The original purpose of .htaccess (hypertext access) was to allow per-directory access control (e.g. requiring a password to access the content), hence the name. Nowadays .htaccess can override many other configuration settings, mostly related to content control, e.g. content type and character set, CGI handlers, etc.
Directives in the .htaccess file apply to the current directory, and to all sub-directories (unless explicitly disabled in the server configuration), but for reasons of performance and security, cannot affect their parent directories.
The file name begins with a dot because dot-files are by convention hidden files on Unix-like operating systems.
The .htaccess file is placed inside the web tree, and is able to override a subset of the server’s global configuration; the extent of this subset is defined by the web server administrator.
Authorization, authentication
.htaccess files are often used to specify the security restrictions for the particular directory, hence the filename “access”. The .htaccess file is often accompanied by a .htpasswd file which stores valid usernames and their passwords.
Rewriting URLs
Servers often use .htaccess to rewrite long, overly comprehensive URLs to shorter and more memorable ones.
Blocking
Use allow/deny to block users by IP address or domain. Also, use to block bad bots, rippers and referrers.
SSI
Enable server-side includes.
Directory listing
Control how the server will react when no specific web page is specified.
Customized error responses
Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found.
MIME types
Instruct the server how to treat different varying file types.
Cache Control
.htaccess files allow a server to control caching by web browsers and proxies to reduce bandwidth usage, server load, and perceived lag.
When .htaccess files should be used
- .htaccess files are read on every request, therefore changes made in these files take immediate effect as opposed to the main configuration file which requires the server to be restarted for the new settings to take effect.
- For servers with multiple users, as is common in shared web hosting plans, it is often desirable to allow individual users the ability to alter their site configuration. In general, .htaccess files should be used by users who do not have access to the main server configuration files.
When .htaccess files should not be used
Controlling Apache using the main server configuration file httpd.conf[5] is preferred for security and performance reasons:
- Performance loss – For each HTTP request, there are additional file-system accesses for parent directories when using .htaccess, to check for possibly existing .htaccess files in those parent directories which are allowed to hold .htaccess files.
- Security – Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.
So here is how you you create or edit an .htaccess file using cPanel:
- Go to your main cPanel account, then click on the “file manager” icon (found under “Files” section)
- When prompted, check off “SHOW HIDDEN FILES” box
- From the file manager, click on the .htaccess icon to highlight, then click on the “edit” link found at the top
I strongly suggest making a backup copy of the .htaccess file PRIOR to making changes as it can have serious repercussions if not properly.