htaccess and its Various Applications. The .htaccess file is an Apache web server configuration file that can control access to the site or how it works. This file can change the default settings of the Apache server. An .htaccess file can easily be created with a text/HTML editor and then uploaded via FTP.
In this article, we want to first introduce you to the .htaccess file and then explain the different uses of this file. Stay with us.
Buy VPS, Cheap VPS Hosting Server with Instant Activation in Eldernode
Table of Contents
What is htaccess?
.htaccess is a text environment file that is used to configure various folders on some web servers, including Apache. Many tasks that require advanced coding are only possible by writing one line of code in this file.
With this file you can redirect a page to another page, change the file extension, encrypt the folder and do things like that easily.
Location of the .htaccess file and how to access it
This file normally exists in the host public_html directory. In most content management systems such as WordPress and Drupal, this file is created automatically.
If your hosting control panel is cpanel, this control panel does not show hidden files by default. Therefore, to show the hidden files, proceed as follows:
1. In the File Manager folder in the upper right corner of the page, click the Settings button to display the pop-up window for the file manager settings.
2. In the pop-up window that opens, check Show Hidden Files and click save.
With this change, after saving, you can enter the public_html folder and view the htaccess file. Other hidden folders such as Trash, where the deleted files are located, will also be visible in the Home folder.
Through the htaccesseditor site, you can easily generate the code you need to insert in htaccess according to your desired application and add it to your htaccess file.
Htaccess applications
This file, which is usually created by creating popular and open source CMS such as WordPress, Joomla and Drupal automatically in the main path of the script, is responsible for important tasks such as the following:
Change the title and format of the main index file
You can use the following code to change the name and format of your site’s original file:
DirectoryIndex file.php file.htm
Prevent theft of files and folders within the host
Most of the time, information such as your own template files that are on the host or files that are zipped into your host can be easily discovered and stolen by others.
To prevent this, put the following code at the bottom of the .htaccess file:
Options All -Indexes
Restrict access with specific ip in htaccess
In some cases, when many requests from one or range of ip are sent to your site and reduce the loading speed of your site or block ip spammers, you can restrict the desired ips through the .htaccess file.
deny from 1.2.3.4allow from allInstead of 1.2.3.4 you need to add the desired ip or ip range.
Also for site management security, you can create a .htaccess file in the site management path, for example in WordPress, in the wp-admin path, and restrict access to all ips except your static ip. In this way, only your site will have access to the site management path.
deny from allallow from 1.2.3.4Instead of 1.2.3.4 you need to add the desired ip or ip range.
Enhance file security with htaccess code (restrict file access)
To prevent others from accessing some of the site’s important files, such as config files, enter the following code in htaccess:
<files wp-config.php> order allow,deny deny from all </files> Instead of wp-config.php you need to enter the desired file name.
Hide list of directories
One of the problems with sites is the ability to view files and folders. This problem allows anyone to see the content uploaded to your site and for example will be able to copy the template of your site.
To prevent this problem, enter the following code in htaccess:
Options –Indexes
Caching the site on a browser with htaccess code
Caching the site on the browser will reduce traffic, RAM and CPU consumption on your site and thus increase the loading speed of your site.
Put the following code at the bottom of the .htaccess file:
# Enables browser caching <IfModule mod_expires.c> ExpiresActive On ExpiresByType image/jpg "access 1 year" ExpiresByType image/jpeg "access 1 year" ExpiresByType image/gif "access 1 year" ExpiresByType image/png "access 1 year" ExpiresByType text/css "access 1 month" ExpiresByType application/pdf "access 1 month" ExpiresByType text/x-javascript "access 1 month" ExpiresByType application/x-shockwave-flash "access 1 month" ExpiresByType image/x-icon "access 1 year" ExpiresDefault "access 2 days" </IfModule>
Restrict the type of executable and viewable files
To maintain the security and information of the site, you can specify the file extensions that can be run:
Options +FollowSymlinks RewriteEngine On rewritecond %{REQUEST_FILENAME} !^(.+).css$ rewritecond %{REQUEST_FILENAME} !^(.+).js$ rewritecond %{REQUEST_FILENAME} !file.php$ RewriteRule ^(.+)$ /deny/ [nc]
Add mime-type via htaccess
Delete the server query about whether to open or download the file. Easily download the desired file.
AddType application/octet-stream .pdf AddType application/octet-stream .zip AddType application/octet-stream .mov
Restrict file upload
You can set the maximum uploadable file size to 20 MB via the following code:
php_value upload_max_filesize 20M
Limit the volume of posts sent
Through the following code, you can specify the maximum size of each post is 2 MB:
php_value post_max_size 2M
Set memory limit
You can specify the amount of memory limit through the following code:
php_value memory_limit 128M
Define a redirect in htaccess
One of the most common uses in htaccess is the ability to define redirects and forwards. You can redirect the site to another address by inserting the code in this file or various links. You can also specify the site to be redirected with http to https or with www to without www.
For example, you can redirect http to https via the following code:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]htaccess and its Various Applications
Change the default page
Using the following code, you can specify what the default page of the site is. That is, when the site loads, what page should be loaded first or determine the priority of displaying the default pages.
#Alternate default index pages DirectoryIndex first.html index.htm index.html index.php
Create default error pages
Creating a custom error page means that, for example, the moment your website encounters one of the most common HTTP errors.
For example, there is no file or page, and the visitor gets a 404 error by entering an address that does not exist on your server and website.
The visitor may not know the meaning of this error, or even if he knows, he may be confused and stop visiting your website. In this case, if we have already created a page so that the visitor, instead of encountering a 404 error, enters a page that correctly gives him the message that “The file in question does not exist” or “This file may have been deleted for some reason or moved to another path” the visitor feels better about the error.
How to prevent Hotlink action in .htaccess file (prevent the use of site images on other sites)
Hotlink Protection prevents your information from being copied to other websites. For example, if there is an image in a directory of your hosting service, that image will not be displayed on other websites. Also, if a file can be downloaded with a direct link using your website and the link is copied to another website, users of that website will first be referred to your website address by clicking on the link. This will increase the traffic and load of your site. In this case, your bandwidth will end while no visits have been made to your site.
Using htaccess will prevent you from using your content on other websites, especially your website images.
Note, this feature requires that mod_rewrite be enabled on your server. So be sure to contact your system administrator or web hosting company.
htaccess and its Various Applications.
Here are the instructions to prevent the use of content for files in the formats ‘GIF‘, ‘JPG‘ and ‘CSS‘ that should be in the .htaccess file:
RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC] RewriteRule \.(gif|jpg|css)$ - [F]‘Yourdomain.com’ is replaced with the website address.
Htaccess protection. From unauthorized access
As you can see, there are many things you can do with an .htaccess file.
Given its power and control over your web server, it is important to protect this file from unauthorized access by hackers.
To protect this file, simply add the following code to your .htaccess file:
<files ".htaccess"> order allow,deny deny from all </files>
Dear user, we hope you would enjoy this tutorial, you can ask questions about this training in the comments section, or to solve other problems in the field of Eldernode training, refer to the Ask page section and raise your problem in it as soon as possible. Make time for other users and experts to answer your questions.
htaccess and its Various Applications.
Goodluck.
