If you use shared hosting, chances are good that your website lives on a computer running the Linux operating system and either Apache or Nginx web server software. These two web servers are used by 80% of all websites.

Living along with your website files is a little known and often hidden file named “.htaccess” (without the quotes). This file can be used to control certain behaviors of the web server, even in a shared hosting environment. The Apache documentation describes it this way:

.htaccess files (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.

Editing .htaccess requires access to the server file system, either via FTP or through a control panel. .htaccess can execute some powerful commands that have a lot of impact on your website. For that reason, I recommend that you use it carefully or leave it to your web developer. Having said that, let’s look at three examples of using .htaccess.

Redirection

In its simplest form, redirection intercepts the URL entered into the browser and returns a different page. This allows you to use URLs in your own domain for a variety of purposes. For instance, the URL http://webdancers.com/subscribe redirects to a sign up page on MailChimp. The command in .htaccess for this looks like this:

redirect 301 /subscribe http://eepurl.com/Dylp

The “301” in this command indicates a “permanent direct”. This is significant because it will cause Google to reindex this page to use the redirected URL. If you don’t want this to happen, use “302” for a “temporary redirect”, which Google will ignore. Redirection can also be used globally to switch all http URLs to https or add “www” to all URLs.

Directory Protection

Individual directories or an entire website can be password protected using commands in .htaccess. The login procedure for these secure directories is handled automatically by the web browser using a pop-up login interface (you've probably seen these before). Note that a separate .htaccess file will be used for each directory that is protected.

Because Apache uses a very secure method of encrypting passwords, the files needed can’t be created manually. However most control panel software (like cPanel) will handle the setup for you.

Commands in .htaccess can also prevent access from a list of IP addresses or domains.

Link prevention by filetype

Hot link prevention refers to stopping websites that are not your own from displaying your files or content. This is most commonly used to prevent other websites from displaying your images but it can be used to prevent people using your JavaScript or CSS (cascading style sheet) files.

To set-up hot link prevention for '.gif', '.jpg' and '.css' files, .htaccess would include the following:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|css)$ - [F]

The above lines tell the Apache Web Server to block all links to '.gif', '.jpg' and '.css' files which are not from the domain name 'http://www.yourdomain.com/'. Note, this functionality requires that 'mod_rewrite' is enabled on your server. Check with your hosting company to find out if this is the case.

Final thoughts

Most website owners shouldn’t be messing with their .htaccess files. However, you should know that it exists and some of the functions that it enables. The official documentation and tutorial is available from Apache and many other online resources are available. I usually just Google the specific thing that I’m trying to accomplish.

Until next week.