.htaccess Tutorial
This tutorial will demonstrate how to use .htaccess files to perform several basic Apache and PHP configurations at the directory level. This tutorial makes the following assumptions:
- You are using Apache as your webserver.
- Your web host has enabled .htaccess override for your account.
- For the PHP configuration, you must be running PHP as an Apache module.
If you're not sure about whether these statements are true, check with your web host's technical support department.
There several types of configuration that can be performed using a .htaccess file. These include authorization, redirects, changing the index file name, displaying custom error pages, and changing PHP configuration settings.
To perform such configuration, simply create a file named .htaccess (the dot in front is required) in the folder where you would like the settings to be applied. Any settings you configure for this directory will also be applied recursively to all of its sub directories. Note that some FTP clients may be configured to hide files that start with a dot. If this is the case, you may need to reconfigure your FTP client to display these files.
Changing the index file name
The index file is the file that gets displayed automatically when a user browses to a directory. Historically, the index file is called index.html or index.htm. On a PHP powered site, you may want your index file to be named index.php. This can be accomplished by putting the following line in your .htaccess file:
DirectoryIndex index.php index.html
The directive above instructs Apache to use index.php as the index file if it exists, otherwise it should look for a file named index.html. If neither file exists in the requested directory, the user will usually get a directory listing.
Using a custom error page
Everyone at one point or another encounters the dreaded "HTTP 404 - File Not Found" error message. Perhaps the user followed a broken link, or mistyped the URL of the page they were looking for. The default error page is usually quite ugly. However, it is possible to use a custom error page for this or any other HTTP error. This can be done by placing the line below in your .htaccess file:
ErrorDocument 404 https://www.mysite.com/404.html
Replace "https://www.mysite.com/404.html" with the URL for the page you want the user to see when they request a missing file.
It is important that your custom "file not found" page returns the HTTP 404 status code, otherwise your site could be penalized by the search engines. You can do this by adding the following PHP code at the top of your 404 page.
<?php
header("HTTP/1.0 404 Not Found");
?>
Denying access to a directory
Sometimes, there may be directories on your website that the user shouldn't be able to directly request files from. For example, you may have a directory that stores data files for your scripts, or a set of PHP includes. Placing the lines below in the .htaccess file for that directory will block direct requests for those files:
Order Deny,Allow Deny from all
The first line ensures that the deny directive is evaluated before any allow directives that may have been defined elsewhere in the directory hierarchy.
Redirecting requests
Over time, files on a website may get moved or renamed. Rather than letting the user to see a 404 error message when requesting the old file, you can redirect them to the new file using the following directive:
Redirect permanent /old.php https://www.mysite.com/new.php
The permanent keyword indicates that an HTTP 301 ("resource has moved permanently") status code should be returned to the web browser.
Replace "old.php" with the path to the old file, and "https://www.mysite.com/new.php" with the URL to the new file.
PHP configuration
Lastly, .htaccess files can be used to change PHP settings when running as an Apache module. Such configuration is performed using the php_value and php_flag directives. Use the later when the setting takes a boolean value. For example, to turn off register globals from .htaccess, use the following line:
php_flag register_globals off
The following directive can be used to turn off magic quotes for all PHP scripts in a directory:
php_flag magic_quotes_gpc off
To enable or disable error reporting, use the php_flag directive to set the display_errors flag. Enabling this flag will cause error messages to be displayed in the browser, e.g.:
php_flag display_errors on
To hide error messages from the end user, simply disable the display_errors flag:
php_flag display_errors off