spammy sites? Then you need to use your .htaccess file to block bad visitors. Place the following lines into the beginning of your .htaccess […]

  3. Jeff on April 22nd, 2007 5:35 pm

    Thank you for posting this information. Do you happen to know the reason Wikipedia decided to remove it?
    Excellent site, by the way.
    Thanks again,

  4. Scott Allen on April 22nd, 2007 10:12 pm

    Hey Jeff,
    You’re very welcome. As far as I know they removed it because they felt that Wikipedia “wasn’t intended to be a manual”. I think that’s a lame reason because it was a strong article and a real asset to the internet community. Thanks! BTW, your page is a great resource on the topic as well!
    – Scott

  5. Suppress PHP Errors | WebGeek on October 30th, 2007 8:04 am

    […] web hosts will have the server configured out of the box to let you use PHP flags in your .htaccess file. To do so, simply add a line near the beginning of your […]

  6. Website Security: Hackers, Botnets, and LIBWWW-PERL | WebGeek on November 6th, 2007 6:09 pm

    […] the following is not already in your .htaccess file, then insert it near the […]

  7. Improve Site Security and SEO with One Line of Code | WebGeek on January 16th, 2008 6:53 pm

    […] solution is, to turn of Directory Indexes in your .htaccess file. (If you’re not familiar, .htaccess is a configuration file for Apache servers that goes in the public root folder of your […]

Leave a Reply
If you have any questions about commenting, please see our Comment Policy.