This article describes what .htaccess files are and how you can use them to customize the web server's configuration for your web site.
An .htaccess file is a plain-text configuration file that enables you to customize the web server's configuration. When the Apache web server processes an incoming client request for a file, it looks for an .htaccess file in the same directory. If the .htaccess file exists, Apache reads the directives in the file and overrides the server's global configuration. Any directives defined in an .htaccess file apply to the directory where the file is located, and to all subdirectories beneath it.
You can use directives in .htaccess files to redirect requests to different URLs, control directory listings, specify custom error documents, and more. A2 Hosting web server configurations use the AllowOverride All directive to provide the most flexibility for your web site.
By default, anyone can view the contents of an .htaccess file. However, this is a potential security risk, because it exposes web site configuration information. For security reasons, it is a good idea to prevent visitors from viewing .htaccess files.
To do this, add the following directives to the .htaccess file:
# Prevent Apache from serving .htaccess files: <FilesMatch "^\.htaccess"> Order allow,deny Deny from all </FilesMatch>
Now, visitors who try to view the .htaccess file directly receive a “403 Forbidden” error in their web browser.