An .htaccess (''

hypertext Hypertext is E-text, text displayed on a computer display or other electronic devices with references (hyperlinks) to other text that the reader can immediately access. Hypertext documents are interconnected by hyperlinks, which are typi ...

access'') file is a

directory Directory may refer to: * Directory (computing), or folder, a file system structure in which to store computer files * Directory (OpenVMS command) * Directory service, a software application for organizing information about a computer network's u ...

-level

configuration file In computing, configuration files (commonly known simply as config files) are computer file, files used to configure the Parameter (computer programming), parameters and Initialization (programming), initial settings for some computer programs. T ...

supported by several

web server A web server is computer software and underlying hardware that accepts requests via HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiate ...

s, used for configuration of

website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google Search, Google, Facebook, Amaz ...

-access issues, such as

URL redirection URL redirection, also called URL forwarding, is a World Wide Web technique for making a web page available under more than one URL address. When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened ...

URL shortening URL shortening is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page. This is achieved by using a redirect which links to the web page that has a ...

access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...

(for different web pages and files), and more. The 'dot' (

period Period may refer to: Common uses * Era, a length or span of time * Full stop (or period), a punctuation mark Arts, entertainment, and media * Period (music), a concept in musical composition * Periodic sentence (or rhetorical period), a concept ...

full stop The full stop (Commonwealth English), period (North American English), or full point , is a punctuation mark. It is used for several purposes, most often to mark the end of a declarative sentence (as distinguished from a question or exclamation ...

) before the file name makes it a

hidden file In computing, a hidden folder (sometimes hidden directory) or hidden file is a folder or file which filesystem utilities do not display by default when showing a directory listing. They are commonly used for storing user preferences or preservi ...

Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...

-based environments. A site could have more than one .htaccess file, and the files are placed inside the web tree (i.e. inside directories and their sub-directories), and hence their other name ''distributed configuration files''. .htaccess files act as a subset of the server's global configuration file (like
) for the directory that they are in, or all sub-directories. The original purpose of .htaccess—reflected in its name—was to allow per-directory access control by, for example, requiring a password to access

World Wide Web The World Wide Web (WWW), commonly known as the Web, is an information system enabling documents and other web resources to be accessed over the Internet. Documents and downloadable media are made available to the network through web se ...

content. More commonly, however, the .htaccess files define or override many other configuration settings such as content type,

character set Character encoding is the process of assigning numbers to graphical characters, especially the written characters of human language, allowing them to be stored, transmitted, and transformed using digital computers. The numerical values that ...

Common Gateway Interface In computing, Common Gateway Interface (CGI) is an interface specification that enables web servers to execute an external program, typically to process user requests. Such programs are often written in a scripting language and are commonly ref ...

handlers, etc.

Format and language

.htaccess files are written in the Apache Directives variant of the

Perl Compatible Regular Expressions Perl Compatible Regular Expressions (PCRE) is a library written in C, which implements a regular expression engine, inspired by the capabilities of the Perl programming language. Philip Hazel started writing PCRE in summer 1997. PCRE's syntax i ...

(PCRE) language. Learning basic PCRE itself can help in mastering work with these files. For historical reasons, the format of .htaccess files is a limited subset of the

Apache HTTP server The Apache HTTP Server ( ) is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache is developed and maintained by an open community of developers under the auspices of the Apache So ...

's global configuration file
even when used with web servers such as

Oracle iPlanet Web Server Oracle iPlanet Web Server (OiWS) is a web server designed for medium and large business applications. Previous versions were marketed as Netscape Enterprise Server, iPlanet Web Server, Sun ONE Web Server, and Sun Java System Web Server. Oracle ...

and

Zeus Web Server Zeus Web Server is a discontinued proprietary high-performance web server for Unix and Unix-like platforms (including Solaris, FreeBSD, HP-UX and Linux). It was developed by Zeus Technology, a software company located in Cambridge, England that w ...

which have very different native global configuration files.

Common usage

;

Authorization Authorization or authorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More for ...

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...

: A .htaccess file is often used to specify security restrictions for a directory, hence the filename "access". The .htaccess file is often accompanied by a .htpasswd file which stores valid

username A user is a person who utilizes a computer or Computer network, network Service (systems architecture), service. A user often has a user account and is identified to the system by a username (or user name). Other terms for username includ ...

s and their

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

s. ;

URL rewriting In web applications, a rewrite engine is a software component that performs rewriting on URLs (Uniform Resource Locators), modifying their appearance. This modification is called URL rewriting. It is a way of implementing URL mapping or routing ...

: Servers often use .htaccess for

rewriting In mathematics, computer science, and logic, rewriting covers a wide range of methods of replacing subterms of a well-formed formula, formula with other terms. Such methods may be achieved by rewriting systems (also known as rewrite systems, rewr ...

long, overly comprehensive URLs to shorter and more memorable ones. ; Blocking (access control): Use ''allow/deny'' to block users by IP address or domain. Also used to block bad bots, rippers and referrers. Often used to restrict access by

web crawler A Web crawler, sometimes called a spider or spiderbot and often shortened to crawler, is an Internet bot that systematically browses the World Wide Web and that is typically operated by search engines for the purpose of Web indexing (''web spid ...

s. ; SSI: Enable

server-side include Server Side Includes (SSI) is a simple interpreted server-side scripting language used almost exclusively for the World Wide Web. It is most useful for including the contents of one or more files into a web page on a web server (see below), using ...

s. ; Directory listing: Control how the server will react when no specific web page is specified. ; Customized error responses: Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found or, to indicate to a search engine that a page has moved, HTTP 301 Moved Permanently. ;

MIME types A media type (also known as a MIME type) is a two-part identifier for file formats and format contents transmitted on the Internet. The Internet Assigned Numbers Authority (IANA) is the official authority for the standardization and publication o ...

: Instruct the server how to treat different varying file types. ; Cache control: .htaccess files allow a server to control caching by

web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...

s and proxies to speed up websites, reduce

bandwidth Bandwidth commonly refers to: * Bandwidth (signal processing) or ''analog bandwidth'', ''frequency bandwidth'', or ''radio bandwidth'', a measure of the width of a frequency range * Bandwidth (computing), the rate of data transfer, bit rate or thr ...

usage,

server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...

load, and perceived

lag Lag, or similar, may refer to: Lag * Łąg, Poland * Lag (company), a French guitar maker * Lag (cue sports), a brief pre-game competition to determine which player will go first * Latency (engineering), a slower response time in computing, commu ...

. .htaccess also adds the cache age to the webpage resources so that on revisiting the page, the elements are reloaded from browser cache till the age mentioned expires, instead of requesting the resource again from the server. ;

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...

& HSTS: Implementation of both HTTPS and HSTS on Apache servers is largely dependent on correct

& header information mentioned in .htaccess file. Any incorrect syntax in the file while deploying HTTPS or HSTS leads to a failure in implementation.

Advantages

; Immediate changes: Because .htaccess files are read on every request, changes made in these files take immediate effect – as opposed to the main configuration file which requires the server to be restarted for the new settings to take effect. ; Non-privileged users: For servers with multiple users, such as on shared web hosting, it is often desirable to allow individual users the ability to alter their site configuration. The use of .htaccess files allows such individualization, and by unprivileged users – because the main server configuration files do not need to be changed.

Disadvantages

Controlling Apache using the main server configuration file
is often preferred for security and performance reasons: ; Performance loss: For each

HTTP request The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...

, there are additional file-system accesses for parent directories when using .htaccess, to check for possibly existing .htaccess files in those parent directories which are allowed to hold .htaccess files. It is possible to programatically migrate directives from .htaccess to httpd.conf if this performance loss is a concern. ; Security: Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly. ; Syntax: .htaccess is usually very sensitive to syntax errors. Due to this any misspellings may lead to server errors and web resources in the directory with the erroneous .htaccess not being displayed at all.

In popular culture

Portions of the 2020 video game

Mackerelmedia Fish ''Mackerelmedia Fish'' is a 2020 experimental ARG-like browser-based video game developed by Nathalie Lawhead. The game explores themes and settings related to 1990s and early 2000s Internet culture (its name being a parody of Macromedia Flash), ...

, which explores themes of Internet culture, have been implemented directly on a website's open .htaccess directories.

References

External links

Apache Docs Tutorial: .htaccess files
{{DEFAULTSORT:Htaccess Configuration files Web technology