Apache HTACCESS files are an integral part of developing websites on the Apache web server.
In a nutshell .htaccess files are extensions of the Apache server configuration file. They allow you to set up specific configuration for a site or even a particular directory. It is always best to use Apaches' server configuration file when you are able, the performance of the site is much better. But often because multiple sites are running on one instance of Apache these specific configuration files are needed in order to apply functionality to a site that doesn't negatively impact other sites.
Most of us host sites in a "Shared" hosting environment where modifying the apache configuration or php.ini simply isn't an option, this is where HTACCESS files saves the day. I'll hit on some of the commonly used features / configurations here.
Allow Override (permitting the use of .htaccess files)
When on shared hosting I usually assume I'll be able to use the basic functionality of an htaccess file. But what you can do varies, and you may or may not be able to tell for sure what your able to override since this requires looking at the Apache config file. Apache config files contain "Directory" sections defined like <directory "/test/site"></directory>. By default, overriding the configuration is allowed however this can be specified using the "AllowOverride" property. The typical values for this are either "All" or "None". In general I would assume you can set set server properties in the HTACCESS file. But if things aren't working as you would expect then this may be the reason. http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
Password Protection
Probably the single most used feature of the HTACCESS file. To use this feature you need to first set up a HTPASSWD file, which is easy, but does require the command line. This file will store your user name and corresponding passwords. There are lots of ways to set up .htpasswd files, I'll show you some of the basics using a utility called "htpasswd". To create a new htpasswd file type the following.
htpasswd -c /file/location/.htpasswd mbopp
You will then be prompted for a password. Once entered, assuming you have the correct write permissions to the directory your file should be created and ready to go. The "-c" option specifies that you want to create a new file. If you want to modify an existing users password you can do the same without the -c option... like...
htpasswd /file/location/.htpasswd mbopp password
Or omit the password and be prompted as you were with the previous command.
http://httpd.apache.org/docs/2.0/programs/htpasswd.html
Once you have your .htpasswd file set up you need to reference it in your htaccess file in order for it to be recognized and used on your website. You can either put password directives in a "directory" tag or simply by itself in the .htaccess file, which will apply it to the current directory. Here is an example.
AuthType Basic AuthName "Password Required" AuthUserFile /file/location/.htpasswd
Allow override will need to be set in to at least "AllowOverride AuthConfig" if it isn't already set to "All" in order for directive to be recognized. You can also set up groups of users with different access privileges. More can be found out at http://httpd.apache.org/docs/2.0/mod/mod_auth.html.
Mod ReWrite
Another feature I find myself using quite a bit is the mod rewrite module. This gives you the ability to have "Clean URLs". Meaning that your URLs will not have file extensions like .htm, .php, .py, etc. It's good practice to wrap your mod rewrite properties in a conditional xml tag. "<IfModule mod_rewrite.c></IfModule>" . The following is a simple example which sends a user to /e/www/when visiting "/".
RewriteEngine on RewriteRule ^/$ /e/www/ [R]
Most CMS solutions already have this htaccess configuration done for you. The following is an example from a Drupal CMS .htaccess file. This looks at the parameters in the url querystring and rewrites them to look like a directory structure.
RewriteEngine on
RewriteBase /
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
http://httpd.apache.org/docs/2.0/misc/rewriteguide.html
PHP Settings
Lastly, the other thing I find myself doing often is setting various PHP settings. Every instance of PHP has an ini file somewhere in the path. But if settings need to be changed on a site by site basis it's quick and simple to just do this within the htaccess file. Here's a common scenario, you have a website that is returning a blank page. This is likely a php error and your site is probably set up to hide these errors by default. So in order to see the actual error you need to add the following to the .htaccess file.
php_flag display_errors off
There are a ton of PHP settings, should you run across one that you need to change, explore the ability to override and set it in the HTACCESS file. http://php.net/manual/en/configuration.changes.php
Other Resources
Need a fresh perspective on a tough project?
Let’s talk about how RDG can help.
About the Author
Mike Bopp
Mike is the Managing Director of Rapid Development Group, where he drives strategy and operations while also leading multiple software development projects.