The .htaccess file plays a vital role in the management and security of a website. In this article, we will show you how to use the file to customize your site.
In particular, you will learn how to do the following:
- Create and edit the .htaccess file
- Customizing error pages such as 401, 401, 403, 404, 500, 501, and more
- Block visitors based on IP address, referrer or any other parameter
- Redirect pages and websites.
- Password protect directories.
Before we start customizing the website, let us see how to locate or create the .htaccess file, as well as how to edit it. Most often, the system file will be hidden, and you need to make it visible in the Settings.
- Login to your website’s cPanel and open the File Manager under Files.
- Open the public_html or your website’s root directory.
- Click Settings on the top-left corner.
The dialog box below will open.
- Tick the checkbox Show Hidden Files (Dotfiles) and Save.
If the .htaccess file is not there, you can use one of the various methods to create the file and save it in the public folder.
Creating the .htaccess File
You can use a text editor to create and edit the .htaccess file. Note that the field does not have an extension. While you can use notepad and then upload using an FTP client or legacy file manager, the easiest way is to use the inbuilt code editor in cPanel.
Alternatively, you can create the file using the command below after you’ve SSH’d to your Linux server. Replace the yoursite.com with your website. Note: The path to the .htaccess file shown below may vary depending on which web server software you’re using.
sudo nano /var/www/yoursite.com/.htaccess
Creating a new .htaccess file in cPanel
- Login to your website’s cPanel and open the File Manager.
- Open the public_html or website directory.
- Click on the + File at the left-hand top corner. A dialog box prompting you to enter a filename appears.
- Type .htaccess and click Create New File.
Create .htaccess using a text editor
Use a text editor such as Notepad, TextEdit or any other suitable tool. Create a new file and save it as .htaccess without an extension.
Use FTP or file manager to upload the file into the public_html folder.
Editing .htaccess file
To edit the .htaccess file, use the file manager to locate the file and right click on it.
- Login to your website’s cPanel and open the File Manager (figure 1).
- Open the public_html or website directory.
Figure 5
If editing online in a browser;
- Click Edit.
- It will open an editable web page where you can now add or remove commands.
- Save it after you are through with customizing.
The other option is to Download the file to your computer, modify it locally using a text editor, and then upload it back to the original location.
Either way, the commands remains the same.
It is a good practice to always save the working version of the file before any modifications. This will enable you to revert back to the working copy if something goes wrong.
Customizing the error pages
The .htaccess file enables you to customize the error messages that website visitors see. This includes errors that visitors get when a page is unavailable, when a file is missing, or when there is any other error message. Using .htaccess file, you can then customize any of these error pages provided you have their numbers, such as 401, 404, 505, etc. However, you must create the custom HTML pages corresponding to the error numbers.
To customize the error message, add the command line below to your .htaccess file.
ErrorDocument errornumber /file.html
Where file.html is your custom page.
For example, if you want to replace my 404 error page message;
- Create a pagenotfound.html, 404.html error page, or any other name that you can remember.
- Save it in your root directory or another folder.
- Add the line below to your .htaccess file.
ErrorDocument 404 /pagenotfound.html
Similarly, you can add other custom error pages and can even name the files according to the error number. For example, you can customize the following common error pages.
- 401.html for customizing the Authorization required error
- 400.html for Bad request error
- 403 Forbidden error
- 404.html wrong page error
- 500 Internal Server error
If the custom pages are in a different folder called ‘Errorpages’ or another preferred name, include the path in your command. For example;
ErrorDocument 401 /errorpages/401.html
ErrorDocument 404 /errorpages/404.html
ErrorDocument 500 /errorpages/500.html
Allow or deny access by certain IP addresses
The file allows you to control who access certain pages or the entire website. You can specify different IP addresses or certain IP blocks. Add the following commands to the.htaccess file depending on your requirements. Replace the IP addresses below with those that you want to deny or allow access.
Allow access
By default, the website will allow all IP addresses. However, if you have a deny rule for a block of IPs, you need an allow rule for specific addresses that require access.
#Allow order deny,allow allow from 123.123.123.123 # only allow this IP address allow from 123.123.123.123/30 # allow addresses in this subnet range allow from 123.123.* # Allow addresses from an IP address wildcard deny from all
The “deny from all” restricts access by any other address and this rule will only allow the specified addresses or range.
Deny Access
Deny specific IP addresses
order allow,deny allow from all </Files> deny from 36.149.0.228 deny from 37.229.205.159 deny from 37.57.45.247 deny from 195.154.63.216 deny from 109.162.122.86 deny from 104.238.195.198 deny from 188.165.230.165 deny from 37.115.204.220 deny from 104.255.65.202 deny from 104.227.211.54 deny from 23.254.11.18
Redirecting a website page or directory
Redirecting a website page or domain to another link within or external requires that you add a command with the filename path and the destination URL. For example, to redirect a particular page to a different website and page, add the command
Redirect /redirect_from.html http://www.anothersite.com/redirect_to.html
This redirects the page redirect_from.html from your website to a different page redirect_to.html on http://www.anothersite.com.
If the file to redirect is in a different folder, include its path in the command. For example, if the Productlist.html page is in a subfolder called Products, include it in the command as follows;
Redirect /Products/productlist.html http://anotherwebsite.com/Accessories.html
Similarly, you can do the same for other types of files such as PHP, images, etc. For example,
Redirect /about_Us/ http://anotherwebsite.com/About_our_company/
redirects the About Us page from your website to the About Our Company page on Anotherwebsite.com.
Also, note that the name of the original website is not usually included, the backslash (/) signifies the root directory.
To redirect the home page to another website, add the command to the .htaccess file.
Redirect / http://anothersite.com/
Password protect directories
You can use the .htaccess file to password protect certain directories.
This is a two-process procedure where you;
- Add protection commands in the .htaccess file
- Create a password file known as .htpasswds
Editing the .htaccess file
Add these lines to specify the section you want to password-protect as follows:
AuthName "Section Name" AuthUserFile /home/folder/.htpasswds AuthName "Please Enter your Password" AuthType Basic Require valid-user
Where,
- Section Name refers to the area you wish to protect. For example, this can be Subscribed Members or any other section where only a handful or authorized users should access.
- The path in AuthUSerFile is the location for the .htpasswds file.
- AuthName is the message that visitors see when they try to access the protected directory.
- Require valid-user signifies that there are several people who can access using passwords.
Creating the .htpasswds password file
Create a file with the usernames and passwords for the people you want to give access to the directory or website section.
Store the file in another directory within the site. Ideally, this should be outside the protected directory and the web root to avoid blocking it and also prevent access from the web.
You can use any text editor to add the usernames and passwords in below format and then save the file as .htpasswds.
Username:password
There are several third-party services such as KxS site, which allows one to create the file and encrypt it.
Conclusion
The .htaccess file is useful in customizing a website by simply adding commands. It is easy to create and edit as long as you know the code that you require. The text-based file resides in the public_html directory and you can edit it online or offline.
You can use the .htaccess file to customize and improve the websites in various ways. Common applications include creating custom error messages, redirecting the website pages, password protecting specific directories, blocking access from certain IP addresses, and more.
Check out these top 3 cPanel hosting services:
- Want to get top recommendations about best hosting? Just click this link!