Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
.htaccess
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{short description|Directory-level configuration file}} [[File:Htaccess.jpg|thumb|alt=.htaccess file|.htaccess file]] <!-- NB! Before editing, please read https://en.wikipedia.org/wiki/Wikipedia:What_Wikipedia_is_not - Wikipedia is not a manual --> An '''.htaccess''' (''[[hypertext]] access'') file is a [[directory (file systems)|directory]]-level [[configuration file]] supported by several [[web server]]s, used for configuration of [[website]]-access issues, such as [[URL redirection]], [[URL shortening]], [[computer access control|access control]] (for different [[web page]]s and files), and more. The 'dot' ([[Full stop|period]] or [[full stop]]) before the file name makes it a [[Hidden file and hidden directory|hidden file]] in [[Unix]]-based environments. A site could have more than one <kbd>.htaccess</kbd> file, and the files are placed inside the web tree (i.e. inside directories and their sub-directories), and hence their other name ''distributed configuration files''.<ref>[https://httpd.apache.org/docs/current/howto/htaccess.html Apache HTTP Server Tutorial: .htaccess files - Guide at Apache.org.]</ref> <kbd>.htaccess</kbd> files act as a subset of the server's global configuration file (like <kbd>[[httpd.conf]]</kbd>) for the directory that they are in, or all sub-directories.<ref>{{cite web | url = http://httpd.apache.org/docs/current/mod/core.html#allowoverride | title = AllowOverride Directive | access-date = 2009-03-02}}</ref> The original purpose of <kbd>.htaccess</kbd>—reflected in its name—was to allow per-directory access control by, for example, requiring a password to access [[World Wide Web]] content. More commonly, however, the <kbd>.htaccess</kbd> files define or override many other configuration settings such as content type, [[character set]], [[Common Gateway Interface]] handlers, etc. ==Format and language== <kbd>.htaccess</kbd> files are written in the '''Apache Directives''' variant of the [[Perl Compatible Regular Expressions]] (PCRE) language. Learning basic PCRE itself can help in mastering work with these files. For historical reasons, the format of <kbd>.htaccess</kbd> files is a limited subset of the [[Apache HTTP server]]'s global configuration file <kbd>[[httpd.conf]]</kbd><ref>{{cite web | url = http://httpd.apache.org/docs/current/configuring.html | title = Configuration Files | access-date = 2009-03-02}}</ref> even when used with web servers such as [[Oracle iPlanet Web Server]]<ref>[http://download.oracle.com/docs/cd/E19146-01/821-1828/gdeun/index.html "Using the .htaccess file"], Oracle.com</ref> and [[Zeus Web Server]] which have very different native global configuration files. ==Common usage== ; [[Authorization]], [[authentication]]: A .htaccess file is often used to specify security restrictions for a directory, hence the filename "<kbd>access</kbd>". The <kbd>.htaccess</kbd> file is often accompanied by a <kbd>[[.htpasswd]]</kbd> file which stores valid [[username]]s and their [[password]]s.<ref>{{cite web | url = http://httpd.apache.org/docs/current/misc/password_encryptions.html | title = Apache Tutorial: Password Formats | access-date = 2009-03-02}}</ref> ; [[URL rewriting]]: Servers often use <kbd>.htaccess</kbd> for [[rewriting]] long, overly comprehensive URLs to shorter and more memorable ones. ; Blocking (access control): Use ''allow/deny'' to block users by IP address or domain. Also used to block bad bots, rippers and referrers. : ; SSI: Enable [[server-side include]]s. ; Directory listing: Control how the server will react when no specific web page is specified. ; [[Custom error page|Customized error responses]]: Changing the page that is shown when a server-side error occurs, for example [[HTTP 404|HTTP 404 Not Found]] or, to indicate to a search engine that a page has moved, [[HTTP 301|HTTP 301 Moved Permanently]].<ref>{{cite web | url = https://support.google.com/webmasters/bin/answer.py?hl=en&answer=93633 | title = Webmaster Tools Help: 301 redirects | access-date = 2012-03-27}}</ref> ; [[MIME types]]: Instruct the server how to treat different varying file types. ; Cache control: <kbd>.htaccess</kbd> files allow a server to control [[web cache|caching]] by [[web browser]]s and [[caching proxy|proxies]] to speed up websites,<ref>{{Cite news|url=https://www.wpenlight.com/how-to-create-edit-wordpress-htaccess-speed-up-website/|title=How to Create and Edit WordPress htaccess File to Speed Up Your Website|date=2017-07-29|work=WP Enlight|access-date=2017-09-12|language=en-US|archive-date=2017-09-12|archive-url=https://web.archive.org/web/20170912192950/https://www.wpenlight.com/how-to-create-edit-wordpress-htaccess-speed-up-website/|url-status=dead}}</ref> reduce [[bandwidth (computing)|bandwidth]] usage, [[web server|server]] load, and perceived [[Latency (engineering)|lag]]. <kbd>.htaccess</kbd> also adds the cache age to the webpage resources so that on revisiting the page, the elements are reloaded from browser cache till the age mentioned expires, instead of requesting the resource again from the server. ; [[HTTPS]] & [[HTTP Strict Transport Security|HSTS]]: Implementation of both HTTPS and HSTS on Apache servers is largely dependent on correct [[URL rewriting]] & header information mentioned in <kbd>.htaccess</kbd> file. Any incorrect syntax in the file while deploying HTTPS or HSTS leads to a failure in implementation. ==Advantages== ; Immediate changes: Because <kbd>.htaccess</kbd> files are read on every request, changes made in these files take immediate effect – as opposed to the main configuration file, which requires the server to be restarted for the new settings to take effect. ; Non-privileged users: For servers with multiple users, such as on [[Shared web hosting service|shared web hosting]], it is often desirable to allow individual users the ability to alter their site configuration. The use of <kbd>.htaccess</kbd> files allows such individualization, and by unprivileged users – because the main server configuration files do not need to be changed.<ref>{{cite web | url = http://httpd.apache.org/docs/current/howto/htaccess.html#when | title = Apache Tutorial: When (not) to use .htaccess files | access-date = 2008-01-12}}</ref> ==Disadvantages== Controlling Apache using the main server configuration file <kbd>[[httpd.conf]]</kbd><ref>{{cite web | url=http://httpd.apache.org/docs/current/configuring.html | title=Configuration Files - Apache HTTP Server | access-date=2008-01-12}}</ref> is often preferred for security and performance reasons:<ref>{{cite web|url=http://httpd.apache.org/docs/current/howto/htaccess.html#when |title=When Not to use .htaccess files |publisher=Httpd.apache.org |access-date=2009-09-02}}</ref> ; Performance loss: For each [[HTTP request]], there are additional file-system accesses for parent directories when using <kbd>.htaccess</kbd>, to check for possibly existing <kbd>.htaccess</kbd> files in those parent directories which are allowed to hold <kbd>.htaccess</kbd> files. It is possible to programmatically migrate directives from <kbd>.htaccess</kbd> to <kbd>httpd.conf</kbd> if this performance loss is a concern.<ref>{{cite web | url=http://blog.preinheimer.com/index.php?/archives/340-.htaccess-to-httpd.conf.html | title=How to convert .htaccess to httpd.conf entries}}</ref> ; Security: Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.<ref>{{cite web | url=http://httpd.apache.org/docs/current/misc/security_tips.html#systemsettings | title = Protecting System Settings | access-date=2009-03-02}}</ref> ; Syntax: <kbd>.htaccess</kbd> is usually very sensitive to syntax errors. Due to this any misspellings may lead to [[List of HTTP status codes#5xx_server_errors|server errors]] and web resources in the directory with the erroneous <kbd>.htaccess</kbd> not being displayed at all. ==In popular culture== Portions of the 2020 video game ''[[Mackerelmedia Fish]]'', which explores themes of Internet culture, have been implemented directly on a website's open <kbd>.htaccess</kbd> directories.<ref>{{Cite web|last=Morton|first=Lauren|date=2020-03-30|title=Look at this wacky fish ARG about exploring abandoned websites|url=https://www.rockpapershotgun.com/2020/03/30/look-at-this-wacky-fish-arg-about-exploring-abandoned-websites/|access-date=2020-08-20|website=Rock, Paper, Shotgun|language=en-US}}</ref> ==See also== *[[Semantic URL]] *[[Rewrite engine]] ==References== {{Reflist}} ==External links== *[http://httpd.apache.org/docs/current/howto/htaccess.html Apache Docs Tutorial: .htaccess files] {{DEFAULTSORT:Htaccess}} [[Category:Configuration files]] [[Category:Web technology]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Cite news
(
edit
)
Template:Cite web
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)