Before we start customizing the website, let us see how to locate or create the .htaccess file, as well as how to edit it. Most often, the system file will be hidden, and you need to make it visible in the Settings.
The dialog box below will open.
If the .htaccess file is not there, you can use one of the various methods to create the file and save it in the public folder.
You can use a text editor to create and edit the .htaccess file. Note that the field does not have an extension. While you can use notepad and then upload using an FTP client or legacy file manager, the easiest way is to use the inbuilt code editor in cPanel.
Alternatively, you can create the file using the command below after you've SSH'd to your Linux server. Replace the yoursite.com with your website. Note: The path to the .htaccess file shown below may vary depending on which web server software you're using.
Use a text editor such as Notepad, TextEdit or any other suitable tool. Create a new file and save it as .htaccess without an extension.
Use FTP or file manager to upload the file into the public_html folder.
To edit the .htaccess file, use the file manager to locate the file and right click on it.
If editing online in a browser;
- Click Edit.
- It will open an editable web page where you can now add or remove commands.
- Save it after you are through with customizing.
The other option is to Download the file to your computer, modify it locally using a text editor, and then upload it back to the original location.
Either way, the commands remains the same.
It is a good practice to always save the working version of the file before any modifications. This will enable you to revert back to the working copy if something goes wrong.
Customizing the error pages
The .htaccess file enables you to customize the error messages that website visitors see. This includes errors that visitors get when a page is unavailable, when a file is missing, or when there is any other error message. Using .htaccess file, you can then customize any of these error pages provided you have their numbers, such as 401, 404, 505, etc. However, you must create the custom HTML pages corresponding to the error numbers.
To customize the error message, add the command line below to your .htaccess file.
ErrorDocument errornumber /file.html
Where file.html is your custom page.
For example, if you want to replace my 404 error page message;
- Create a pagenotfound.html, 404.html error page, or any other name that you can remember.
- Save it in your root directory or another folder.
- Add the line below to your .htaccess file.
ErrorDocument 404 /pagenotfound.html
Similarly, you can add other custom error pages and can even name the files according to the error number. For example, you can customize the following common error pages.
- 401.html for customizing the Authorization required error
- 400.html for Bad request error
- 403 Forbidden error
- 404.html wrong page error
- 500 Internal Server error
If the custom pages are in a different folder called ‘Errorpages’ or another preferred name, include the path in your command. For example;
ErrorDocument 401 /errorpages/401.html
ErrorDocument 404 /errorpages/404.html
ErrorDocument 500 /errorpages/500.html
Allow or deny access by certain IP addresses
The file allows you to control who access certain pages or the entire website. You can specify different IP addresses or certain IP blocks. Add the following commands to the.htaccess file depending on your requirements. Replace the IP addresses below with those that you want to deny or allow access.
By default, the website will allow all IP addresses. However, if you have a deny rule for a block of IPs, you need an allow rule for specific addresses that require access.
allow from 184.108.40.206 # only allow this IP address
allow from 220.127.116.11/30 # allow addresses in this subnet range
allow from 123.123.* # Allow addresses from an IP address wildcard
deny from all
The “deny from all” restricts access by any other address and this rule will only allow the specified addresses or range.
Deny specific IP addresses
allow from all
deny from 18.104.22.168
deny from 22.214.171.124
deny from 126.96.36.199
deny from 188.8.131.52
deny from 184.108.40.206
deny from 220.127.116.11
deny from 18.104.22.168
deny from 22.214.171.124
deny from 126.96.36.199
deny from 188.8.131.52
deny from 184.108.40.206
Redirecting a website page or directory
Redirecting a website page or domain to another link within or external requires that you add a command with the filename path and the destination URL. For example, to redirect a particular page to a different website and page, add the command
Redirect /redirect_from.html http://www.anothersite.com/redirect_to.html
This redirects the page redirect_from.html from your website to a different page redirect_to.html on http://www.anothersite.com.
If the file to redirect is in a different folder, include its path in the command. For example, if the Productlist.html page is in a subfolder called Products, include it in the command as follows;
Redirect /Products/productlist.html http://anotherwebsite.com/Accessories.html
Similarly, you can do the same for other types of files such as PHP, images, etc. For example,
Redirect /about_Us/ http://anotherwebsite.com/About_our_company/
redirects the About Us page from your website to the About Our Company page on Anotherwebsite.com.
Also, note that the name of the original website is not usually included, the backslash (/) signifies the root directory.
To redirect the home page to another website, add the command to the .htaccess file.
Redirect / http://anothersite.com/
Password protect directories
You can use the .htaccess file to password protect certain directories.
This is a two-process procedure where you;
- Add protection commands in the .htaccess file
- Create a password file known as .htpasswds
Editing the .htaccess file
Add these lines to specify the section you want to password-protect as follows:
AuthName "Section Name"
AuthName "Please Enter your Password"
- Section Name refers to the area you wish to protect. For example, this can be Subscribed Members or any other section where only a handful or authorized users should access.
- The path in AuthUSerFile is the location for the .htpasswds file.
- AuthName is the message that visitors see when they try to access the protected directory.
- Require valid-user signifies that there are several people who can access using passwords.
Creating the .htpasswds password file
Create a file with the usernames and passwords for the people you want to give access to the directory or website section.
Store the file in another directory within the site. Ideally, this should be outside the protected directory and the web root to avoid blocking it and also prevent access from the web.
You can use any text editor to add the usernames and passwords in below format and then save the file as .htpasswds.
There are several third-party services such as KxS site, which allows one to create the file and encrypt it.
The .htaccess file is useful in customizing a website by simply adding commands. It is easy to create and edit as long as you know the code that you require. The text-based file resides in the public_html directory and you can edit it online or offline.
You can use the .htaccess file to customize and improve the websites in various ways. Common applications include creating custom error messages, redirecting the website pages, password protecting specific directories, blocking access from certain IP addresses, and more.