Basic Guide to .htaccess
By using a .htaccess file, you can configure certain elements on your site on a per-directory basis. though the file starts with a period, it is not appended to a file name, .htaccess is the file. Some examples of what can be done with a .htaccess file are:
- Web site redirection (all or just a portion)
- Force Web site to always show www. in the address bar
- Force SSL connection (require http://)
- Allow directory listing of files
- And much more.
NOTE: Any command that you place in .htaccess file will affect its current directory where it is placed and also its sub-directories. If you put a .htaccess file in the root folder it will affect the whole site.
Creating a .htaccess file
A .htaccess file can be created and edited in any text editor and then uploaded to the desired location, or you can even create it in your SSH command line environment making changes on the fly. We will document the SSH method.
- Connect to your account via SSH (if you are not sure how to do this, please see the SSH documentation).
- Navigate to the directory where you wish to create your .htaccess file (specific SSH commands can be found in the SSH Commands documentation).
- (Optional) You may wish to do a directory listing to see if a .htaccess file already exists in the directory you want. Because of the nature of .htaccess files, the default configuration of your SSH environment will not show it with a simple directory listing command, you will need to use the following command followed by the enter key:
ls -al
This will display ALL files in the current directory and will show you if you already have a .htaccess file.
- To create and/or edit your .htaccess file, use the following command followed by the enter key:
nano .htaccess
- This will open up the nano text editor and load/create the .htaccess file. You may now make any edits or additions to your file.
NOTE: If nano does not work on your account, you can use pico instead and it should work fine. - When finished, press Ctrl+X to exit. You will be prompted to save your changes, follow the instructions to make the changes permanent.
Web site redirection (all or just a portion)
To redirect some or all of your Web site to another location, you will need to add the following lines to your .htaccess file (where the .htaccess file is located depends on what parts of your site you are redirecting):
Redirect permanent / http://www.example.com/
The above code will permanently redirect your entire site to the address http://www.example.com/. You would need to place that in the main Web folder to be effective though. If you only wish to redirect certain portions of your site, you can do that with the following command:
Redirect 301 file.html http://www.yourdomain.com/anotherfile.html
This code says to automatically redirect anyone trying to access http://www.yourdomain.com/file.html to the specified address http://www.yourdomain.com/anotherfile.html. As you’ll notice, it’s important to put the whole URL in the second spot telling EXACTLY where to redirect to. You can also make that link and external link (links to a page not on yourdomain.com), but just remember that it too has to include the EXACT URL (including http://etc…).
There are other ways to accomplish these types of redirection (such as META refreshes), but most are much more clunky and can negatively affect your search engine optimization, so learning and using the above method for redirection can really pay off big for your Web site.
Force Web site to always show www. in the address bar
If you would like to force your Web site to load with the www. at the beginning whether your site visitor typed it or not, you can accomplish this through the following .htaccess command:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.yourdomain.com$
RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301]
You will need to make sure you replace yourdomain.com with your actual domain name.
Force SSL connection (require http://)
You can force your Web site (or a portion of your Web site) to be accessed securely (i.e., require http://) by creating an .htaccess file in the appropriate location that includes the following mod_rewrite rules:
If you have your own SSL certificate:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ http://yourdomain.com/$1 [R=301,L]
Important note: yourdomain.com must match the domain name on your SSL certificate. If your SSL certificate has been issued to www.yourdomain.com, for example, then you will need to use www.yourdomain.com in the RewriteRule. If you have a wildcard SSL certificate, you may use %{SERVER_NAME} in the RewriteRule in place of the domain name.
If you are using WestHost’s Shared SSL:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Host} !^ssl4.westserver.net$
RewriteRule ^(.*)$ http://ssl4.westserver.net/yourdomain.com/$1 [R=301,L]
Make sure to replace yourdomain.com with your actual domain name.
Allow directory listing of files
If you would like to allow visitors to view the contents of a directory that does not have a default index.html page, you can accomplish this with the following .htaccess command:
Options +Indexes
By default, this is disabled due to security purposes, so only turn on directory listing if you really need it and understand the risks involved.
There is so much more you can do with a .htaccess file, but the above is just a general guide to help get you started. For more in depth information on .htaccess files, please see the Apache .htaccess Documentation.