1. Mainpage
  2. Knowledgebase
  3. Configuring .htaccess file

Configuring .htaccess file


In this article, we will explore the fundamental principles of using the .htaccess file, which is crucial for enhancing SEO. This file ensures proper indexing of pages by search engines. We will learn how to manage redirects, configure security, and boost performance. Additionally, we will provide tips on how to configure this file independently.

Why .htaccess is Needed

The .htaccess file acts as a kind of "remote control" for web developers on Apache servers. It offers convenient tools for adjusting various parameters and managing the behavior of a website. When direct access to the server's main configuration files is unavailable (as is often the case with virtual hosting, for example), .htaccess becomes a useful tool for making necessary changes.

Htaccess is often located in the root folder of your site or in those folders where special configuration is needed. For instance, if you use WordPress, configuration can be done through the Yoast SEO plugin, which we discussed in the article on Configuring robots.txt. In other cases, it's enough to go to the required folder and edit the existing .htaccess file, or create it if it hasn't been created yet.

Configuring the .htaccess File

301 Redirect htaccess

A 301 redirect in the .htaccess file can be likened to a permanent redirection on a website. It informs search engines and browsers that the page is now permanently located at a new address and suggests updating bookmarks and indexing. Such redirection is typically used when a page is moved or deleted to preserve its ranking in search results and redirect visitors to the new location.

To activate redirects, you need to enable the corresponding command in the .htaccess file:

RewriteEngine on

After that, you can configure the simplest form of redirection:

<IfModule mod_rewrite.c>
RewriteEngine On
Redirect 301 /old-page.html /new-page.html
</IfModule>

A similar redirect using the RedirectPermanent directive looks like this:

<IfModule mod_rewrite.c>
RewriteEngine On
Redirect permanent /old-page.html http://new-domain.ru/new-page.html
</IfModule>

These are the easiest redirect methods to configure. Let's consider a configuration that uses other, more advanced types of redirections with the mod_rewrite module:

<IfModule mod_rewrite.c>
RewriteEngine On
    
# Redirecting from one page to another
RewriteRule ^old-page.html$ http://www.example.com/new-page.html [R=301,L]

# Redirecting all traffic from one domain to another
RewriteCond %{HTTP_HOST} ^oldsite.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.oldsite.com$
RewriteRule ^(.*)$ http://www.newsite.com/\ [R=301,L]
    
# Redirecting from www to non-www (or vice versa)
RewriteCond %{HTTP_HOST} ^www.example.com$
RewriteRule ^(.*)$ http://example.com/\ [R=301,L]

# Redirecting from HTTP to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.example.com/\ [R=301,L]

# Redirecting from one subdomain to another
RewriteCond %{HTTP_HOST} ^subdomain1.example.com$
RewriteRule ^(.*)$ http://subdomain2.example.com/\ [R=301,L]
</IfModule>

A 302 redirect .htaccess, indicating temporary relocation, is encountered much less frequently. Here's an example of such a setting:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^old-page.html$ /new-page.html [R=302,L]
</IfModule>

Directive ErrorDocument

This setting allows you to control what the user sees when HTTP errors occur on your site. Instead of the standard error message, you can show your own page, which will be more informative for the visitor and help them understand what happened. Simply follow this syntax for use:

ErrorDocument <error_code> <URL_page>

For example,

ErrorDocument 404 /errors/not_found.html

Means that when a 404 error occurs, the page at /errors/not_found.html will be opened. Absolute URLs are specified similarly:

ErrorDocument 500 http://example.com/errors/server_error.html

This example indicates the display of the server_error.html page at http://example.com/errors/ in the event of a 500 error.

Denying Access to a Site Directory

The .htaccess file has the command Deny from all, which helps deny access to certain folders or files on your web server. This can be useful if you want to hide private information or important files from site visitors to ensure data security.

To disable listing (viewing all available directories), you need to add the line:

Options -Indexes

An example of blocking access to a specific directory looks like this:

<Directory /path_to_your_directory>
Order Deny,Allow
Deny from all
</Directory>

Similarly, you can deny access to a single file:

<Files "file.php">
Order Deny,Allow
Deny from all
</Files>

Or for a range of files by extension:

<FilesMatch "\.(txt|log|bak)$"> # Select the desired extensions, in the example: txt, log, bak
Order Deny,Allow
Deny from all
</FilesMatch>

Blocking Access by IP

Blocking access by IP in the .htaccess file is a method that allows you to restrict access to your website for specific IP addresses or their groups. This can be useful if you want to prevent access to your site or its specific parts for certain people or unwanted bots.

Blocking a single IP address is done with the command:

Order Deny,Allow
Allow from all
Deny from 11.22.33.44

Blocking several IP addresses is done similarly by duplicating the "Deny from" line with the required addresses.

For blocking a range of IP addresses:

Order Deny,Allow
Allow from all
Deny from 11.11.11.11/24

To allow access only for specific IPs, add the code:

Order Deny,Allow
Deny from all
Allow from 11.22.33.44

For a complete denial of access, use the directive Deny from all, and for blocking addresses by mask, specify Deny from 11.22.

Where, 11.22 is the IP address mask.

Blocking Visitors by User-Agent

Blocking users by User-Agent in the .htaccess file is a method of controlling who can access your web server based on information about the browser the visitor uses. The User-Agent string contains data about the browser a person uses to interact with your server, and thanks to this information, you can restrict access for certain users.

The most common way to block by User-Agent is to use mod_rewrite:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^Bot1 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot2 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot3 [NC]
RewriteRule ^.*$ - [F,L]
</IfModule>

In this example:

  1. RewriteCond %{HTTP_USER_AGENT} is used to check the User-Agent string.
  2. ^Bot1, ^Bot2, ^Bot3 are examples of User-Agent strings we want to block. The NC modifiers indicate that the comparison should be case-insensitive.
  3. RewriteRule ^.*$ - [F,L] applies to the request if any of the RewriteCond conditions are met. It sends a response with the 403 Forbidden status code (F) and stops processing rules (L).

Caching in htaccess

Configuring caching through the .htaccess file helps speed up your site by making it load faster for users. It works like this: certain files, such as images, CSS styles, and JavaScript scripts, are stored in the user's browser cache after the first load. Now the browser can use these files from the cache, instead of reloading them from the server each time the user visits a page. This reduces loading time and improves site performance.

Consider an example:

# Enable caching for images for 1 month
<FilesMatch "\.(jpg|jpeg|png|gif|svg)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>

# Enable caching for CSS and JavaScript for 1 week
<FilesMatch "\.(css|js)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>

For resources that are frequently updated, on the other hand, it is necessary to disable caching:

# Excluding caching for HTML pages and XML files
<FilesMatch "\.(html|xml)$">
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "0"
</FilesMatch>

Optimizing Site Performance

The mod_deflate and mod_gzip modules in Apache help compress information that the server sends to users' devices. This makes the files smaller in size, which in turn speeds up page loading. However, it's important to remember that support and configuration of these modules may vary depending on your server.

Example of using the mod_deflate module:

<IfModule mod_deflate.c>
# Compressing text file types
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE image/svg+xml
</IfModule>

Example for mod_gzip:

<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$ # Enabling compression for files with extensions .html, .txt, .css, .js, .php, .pl
mod_gzip_item_include mime ^application/x-javascript.* # Enabling compression for MIME types starting with application/x-javascript
mod_gzip_item_include mime ^text/.* # Enabling compression for MIME types starting with text/
mod_gzip_item_exclude mime ^image/.* # Excluding from compression MIME types starting with image/
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* # Excluding already compressed data (responses with the Content-Encoding: gzip header)
</IfModule>

We discussed the most commonly used directives. You can familiarize yourself with all the capabilities of the file in the official documentation.

How to Check the Functionality of the .htaccess File

To check whether your .htaccess file is working on the site, you can perform the following steps:

  1. Intentionally change the .htaccess file with an error. In response, the server should give an error. This method shows whether the file's operation is generally applied on the server.
  2. Check the functionality of specific changes you have made. For example, make a minor adjustment to one of the parameters and assess the presence of changes.
  3. Check the status code of the page if the changes are related to the server's response. How to do this, we previously described in the article HTTP Error Codes: a complete list of server errors.
  4. Refer to the server logs. They display all errors related to the operation of the .htaccess file.
  5. Conduct testing using online services or tools.

It's important to understand that to check the functionality of the .htaccess file, you do not need to perform all the steps at once. It's enough to choose the most suitable method from the list and use it.

Conclusion

Configuring the .htaccess file is an important step in optimizing and protecting your Apache server. We've explored how this file helps manage redirects, compress content, and ensure security. Once you master working with .htaccess, you gain a powerful tool for improving the performance and functionality of websites.

Previous article FTP server setup
Next article How to configure a web server (Apache-PHP-MySQL/MariaDB) on Linux

Ask us about VPS

We are always ready to answer your questions at any time of day or night.
Please, check our Knowledge base, most likely the answer to your question is already there!