A website can be put online when it's hosted on a web servers so anyone, or people who are given privilege, can access it. But despite you have configured your website to do what you want it to do from the front-end and in its administrator section, there are still things that you can't do to increase its purpose on the web.
When a website is put online, it's surely meant to be available for people. Because the server where your website is hosted is what made this possible, you need to configure it so your website is really ready for public viewing. In other words, you need to make sure your website is optimized for the web.
One of the things you can do to configure your web server is by using a file called .htaccess. This hypertext access file is a directory-level configuration file supported by web servers, allowing management for the web server's configuration. When this file is placed is a directory, it overrides your web server's global configuration, and affects anything in that directory, or in all sub-directories the file is placed.
The file is a simple ASCII text file with the name .htaccess. The file isn't a a file with extension like .html or .txt. The entire file name is .htaccess.
The main purpose for .htaccess is to give an access control. And with that control, follows many other configuration settings, including content types, character set, CGI handlers, and many more.
Started as a limited subset of the Apache's web server's global configuration file, .htaccess can be used to specify restrictions, rewriting URLS, blocking specific IPs or domains, server-side includes, customized error page, changing default directory page, redirecting, server tuning, configure directory listing, performance configuration, enhance SEO and usability, configuring website's security, configuring file types, cache control, and more.
In general, you should only use .htaccess files when you have no access to the main server configuration file. Some directives are better placed in the main server configurations, so only use the file accordingly when needed. For example, you may want to use the file in a case where the content providers that do not have access to the root of the web server, need to make configuration changes to the server on a per-directory basis.
No matter how good this file can change your web server's configuration per-directory, using .htaccess should be avoided whenever possible. The main reasons are:
- Performance. When
AllowOverrideis set to allow the use of .htaccess files, httpd will look in every directory for .htaccess files. Context inside this file also needs to be regularly re-compiled with every request to the directory. These can decrease performance by margins. - Security. Allowing others to modify your web server's configuration can result in changes where you have no control.
If you do need to use .htaccess file, you can create one in a text editor, and then upload it to your web server in ASCII mode, not BINARY. Secondly, you need to know the appropriate placement for the file to ensure security and to prevent any errors, such as infinite loop of redirects. Make sure that the file is inside the directory where everything inside it, including its sub-directories, you want to alter/control. Additionally, you may need to CHMOD the file to 644 or (RW-R--R--) to make it usable by the server, but prevents it from being read by a browser, which can seriously compromise your security.
Below is a list of five common attribute of .htaccess:
- Mod_Rewrite: This is one of the most useful feature you can do with the file. You can use the space in the .htaccess file to designate and alter how URLs and web pages on your website are displayed to your visitors.
- Authentication: The .htaccess file doesn't need as many permissions as accessing the apache2.conf file, but with it, you can still make effective changes to your website. Once such change is to require a password to access certain sections of the webpage.
- Custom Errors: With .htaccess you can create custom error pages for your site. Most of the common errors are: 400 Bad Request, 401 Authorization Required, 403 Forbidden Page, 404 File not Found, and 500 Internal Error.
- MIME Types: If your website features some application files that your web server was not set up to deliver, you can add MIME type to your web server with the .htaccess file.
- SSI: Or server-side includes can update large number of pages with some specific data without having to update each page individually. With .htaccess, this can be made possible.
Conclusion
The .htaccess can be as versatile as it can be, and can be a pain whenever it can. There is so much you can do with the file.
There is a list of Apache Directives you can use for your .htaccess files, though not all of them are designed to be used by it. The Apache User's Guide can come in handy if you need more detailed information.