Wat je moet weten over HTACCESS

.htaccess is a configuration file used on web server. The .htaccess file is placed in a directory which is in turn ‘loaded via the Apache Web Server’, then the .htaccess file is detected and executed by the Apache Web Server.The .htaccess file can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. Here is going to demonstrate the thirteen most useful features of .htaccess.

1) Create custom error page

Custom error pages give your website an professional look and catch those visitors who reach your website following a back link. And this can be accomplish by simply editing .htaccess file.

Code Description
301 Moved Permanently ErrorDocument 301 /error/301.php
302 Moved Temporarily ErrorDocument 302 /error/302.php
400 Bad Request ErrorDocument 400 /error/400.php
401 Unauthorized ErrorDocument 401 /error/401.php
403 Forbidden ErrorDocument 403 /error/403.php
404 Not Found ErrorDocument 404 /error/404.php
408 Request Time-Out ErrorDocument 408 /error/408.php
500 Server Error ErrorDocument 500 /error/500.php
502 Bad Gateway ErrorDocument 502 /error/502.php
503 Out of Resources ErrorDocument 503 /error/503.php
504 Gateway Time-Out ErrorDocument 504 /error/504.php

2) Set Timezone on Web Server

SetEnv TZ America/Houston

3)Block IPs Using htaccessallow from all

Sometime you may want to allow certain IPs to accessing your site or a directory. Some of those may think of implement at application level; however, it can be easily be implemented by using .htaccess.

allow from all

deny from

deny from 124.15

For those visitor coming from the IP address, they will get a 403 error. If you have configurated with your custom error page of 403, then they will be redirect to your destinated error page.

4) SEO Friendly permanent redirect

If you need to change the URL of a page and show it in search engine result, 301 permanent redirect is recommended to use.

And 301 redirect re useful in the following suitations:

  • You website moved to a new domain, and you want to make seamless transition.
  • Visitor access your site from different URLs. For example, your home page can be access in multiple ways. Such as: http://domain-a.tk or http://www.domain-a.tk or http://blog.domain-a.tk or http://www.blog.domain-a.tk . And you can choose a URL as your prefered URL, and implment 301 permanent redirect other URLs traffic to your preferred URL.
  • Perviously, you have published some articles or pages. However, they are removed. And you can use 301 redirect those expired link to your preferred destination.

Implment 301 Permanent redirect is simple.

5) Hotlinking protection

Anyone can hot link your images and publish on there website for any purpose, however, it will consume a lot of brandwidth of your server. And we can prevent it by implementing hotlink protection in .htaccess. Here is the example code to implement it.

Options +FollowSymlinks

# Protect Hotlinking

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www.)?domainname.com/ [nc]

RewriteRule .*.(gif|jpg|png)$ http://domainname.com/img/hotlink_f_o.png [nc]

6) Block request from user agent

Web server is highly vulnerability to various kind of attack. By using .htacces, it can block all of unwanted user agents that keep loading your server.

## .htaccess Code :: BEGIN

## Block Bad Bots by user-Agent

SetEnvIfNoCase user-Agent ^FrontPage [NC,OR]

SetEnvIfNoCase user-Agent ^Java.* [NC,OR]

SetEnvIfNoCase user-Agent ^Microsoft.URL [NC,OR]

SetEnvIfNoCase user-Agent ^MSFrontPage [NC,OR]

SetEnvIfNoCase user-Agent ^Offline.Explorer [NC,OR]

SetEnvIfNoCase user-Agent ^[Ww]eb[Bb]andit [NC,OR]

SetEnvIfNoCase user-Agent ^Zeus [NC]


Order Allow,Deny

Allow from all

Deny from env=bad_bot


## .htaccess Code :: END

7) Don’t want to display download request

A lot of time, when you try to download file from web server. You would get a request asking whether you want to save the file or open it. To avoid this, you can implement the following code on your .htaccess file.

AddType application/octet-stream .pdf

AddType application/octet-stream .zip

AddType application/octet-stream .mov

8)Block access to your .htaccess file

Until now, you understand the power of .htaccess file. Due to security reason, you do not want you .htaccess file to be accessible by public. By adding following code to your .htaccess file, it will prevent any unauthorized attempts to access your .htaccess file. Any unauthorized access would return 403 error.

# secure htaccess file

<Files .htaccess>

 order allow,deny

 deny from all


9) Password protect your directories and files

In your web server, some of the directory or files may want to be accessible by authorized person only. Expect from blocking from IP address, you can password protect it. The following example shows a example to password protection for a single file and a entire directory.

# to protect a file

<Files secure.php>

AuthType Basic

AuthName “Prompt”

AuthUserFile /home/path/.htpasswd

Require valid-user


# password-protect a directory


AuthType basic

AuthName “This directory is protected”

AuthUserFile /home/path/.htpasswd

AuthGroupFile /dev/null

Require valid-user

10) Prevent unauthorized access to your PHP includes files

In PHP development, you would sepeate the DB connection settings in a seperate PHP file and include it when needed. Due to security reason, you do not wish any unauthorized access to these files. And htaccess can protect it by adopting following code.

## Enable Mod Rewrite, this is only required once in each .htaccess file

RewriteEngine On

RewriteBase /

## Test for access to includes directory

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\\ /includes/ .*$ [NC]

## Test that file requested has php extension

RewriteCond %{REQUEST_FILENAME} ^.+\\.php$

## Forbid Access

RewriteRule .* – [F,NS,L]

The /includes/ is the includes directory.

11) Prevent access to php.ini

If you run the risk of someone accessing your php.ini or php.cgi files directly through their browsers, you can limit access to them using .htaccess.

To enable this, create a .htaccess file following the main instructions and guidance, and include the following text:

<FilesMatch “^php5?\\.(ini|cgi)$”>

Order Deny,Allow

Deny from All

Allow from env=REDIRECT_STATUS


12) Enable SSI

SSI represent “Server Side Includes” and these are special HTML tags which enable your HTML documents to call other HTML content. And this is very useful in many suitation. For example: include a navigation menu in your HTML documents. It allows you to use one document to display the navigation menu in all your other documents. This saves disk space and means if you need to update the content, you only need to modify one file.

<!–#include virtual=”/files/document.html”–>

This example would call the HTML document ‘document.html’ which is located in the ‘files’ directory. It is important to use a relative URL, not a path or full URL.

It is likely SSI will work on your web server, but you will probably need to use ‘.shtml’ file extensions rather than ‘.html’. This can be frustrating if you already have a web site setup which uses ‘.html’ extensions. In this case, you can enable SSI by following the instructions below.

To enable SSI, create a .htaccess file following the main instructions and guidance which includes the following text:

AddHandler server-parsed .html

The above lines tell the Apache Web Server to allow server side includes in documents with the file extension ‘.html’.

To enable SSI for multiple file extensions, create a .htaccess file following the main instructions and guidance which includes the following text:

AddHandler server-parsed .html

AddHandler server-parsed .shtml

AddHandler server-parsed .htm

The above lines tell the Apache Web Server to allow server side includes in documents with the file extension ‘.html’, ‘.shtml’ and ‘.htm’.

13) Prevent access to unauthorized browsing

Protecting specific directory browsing can be done by intructing the server to serve a Forbidden and Authorization required message while anyone requests to view that particular directory. Usually if you site doesn’t have a default index page any files within that directory is accessible to the visitors. To avoid that use the following code in the .htaccess file.

# disable directory browsing

Options All -Indexes

Geef een reactie