Knowledge Base

Using .htaccess files

This article describes what .htaccess files are and how you can use them to customize the web server's configuration for your web site.

About .htaccess files

An .htaccess file is a plain-text configuration file that enables you to customize the web server's configuration. When the Apache web server processes an incoming client request for a file, it looks for an .htaccess file in the same directory. If the .htaccess file exists, Apache reads the directives in the file and overrides the server's global configuration. Any directives defined in an .htaccess file apply to the directory where the file is located, and to all subdirectories beneath it.

You can use directives in .htaccess files to redirect requests to different URLs, control directory listings, specify custom error documents, and more. A2 Hosting web server configurations use the AllowOverride All directive to provide the most flexibility for your web site.

If there are any misconfigured rules or incorrect syntax in an .htaccess file, users see an “Internal Server Error” message when they visit a page in the same directory. Be very careful when you make any changes to an .htaccess file.

Protecting .htaccess file contents

By default, anyone can view the contents of an .htaccess file. However, this is a potential security risk, because it exposes web site configuration information. For security reasons, it is a good idea to prevent visitors from viewing .htaccess files.

To do this, add the following directives to the .htaccess file:

# Prevent Apache from serving .htaccess files:
<FilesMatch "^\.htaccess">
    Order allow,deny
    Deny from all
</FilesMatch>

Now, visitors who try to view the .htaccess file directly receive a “403 Forbidden” error in their web browser.

More Information