An .htaccess (''

hypertext Hypertext is E-text, text displayed on a computer display or other electronic devices with references (hyperlinks) to other text that the reader can immediately access. Hypertext documents are interconnected by hyperlinks, which are typic ...

access'') file is a directory-level

configuration file A configuration file, a.k.a. config file, is a computer file, file that stores computer data, data used to configure a software system such as an application software, application, a server (computing), server or an operating system. Some applic ...

supported by several

web server A web server is computer software and underlying Computer hardware, hardware that accepts requests via Hypertext Transfer Protocol, HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, co ...

s, used for configuration of

website A website (also written as a web site) is any web page whose content is identified by a common domain name and is published on at least one web server. Websites are typically dedicated to a particular topic or purpose, such as news, educatio ...

-access issues, such as

URL redirection URL redirection, also called URL forwarding, is a World Wide Web technique for making a web page available under more than one URL address. When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened. ...

URL shortening URL shortening is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page. This is achieved by using a redirect which links to the web page that has a ...

access control In physical security and information security, access control (AC) is the action of deciding whether a subject should be granted or denied access to an object (for example, a place or a resource). The act of ''accessing'' may mean consuming ...

(for different

web page A web page (or webpage) is a World Wide Web, Web document that is accessed in a web browser. A website typically consists of many web pages hyperlink, linked together under a common domain name. The term "web page" is therefore a metaphor of pap ...

s and files), and more. The 'dot' ( period or

full stop The full stop ( Commonwealth English), period (North American English), or full point is a punctuation mark used for several purposes, most often to mark the end of a declarative sentence (as distinguished from a question or exclamation). A ...

) before the file name makes it a hidden file in

Unix Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...

-based environments. A site could have more than one .htaccess file, and the files are placed inside the web tree (i.e. inside directories and their sub-directories), and hence their other name ''distributed configuration files''. .htaccess files act as a subset of the server's global configuration file (like
) for the directory that they are in, or all sub-directories. The original purpose of .htaccess—reflected in its name—was to allow per-directory access control by, for example, requiring a password to access

World Wide Web The World Wide Web (WWW or simply the Web) is an information system that enables Content (media), content sharing over the Internet through user-friendly ways meant to appeal to users beyond Information technology, IT specialists and hobbyis ...

content. More commonly, however, the .htaccess files define or override many other configuration settings such as content type,

character set Character encoding is the process of assigning numbers to graphical characters, especially the written characters of human language, allowing them to be stored, transmitted, and transformed using computers. The numerical values that make up a c ...

Common Gateway Interface file:Common Gateway Interface logo.svg, The official CGI logo from the spec announcement In computing, Common Gateway Interface (CGI) is an interface specification that enables web servers to execute an external program to process HTTP or HTTPS ...

handlers, etc.

Format and language

.htaccess files are written in the Apache Directives variant of the Perl Compatible Regular Expressions (PCRE) language. Learning basic PCRE itself can help in mastering work with these files. For historical reasons, the format of .htaccess files is a limited subset of the

Apache HTTP server The Apache HTTP Server ( ) is a free and open-source software, free and open-source cross-platform web server, released under the terms of Apache License, Apache License 2.0. It is developed and maintained by a community of developers under the ...

's global configuration file
even when used with web servers such as

Oracle iPlanet Web Server An oracle is a person or thing considered to provide insight, wise counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. If done through occultic means, it is a form of divination. Descript ...

and Zeus Web Server which have very different native global configuration files.

Common usage

;

Authorization Authorization or authorisation (see American and British English spelling differences#-ise, -ize (-isation, -ization), spelling differences), in information security, computer security and identity management, IAM (Identity and Access Managemen ...

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...

: A .htaccess file is often used to specify security restrictions for a directory, hence the filename "access". The .htaccess file is often accompanied by a .htpasswd file which stores valid

username A user is a person who uses a computer or Computer network, network Service (systems architecture), service. A user often has a user account and is identified to the system by a username (or user name). Some software products provide serv ...

s and their

password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...

s. ;

URL rewriting In web applications, a rewrite engine is a software component that performs rewriting on URLs (Uniform Resource Locators), modifying their appearance. This modification is called URL rewriting. It is a way of implementing URL mapping or routin ...

: Servers often use .htaccess for

rewriting In mathematics, computer science, and logic, rewriting covers a wide range of methods of replacing subterms of a formula with other terms. Such methods may be achieved by rewriting systems (also known as rewrite systems, rewrite engines, or reduc ...

long, overly comprehensive URLs to shorter and more memorable ones. ; Blocking (access control): Use ''allow/deny'' to block users by IP address or domain. Also used to block bad bots, rippers and referrers. : ; SSI: Enable server-side includes. ; Directory listing: Control how the server will react when no specific web page is specified. ; Customized error responses: Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found or, to indicate to a search engine that a page has moved, HTTP 301 Moved Permanently. ; MIME types: Instruct the server how to treat different varying file types. ; Cache control: .htaccess files allow a server to control caching by

web browser A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...

s and proxies to speed up websites, reduce

bandwidth Bandwidth commonly refers to: * Bandwidth (signal processing) or ''analog bandwidth'', ''frequency bandwidth'', or ''radio bandwidth'', a measure of the width of a frequency range * Bandwidth (computing), the rate of data transfer, bit rate or thr ...

usage,

server Server may refer to: Computing *Server (computing), a computer program or a device that provides requested information for other programs or devices, called clients. Role * Waiting staff, those who work at a restaurant or a bar attending custome ...

load, and perceived lag. .htaccess also adds the cache age to the webpage resources so that on revisiting the page, the elements are reloaded from browser cache till the age mentioned expires, instead of requesting the resource again from the server. ;

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...

& HSTS: Implementation of both HTTPS and HSTS on Apache servers is largely dependent on correct

& header information mentioned in .htaccess file. Any incorrect syntax in the file while deploying HTTPS or HSTS leads to a failure in implementation.

Advantages

; Immediate changes: Because .htaccess files are read on every request, changes made in these files take immediate effect – as opposed to the main configuration file, which requires the server to be restarted for the new settings to take effect. ; Non-privileged users: For servers with multiple users, such as on shared web hosting, it is often desirable to allow individual users the ability to alter their site configuration. The use of .htaccess files allows such individualization, and by unprivileged users – because the main server configuration files do not need to be changed.

Disadvantages

Controlling Apache using the main server configuration file
is often preferred for security and performance reasons: ; Performance loss: For each

HTTP request HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...

, there are additional file-system accesses for parent directories when using .htaccess, to check for possibly existing .htaccess files in those parent directories which are allowed to hold .htaccess files. It is possible to programmatically migrate directives from .htaccess to httpd.conf if this performance loss is a concern. ; Security: Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly. ; Syntax: .htaccess is usually very sensitive to syntax errors. Due to this any misspellings may lead to server errors and web resources in the directory with the erroneous .htaccess not being displayed at all.

In popular culture

Portions of the 2020 video game '' Mackerelmedia Fish'', which explores themes of Internet culture, have been implemented directly on a website's open .htaccess directories.

References

External links

Apache Docs Tutorial: .htaccess files
{{DEFAULTSORT:Htaccess Configuration files Web technology