Popular .htaccess Examples

htaccess examples

What is .htaccess?

The .htaccess file (also known as the Hypertext Access file) is used to define specific configurations for web servers running on Apache. This configuration file affects the directory that it is stored in as well as all subdirectories within that directory. For example, if the .htaccess file is located within your root directory, it will affect the entire site. On the other hand, if the file is located in a specific directory it will only affect that directory and any subdirectories within it.

Some CMS platforms such as WordPress and Drupal also come with .htaccess files to allow you to specify certain configurations that are applicable solely to that site. The .htaccess file can be used to achieve a variety of things including:

  • Performing redirects
  • Customizing error pages
  • Restricting users based on IP
  • Adding MIME types
  • Setting HTTP headers
  • Password protecting certain folders

The .htaccess file can be used to achieve much more, however the above list is amongst the most popular uses of .htaccess. The section below will outline various .htaccess examples and how they can be used within your own site.

.htaccess Examples

There are a vast amount of configuration possibilities that can be achieved within the .htaccess file. The list below is a few of the more commonly used examples.

1) Redirect Users to a Specific Error Page

Based on the status code that a particular file or page returns, you can redirect the user to a custom error page. The example below shows a few variations that you can use. Each one dependant upon the status code that is returned.

ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notfound.html
ErrorDocument 500 /servererror.html

2) Adding a Custom Header and Value

Custom HTTP headers can also be added via the .htaccess file. There are a few syntax options such as “set” which will replace any previous header that has the same name, “add” which will add the header even if another with the same name exists, etc. Visit Apache’s page header guide to learn more.

Header set X-Custom "Custom Value"

In the above example, the X-Custom text corresponds to the HTTP header that will be returned in the HTTP response while the Custom Value text corresponds to the value for this particular header.

3) Blocking Users Based on IP

For security purposes, you can block users based on their IP within the .htaccess file. In the example below, there are two IPs that are blocked. We can also decide to not include the last digit of the IP address which will result in all IPs that contain the first 3 digits being blocked.

order allow,deny
deny from 255.x.x.x
deny from 123.x.x.x
allow from all

4) Blocking Referrers (Hotlink Protection)

Blocking referrers, also known as hotlink protection, is a method used to block certain referrers from referencing your website’s assets and thus stealing your bandwidth. Use the snippet below to define which domains aren’t allowed to refer to your content and thus they will receive a 403 forbidden error.

RewriteCond %{HTTP_REFERER} unwanteddomain\.com [NC,OR]
RewriteCond %{HTTP_REFERER} unwanteddomain2\.com
RewriteRule .* - [F]

Similar functionality can also be achieved via the KeyCDN dashboard. To learn how to implement hotlink protection in your KeyCDN zone, visit our Zonereferrers guide.

5) Adding MIME Types

MIME types define what a particular file extension refers to. Therefore, it is sometimes required to set this in your .htaccess file to inform the web server what type of file you are referencing. To see a full list of MIME types visit the MIME Types List.

AddType image/gif .gif .GIF

6) Leveraging Browser Caching

The .htaccess file can also be used to help improve website performance by leveraging browser caching. Each file type can be defined with a particular expires value. You can define a custom list of file types and change each of their expires value, however the following snippet is a good starting point.

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
## EXPIRES CACHING ##

7) Enabling Gzip

Enabling Gzip on your origin server helps improve the performance of your assets as they are compressed and thus can be delivered faster. You can define a custom list of MIME types to be Gzipped, however the example below is a good starting point. To learn more about the benefits of Gzip and how it works, read our Enable Gzip Compression article.

<IfModule mod_deflate.c>
 AddOutputFilterByType DEFLATE application/javascript
 AddOutputFilterByType DEFLATE application/rss+xml
 AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
 AddOutputFilterByType DEFLATE application/x-font
 AddOutputFilterByType DEFLATE application/x-font-opentype
 AddOutputFilterByType DEFLATE application/x-font-otf
 AddOutputFilterByType DEFLATE application/x-font-truetype
 AddOutputFilterByType DEFLATE application/x-font-ttf
 AddOutputFilterByType DEFLATE application/x-javascript
 AddOutputFilterByType DEFLATE application/xhtml+xml
 AddOutputFilterByType DEFLATE application/xml
 AddOutputFilterByType DEFLATE font/opentype
 AddOutputFilterByType DEFLATE font/otf
 AddOutputFilterByType DEFLATE font/ttf
 AddOutputFilterByType DEFLATE image/svg+xml
 AddOutputFilterByType DEFLATE image/x-icon
 AddOutputFilterByType DEFLATE text/css
 AddOutputFilterByType DEFLATE text/javascript
 AddOutputFilterByType DEFLATE text/plain
 AddOutputFilterByType DEFLATE text/xml
</IfModule>

8) Denying HTTP Request Methods

There are several HTTP request methods that are used for achieving various outcomes. If there are certain HTTP methods that you do not want a user to employ on your website, you can deny them with .htaccess.

RewriteCond %{REQUEST_METHOD} !^(HEAD|OPTIONS|POST|PUT)
RewriteRule .* - [F]

9) Performing 301 Redirects

If you need to perform a 301 redirect for a page that has moved, this can be easily achieved with .htaccess. Simply use the snippet below which takes the first URL (old link) and redirects it to the second URL (new link).

Redirect 301 https://yourwebsite.com/old-page https://yourwebsite.com/new-page

10) Enabling CORS

Enabling CORS is crucial for delivering static assets across various origins. The following snippet can be added to your .htaccess file in order to allow all origins to share resources. Otherwise, if this is not enabled and you origin is requesting resources from another origin, you will receive a CORS error. Read more about CORS in our How to Use CORS article.

<IfModule mod_headers.c>
 <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css|js|gif|png|jpe?g|svg|svgz|ico|webp)$">
 Header set Access-Control-Allow-Origin "*"
 </FilesMatch>
</IfModule>

The above .htaccess examples are a great starting point for those who are not yet familiar with using .htaccess, but still want to perform certain web server configurations. The .htaccess file has the ability to perform an array of tasks and is quite flexible to suit your website’s needs. Although these .htaccess examples are a great starting point, you may be looking to perform some more advanced .htaccess configurations. For more on this topic consider checking out AskApache’s .htaccess file guide article.

Leave A Comment?