We've partnered with HostGator
" for 25% off any package.
Comprehensive guide to
Tutorial written and contributed by
additional/bio info on author. Last updated: Jan 18th, 06' for additional section.
I am sure that most of you have heard of htaccess, if just vaguely, and
that you may think you have a fair idea of what can be done with an
htaccess file. You are more than likely mistaken about that, however.
Regardless, even if you have never heard of htaccess and what it can do
for you, the intention of this tutorial is to get you two moving along
If you have heard of htaccess, chances are that it has been in relation
to implementing custom error pages or password protected directories. But
there is much more available to you through the marvelously simple
A Few General Ideas
An htaccess file is a simple ASCII file, such as you would create through
a text editor like NotePad or SimpleText. Many people seem to have some
confusion over the naming convention for the file, so let me get that out
of the way.
.htaccess is the file extension. It is not
file.htaccess or somepage.htaccess, it is simply named .htaccess
In order to create the file, open up a text editor and save an empty
page as .htaccess (or type in one character, as some editors will not
let you save an empty page). Chances are that your editor will append
its default file extension to the name (ex: for Notepad it would call
the file .htaccess.txt). You need to remove the .txt (or other) file
extension in order to get yourself htaccessing--yes, I know that isn't a
word, but it sounds keen, don't it? You can do this by right clicking on
the file and renaming it by removing anything that doesn't say
.htaccess. You can also rename it via telnet or your ftp program, and
you should be familiar enough with one of those so as not to need
htaccess files must be uploaded as ASCII mode, not BINARY. You
may need to CHMOD the htaccess file to 644 or (RW-R--R--). This makes
the file usable by the server, but prevents it from being read by a
browser, which can seriously compromise your security. (For example, if
you have password protected directories, if a browser can read the
htaccess file, then they can get the location of the authentication file
and then reverse engineer the list to get full access to any portion
that you previously had protected. There are different ways to prevent
this, one being to place all your authentication files above the root
directory so that they are not www accessible, and the other is through
an htaccess series of commands that prevents itself from being accessed
by a browser, more on that later)
Most commands in htaccess are meant to be placed on one line only, so if
you use a text editor that uses word-wrap, make sure it is disabled or
it might throw in a few characters that annoy Apache to no end, although
Apache is typically very forgiving of malformed content in an htaccess
htaccess is an Apache thing, not an NT thing. There are similar
capabilities for NT servers, though in my professional experience and
personal opinion, NT's ability in these areas is severely handicapped.
But that's not what we're here for.
htaccess files affect the directory they are placed in and all
sub-directories, that is an htaccess file located in your root directory
(yoursite.com) would affect yoursite.com/content,
yoursite.com/content/contents, etc. It is important to note that this
can be prevented (if, for example, you did not want certain htaccess
commands to affect a specific directory) by placing a new htaccess file
within the directory you don't want affected with certain changes, and
removing the specific command(s) from the new htaccess file that you do
not want affecting this directory. In short, the nearest htaccess file
to the current directory is treated as the htaccess file. If
the nearest htaccess file is your global htaccess located in your root,
then it affects every single directory in your entire site.
Before you go off and plant htaccess everywhere, read through this and
make sure you don't do anything redundant, since it is possible to cause
an infinite loop of redirects or errors if you place something weird in
Also...some sites do not allow use of htaccess files, since depending on
what they are doing, they can slow down a server overloaded with domains
if they are all using htaccess files. I can't stress this enough:
You need to make sure you are allowed to use htaccess before you
actually use it. Some things that htaccess can do can
compromise a server configuration that has been specifically setup by
the admin, so don't get in trouble.
Now, onto the tasty morsels...