Skip to content

.htaccess

.htaccess is a configuration file that allows you to define rewrite rules statements yourself. It is compatible with the Apache "standard" and is supported by the proprietary module for the NGiNX server.

The .htaccess file is supported on PHP type of website. Do not edit it with a text editor that automatically adds additional BOM tags (this may cause added rules to malfunction). For Notepad++, the line break must be [LF] (not [CR][LF]). We recommend editing the file remotely after logging into your account via SSH, using the available editors (vi, nano, mcedit etc.). If necessary, the BOM tags can be removed in the mcedit editor or by dos2unix command available after logging into your account via SSH.

The .htaccess file can be located in the main directory of domain: /usr/home/login/domains/DOMAIN/ or in any of its subdirectories.

Warning

An error in the syntax of the .htaccess file will result in a 500 error message on the page.

Examples

Below are some examples of the use of this file.

Redirect to SSL

Domain redirection to an encrypted SSL connection.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

HTTPS variable

It allows detecting whether the connection has been established using an encrypted SSL connection.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Subdomain redirect

Redirect subdomain test.example.com to example.com/test without creating a vhost.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?test\.example.com$ [NC]
RewriteCond %{REQUEST_URI} !^/test/
RewriteRule ^(.*)$ /test/$1 [L]

301 Redirect

  • Redirect one page to DOMAIN:
Redirect 301 /page.php http://DOMAIN/page.html
  • Redirect the whole site to DOMAIN:
Redirect 301 / http://DOMAIN/
  • Redirect the whole site to subdirectory of DOMAIN:
Redirect 301 / http://DOMAIN/sub/
  • Redirect page's subdirectory to DOMAIN:
Redirect 301 /sub http://DOMAIN/
  • Redirect all requests to html files to files with the same name but a php extension:
RedirectMatch 301 (.*)\.html$ http://DOMAIN$1.php

Host html pages without an extension

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html

Prevent images hotlinking

Hotlinking is placing pictures on the website that the user downloads from an external server. An example of a blocking hotlinking looks like:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://DOMAIN$ [NC]
RewriteCond %{HTTP_REFERER} !^http://.*\.DOMAIN$ [NC]
RewriteCond %{HTTP_REFERER} !^http://DOMAIN/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://.*\.DOMAIN/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

Protect directory with a password

It is possible to protect the entire directory on the website with a password (or even the entire website). In the examples below, the argument USERNAME should be replaced with the username of the selected user and the argument LOGIN with the login of an account on the Serv00.com server.

The password file should be created by adding the first user with the command htpasswd -c /usr/home/LOGIN/.htpasswd USERNAME and grant read permissions with the command chmod +r /usr/home/LOGIN/.htpasswd. The directory to be password protected should contain the .htaccess file with the following content:

AuthType Basic
AuthUserFile "/usr/home/LOGIN/.htpasswd"
require valid-user
AuthName "Resource protected"

AuthUserFile points to the file that was created earlier. It is possible to use different files with logins and passwords for different directories. Removing a user is possible with the command htpasswd -D /usr/home/LOGIN/.htpasswd USERNAME.

Default encoding of text files

In the case of sharing .txt files in which it is impossible to determine the encoding with the meta tag or other files in which the encoding has not been set, you can force browsers to display correctly using the AddDefaultCharset directive, e.g.

AddDefaultCharset utf-8

Blocking IP adresses

  • Blocking a specific IP address:
<RequireAll>
    Require all granted
    Require not ip 123.123.123.123
</RequireAll>
  • Blocking IP ranges (123.123.123.1 - 123.123.123.254):
<RequireAll>
    Require all granted
    Require not ip 123.123.123.0/24
</RequireAll>

Blocking by referer

Blokowanie dostępu do strony, jeśli wejście nastąpiło z domena.com lub domena.net: Blocking access to the website if the entry was from example.com or example.net:

RewriteEngine On
RewriteCond %{HTTP_REFERER} example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} example\.net
RewriteRule .* - [F]

Disable directory index

Blocking indexing of directory contents without index.html/index.php:

Options -Indexes

Parsowanie strony jako XHTML/XML

To force the browser to use the XHTML/XML parser, add a line:

AddType application/xhtml+xml .html

Redirect the website address from www to an address without www

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} www.DOMAIN [NC]
RewriteRule ^(.*)$ http://DOMAIN%{REQUEST_URI} [R=301,L]

Showing content from a subdirectory of the same domain

RewriteEngine On
RewriteRule ^$ /sub [L]

Header set Cache-Control

  • Set caching of image files aspublic and js andcss as private for 24h:
<filesMatch ".(jpg|jpeg|png|gif|ico)$">
  Header set Cache-Control "max-age=86400, public"
</filesMatch>
<FilesMatch "\.(css|js)$">
  Header set Cache-Control "max-age=86400, private"
</FilesMatch>
  • Disable cache for html files:
<filesmatch "\.(html|htm)$">
   Header set Cache-Control "max-age=0, private, must-revalidate"
</filesmatch>

ExpiresByType

  • Set the cache expiration time for image files to one year from access, one month from access for css, pdf,JavaScript and flash files and the default expiration time from access date plus 3 days:
ExpiresActive On

ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType text/css "access plus 1 month"

ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 3 days"
  • access can be used also instead:

now - the same as access modification - file modification time

Example:

ExpiresByType image/png "modification plus 1 year"

It will set the cache to expire for one year from the time of png file was modified.

These keywords can be used to modify the time:

  • years
  • months
  • weeks
  • days
  • hours
  • minutes
  • seconds

GZIP compression

GZIP compression can be set directly in the DevilWEB webpanel in WWW pages tab in Details of the domain and by the devil command from SSH. The example below does not show how to enable GZIP for a page.

To serve files that have previously been compressed by GZIP (they are already saved in the GZIP format in the directory tree), assuming that they have the html_gzip extension, put the following content in the .htaccess file:

AddType text/html .html_gzip
AddEncoding gzip .html_gzip

RewriteEngine on
RewriteRule ^(.*)\.html$ $1.html_gzip [QSA,L]

<FilesMatch "(\.html_gzip)$">
Header append Content-Encoding gzip
</FilesMatch>

External References