9+ htaccess Uses & Snippets · Designed by a Turtle

Htaccess files are a hidden type of file used on Apache (usually Linux based) for configuring certain aspects of the server. For more information on what they are read the Wikipedia article. Htaccess files can be (and are) used for a wide range of things, some of which will be covered in this article, as we will work though some of my favourite.

We’ll start with a few simple ones:

1. Redirect#

Almost essential, although there are different methods to redirect, htaccess is one of the most basic, reliable and seamless. With htaccess redirects, there are also different http codes for different redirects but we’ll be using the standard 301 ‘Moved Permanently’ in the examples.

Basic Example:

Redirect 301 /oldindex.htm http://www.example.co.uk/newindex.htm

Change File Extensions (from .htm to .php):

RedirectMatch 301 (.*).htm$ http://www.example.co.uk$1.php

Remove www in site domain:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.example.co.uk$ [NC]
RewriteRule ^(.*)$ http://example.co.uk/$1 [L,R=301]

2. Folder Browsing#

Depending of whether you are primarily using your web server just to show your website, or if you want to allow your user to browse files within your directory – you can choose to block or allow this with your htaccess file.

Disable Folder Access:

Options -Indexes

Enable Folder Access:

Options +Indexes

3. Error Pages#

A must mention when talking about htaccess files, they can also handle what to do then a web page is missing or when any other such error occurs. These also abide to the HTTP status codes.

‘Not Found’ Error Page

ErrorDocument 404 /error404.php

‘Forbidden’ Error Page

ErrorDocument 403 /error403.php

4. Set Default Charset & Language#

The character set and language of the content being displayed can be set through the htaccess file, though it is usually enough to set it within the html&.

AddDefaultCharset UTF-8
DefaultLanguage en-GB

5. Set Timezone#

Although the server’s timezone can be set through PHP or in the php.ini file, sometime it is easier to set within the htaccess file, so follows:

SetEnv TZ Europe/London

6. Password Protection#

This was actually my initial reason for getting into htaccess files. The ability to password protect files and folders on your server for a few simple lines can be very handy indeed. Also, there is a simple tool available to help you generate the code to do this.

Password Protect this Folder:

AuthType basic
AuthName "This Folder is Protected"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user

7. Refuse Access to .htaccess File#

Just to add an extra bit of security onto your htaccess file, you can deny any visitors access to the htaccess file. Your htaccess file should have 644 permissions anyway – which should be enough but just in case.

<files .htaccess>
 order allow,deny
 deny from all
</files>

8. Automatically CHMOD#

Useful for when site maintainers don’t pay attention, but security is important. Files can be automatically given correct permissions.

chmod .htpasswd files 640
chmod .htaccess files 644
chmod php files 600

9. Limit Upload Size#

If your website happens to allow its users to upload things, normally images, then not capping a maximum size can be a security risk, making your site liable to DOS attacks. The size is written in terms of bytes, so a converter might be useful. The example set the maximum upload size to 12Mb.

LimitRequestBody 12582912

Conclusion#

There are some great resources available out there, it is definitely worth checking out the HTML5 Boilerplate .htaccess file and an in depth article on them by Perishable Press. I also came across a useful website related just to htaccess redirects which is a useful lookup point.

Have I missed any awesome htaccess snippets? (Let me know in the comments)

Photo by Ciprian Popescu.