The htaccess file and its uses

The Htaccess files are hidden plain text files that are on the server to help control your website's behaviour. The htaccess file is also used to block specific traffic from being able to view your website. If you look for your .htaccess file you'll see that there's no filename. The extension is .htaccess which tells the server what type of file it is.

You will also want to read:

How to Create a MySQL Database, a User and Delete Database in Cpanel
How to Create a SubDomain in Cpanel
How to Create a Website/Domain Redirect in cPanel
How to force your website url with www or non-www using htaccess
How to optimize your website to use less server resources


In cPanel you can see if you have a current .htaccess file using file manager but you will need to make sure you have selected to view hidden files. If you are not familiar with using file manager please read the filemanager article.  To view hidden files in file manager, select the 'file manager' icon in cPanel and make sure the box is checked next to 'Show Hidden Files.' Then click 'OK' and you will be able to view hidden files.

How to create and edit a .htaccess file

To create a .htaccess file, follow these steps:
1. Login to your cPanel control panel.
2. Click on the filemanager icon under the "files" section
3. Click on the create new file at the top left on the menu bar.
4. Name the file to be .htaccess
Save your work by clicking "create new file.

What can you do with a .htaccess file?

You might have a private area of your website you wish to keep password protected. This password protection is actually set up in the .htaccess file. Most of the functions of the htaccess file, you do not have to concern yourself with as they will be automatically written through cPanel. This is the case of password protecting directories. While you set it up in cPanel, it actually writes a directive to your htaccess file.

Also read:

How to Reset or Change to a New CPanel Password
How to Set Up and Delete a Cron Job
How to Setup Google Apps MX, CNAME and SPF records
How to upload files to a website
Overview of Quickinstall

Other functions of the htaccess file include, prohibiting hotlinks, rewriting URLs, creating redirects, reconfiguring account settings, and much more. It's really important to realize how the htaccess file can affect your entire account. Changing something in the htaccess file can alter how your website functions so it's really important that before you make changes to your htaccess file, you will have to backup your current htaccess file.

Troubleshooting Errors caused by the .htaccess File

If you are getting errors on your website, the .htaccess file can often be the culprit. This is easily tested by renaming your current htaccess file. Often, during troubleshooting you can simply rename the .htaccess to .htaccess.old and now reload the website. If the site loads then know the issue resides in the configuration of the .htaccess file. If it does not fix the issue than rename the htaccess by removing the .old added to the end. That way, it won't affect the website after the issue is resolved.

How to use htaccess to prevent access to a specific website file


First, you will need to log into your cPanel to access the htaccess file.
    Find the Files category and click on the File Manager icon.
   
    A popup box will appear. For the primary domain, click on the Web Root radio button. For addon domains, click on the dropdown and find your desired addon domain name. Be sure the checkbox next to Show Hidden Files is checked. Click the Go button to enter the File Manager.

    You should now be in the root folder of the domain you chose. Look for the .htaccess file and right click on it. This brings up a menu. Find and click on the Edit option. If you get a popup box, simply find and click the Edit button in the lower right corner to continue to the editor.

    You are now in the htaccess editor. Paste the following code in the file to prevent access to your selected file. In our example below, we decided to hide the file named todhost.jpg. This can be a file of any tyep (html, jpg, php, etc.)

    # the following prevents display of the filetohide file

    <files todhost.jpg>
    order allow,deny
    deny from all
    </files>

    Be sure to hit the Save Changes button in the upper right corner to save your new htaccess configuration.

Also read:

PHP Configuration in cPanel
Step by Step Approach to Password Protect a Directory in cPanel
How to Backup My Website in cPanel


How to use the .htaccess file to change the default directory page


You can specify a certain file to be your index file (directory index). By default, index.html or index.htm is often the default index for directories. Let’s say you wanted to use a different file as your directory index, you could by using .htaccess to specify the file.

        DirectoryIndex filename.html

Replace the name 'filename' with your new directory file name


How to use the .htaccess file to protect a directory


You can use .htaccess to password a directory on your server. There are numerous approaches to creating an authentication system. Htaccess can be used for passwords. In the htpasswd file, you place the username and password.

    AuthUserFile /full/path/to/.htpasswd
    AuthType Basic
    AuthName "My Directory To Be Protected"
    Require valid-user

Note: replace the My Directory To Be Protected' with the directory name you intend to protect.

The full/path/to/.htpasswd should be the full path to the .htpasswd file. On Windows for instance it could look like this: C:\wwwrootlevel\username\.htpasswd.

The above .htaccess file will password protect all files in the folder that it is placed in, including all sub-folders as well.


How to use the .htaccess file to protect a single file

Use .htaccess to protect a single file

    AuthUserFile /full/path/to/.htpasswd
    AuthType Basic
    AuthName "My Secret Page"

    <Files "mywebfile.html">
      Require valid-user
    </Files>

Replace the word 'mywebfile' with your file name.



Blocking a country from accessing your site via htaccess

    First you will need to collect the data. You want to find a reliable list of IPs for the country you want to block. Doing a search, we find that you can get your deny list generated at IP2Location's free visitor-blocker generator. Using this tool will let you download a text file with the code needed to block a country. In our example, we randomly chose Algeria. The output format we chose is the Apache .htaccess deny.

Follow the steps to download your file.
    Open your file in the text editor of your choice and highlight and copy the information in the file.
    Next, we will need to log into your cPanel to access the htaccess file.
    Find the Files category and click on the File Manager icon.
   
    A popup box will appear. For the primary domain, click on the Web Root radio button. For addon domains, click on the dropdown and find your desired addon domain name. Be sure the checkbox next to Show Hidden Files is checked. Click the Go button to enter the File Manager.

    You should now be in the root folder of the domain you chose. Look for the .htaccess file and right click on it. This brings up a menu. Find and click on the Edit option. If you get a popup box, simply find and click the Edit button in the lower right corner to continue to the editor.

    You are now in the htaccess editor. Paste your code into your htaccess so that it forces the visitor to download that type of file.The code should be formatted similar to that below but be much longer. Some countries like China and the US can have thousands of lines in their block code
    <Limit GET HEAD POST>
    order deny,allow
    deny from 81.52.168.0/23
    deny from 188.138.10.163/32
    deny from 188.138.78.129/32
    allow from all
    </Limit>
    Be sure to hit the Save Changes button in the upper right corner to save your new htaccess configuration. Now any IP from those ranges are now denied access to your site.

WHMCS default .htaccess information

RewriteEngine On # Announcements RewriteRule ^announcements/([0-9]+)/[a-z0-9_-]+\.html$ ./announcements.php?id=$1 [L,NC] RewriteRule ^announcements$ ./announcements.php [L,NC] # Downloads RewriteRule ^downloads/([0-9]+)/([^/]*)$ ./downloads.php?action=displaycat&catid=$1 [L,NC] RewriteRule ^downloads$ ./downloads.php [L,NC] # Knowledgebase RewriteRule ^knowledgebase/([0-9]+)/[a-z0-9_-]+\.html$ ./knowledgebase.php?action=displayarticle&id=$1 [L,NC] RewriteRule ^knowledgebase/([0-9]+)/([^/]*)$ ./knowledgebase.php?action=displaycat&catid=$1 [L,NC] RewriteRule ^knowledgebase$ ./knowledgebase.php [L,NC]

Where is my .htaccess file and how do I edit it?

By default you should find the .htaccess file created on your account in the following directory:
/home/username/public_html/.htaccess

You can use your favorite FTP client to modify this file, or follow the steps below to access it directly from cPanel:

  •     Login to your cPanel.
  •     Under the Files section, click on File Manager.
  •     Select the Document Root for: option, and choose your domain from the drop-down.
  •     Ensure that Show Hidden Files is selected.
  •     Then click Go.
     
   To edit the .htaccess file, simply right-click on the .htaccess file and select Edit.
     
    If your .htaccess file didn't exist already during the previous step, click on New File at the top-left, name the file .htaccess, and finally set the directory for the file to be created to /public_html/ or the document root of your site.
     
    You should have a text editor encoding dialog box pop-up, you can simply click on Edit.
    
 How to remove file extensions from displaying in browser

In this tutorial, we will look at how to remove file extensions from displaying in your web browser using the .htaccess file.

The trend lately is a tendency for designers to want to cloak their file extensions from their visitors. For example, they want the URL 'domain.com/index.html' to display as 'domain.com/index' or simply domains.com. Some like the way it looks, others believe it helps with SEO, and others believe it is better for security. The issue of the real benefits it offers is still debatable but this is a feature you can implement via your htaccess file.

This article will guide you through doing so via your cPanel.

    Log into your cPanel.
    Find the Files category and click on the File Manager icon.
   
    A popup box will appear. For the primary domain, click on the Web Root radio button. For addon domains, click on the dropdown and find your desired addon domain name. Be sure the checkbox next to Show Hidden Files is checked. Click the Go button to enter the File Manager.

    You should now be in the root folder of the domain you chose. Look for the .htaccess file and right click on it. This brings up a menu. Find and click on the Edit option. If you get a popup box, simply find and click the Edit button in the lower right corner to continue to the editor.

    You are now in the text editor. As most sites are coded with either htm or php, we have include the code for both below.
   
    RewriteEngine on
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME}\.php -f
    RewriteRule ^(.*)$ $1.php

    RewriteEngine on
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME}\.html -f
    RewriteRule ^(.*)$ $1.html

    Be sure to hit the Save Changes button in the upper right corner to save your new htaccess configuration. Your site should now display the address without the file extension.

How to turn off server signature with .htaccess

Turning off server signature adds an additional layer of security to your website as it hides your website verson. When you turn off server signature, it does hide the version of the web server from visitors viewing a directory listing or similar. The server signature would still be displayed in the http header.

To turn off server sinature, Add the below line to your .htaccess file in order to have ServerSignatures turned off.

 
ServerSignature Off

That is it. Now you know how to turn off server signature using your .htaccess file.
  • 32 Users Found This Useful
Was this answer helpful?

Related Articles

I have a full backup of account through cPanel. How do I restore it?

It is recommended that you maintain healthy backup of your website and possibly download the...

How To Create, Edit, and Delete a File in CPanel Using File Manager

This tutorial will be useful for you to understand how to create a file, edit a file or delete...

How to Create a MySQL Database, a User and Delete Database in Cpanel

How to Create a MySQL Database, a User and Delete Database in CpanelYour cPanel allows you to...

How do I create and remove an Addon Domain?

An add-on domain is a separate domain name that you add to your web hosting subscription with...

How to Set Up and Delete a Cron Job

A cron job allows you to run a certain command at times set by the job. For example, you could...

Powered by WHMCompleteSolution