Role of the .htaccess file in Apache server configuration

18:27, 12 January | 5 minute read | Updated at 18:27, 12 January

Rianvy
Role of the .htaccess file in Apache server configuration

This post is also available in Русский

.htaccess allows you to create your own Apache server management configuration in directories or hosting settings.

Introduction to .htaccess

The .htaccess (Hypertext Access) file is an Apache web server configuration file that allows you to customize the server at the directory or hosting level. All rules written in .htaccess apply to the current directory and all its subdirectories (unless they have their own .htaccess).

Features of .htaccess:

  • Apache checks the file on every request to the site
  • Changes take effect on the next request to the server
  • Some directives (especially those related to PHP modules) may require a server restart.
  • Apache global settings may restrict available directives
  • Syntax errors result in error 500
  • Affects performance with large number of rules

Basic configuration

Enabling the Rewrite module

To work with URLs, you must activate the module:

RewriteEngine On

Access Control

Restrict access by IP

These rules are especially useful for:

  • Protecting the admin panel
  • Restrict access to the test version of the site
  • Blocking spam bots
  • Geo-restrict access to content

Single IP ban

Order Deny,Allow
Deny from 123.123.123.123

Practical application:

  • Blocking spammers or malicious users
  • Temporarily restricting access to problematic users
  • Protect against DDoS attacks from specific addresses

Usage example: You have an online store and you have noticed suspicious activity from a certain IP address - multiple attempts to find the password to the admin area. You can temporarily block this IP.

Allow access only to a specific IP

Order Deny,Allow
Deny from all
Allow from 123.123.123.123

Practical application:

  • Access to the staging-version of the site for developers only
  • Restrict access to admin panel by office IP
  • Protecting confidential sections of the site

Usage Example: You have a test version of your site that should be accessible only by company employees. You can allow access only from office IP addresses.

Encoding and language settings

Default encoding

AddDefaultCharset UTF-8

What it’s for:

  • Proper display of special characters
  • Support for multilingual content
  • Prevent coding problems in forms

Usage Example: You have a multilingual site with Russian and Chinese content. Setting UTF-8 will ensure that characters from both languages are displayed correctly.

Error handling

Custom error pages

ErrorDocument 404 /errors/404.html
ErrorDocument 403 /errors/403.html
ErrorDocument 401 /errors/401.html
ErrorDocument 500 /errors/500.html

Practical application:

  • Improving user experience
  • Retaining visitors when errors occur
  • Branding error pages
  • Providing useful information when failures occur

Usage Example: On a 404 page you can:

  • Show popular sections of the site
  • Add a search form
  • Suggest contacting support
  • Show a sitemap

Manage URLs and redirects

Redirect to .html

RewriteCond %{REQUEST_URI} (.*/[^/.]+)($|\?)
RewriteRule .* %1.html [R=301,L]
RewriteRule ^(.*)/$ /$1.html [R=301,L]

Practical application:

  • Creating clean URLs without extensions
  • SEO optimization
  • Simplifying site structure
  • Migration from old URL structure

Usage Example: Instead of URLs like:

  • site.ru/about.html
  • site.ru/contacts.html

Users will be able to use:

  • site.ru/about
  • site.ru/contacts

Managing slashes in URLs

Delete end slash

RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)/$ /$1 [R=301,L]

Why it’s needed:

  • URL uniformity
  • Prevent duplicate pages
  • SEO improvement
  • Clean link structure

Usage Example: All URLs of the form:

  • site.ru/blog/
  • site.ru/about/ Will be automatically converted to:
  • site.ru/blog
  • site.ru/about

Handling www and no www

Redirect from www to without www

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

Important for:

  • SEO optimization
  • Preventing duplicate pages
  • Link consistency
  • Proper functioning of cookies

Example of use: All URLs of the form:

  • www.site.ru/page
  • www.site.ru/blog/post Will be automatically converted to:
  • site.ru/page
  • site.ru/blog/post

Redirect without www to www

RewriteCond %{HTTP_HOST} ^site.ru$ [NC]
RewriteRule ^(.*)$ http://www.site.ru/$1 [R=301,L]

Security

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?site\.ru [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ /images/stop-hotlinking.jpg [NC,R,L]

Practical application:

  • Copyright protection
  • Saving traffic
  • Prevent image theft
  • Protection from parasitic use of resources

Application Example: If someone tries to embed your image on their website:

<img src=“http://your-site.ru/images/expensive-photo.jpg”>

A warning stub will be shown instead of your image.

Bruteforce protection

Comprehensive approach using mod_security or limiting the number of requests:

# Limit the number of requests
<IfModule mod_ratelimit.c>
    # Limit to 5 requests per second
    SetOutputFilter RATE_LIMIT
    SetEnv rate-limit 5
</IfModule>

# Blocking suspicious patterns
<IfModule mod_security2.c>
    SecRule REQUEST_URI "/administrator\.php" \
    "phase:1,deny,status:403,id:1000,msg:'Suspicious admin access attempt'"
</IfModule>

# Additional safety rules
SetEnvIfNoCase User-Agent "^libwww-perl*" block_bot
Deny from env=block_bot

Applies to:

  • Protect the admin panel
  • Prevent password mining
  • Blocking automated attacks
  • Protect authorization forms

Performance optimization

Static Content Caching

<IfModule mod_expires.c>
  ExpiresActive On
  
  # Images
  ExpiresByType image/jpg "access plus 1 month"
  ExpiresByType image/jpeg "access plus 1 month"
  ExpiresByType image/gif "access plus 1 month"
  ExpiresByType image/png "access plus 1 month"
  
  # CSS, JavaScript
  ExpiresByType text/css "access plus 1 week"
  ExpiresByType application/javascript "access plus 1 week"
  
  # Add versioning via GET parameter to update files
  # Example: style.css?v=1.2
  RewriteCond %{REQUEST_FILENAME} \.(css|js|jpg|jpeg|png|gif)$
  RewriteCond %{QUERY_STRING} !^v=
  RewriteRule ^(.*)$ $1?v=1.0 [L]
</IfModule>

Benefits:

  • Reduced server load
  • Faster page loading
  • Saving traffic
  • Improved user experience

Important Note: When updating files, you must:

  • Change the version in the GET parameter
  • Or use new file names
  • Or clear the client-side cache

GZIP compression

<IfModule mod_deflate.c>
    # Compress only text files
    AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css
    AddOutputFilterByType DEFLATE application/xml application/xhtml+xml
    AddOutputFilterByType DEFLATE application/javascript application/x-javascript
    
    # Do not compress already compressed formats
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|zip|rar)$ no-gzip dont-vary
</IfModule>

Efficiency:

  • Reduces HTML size by up to 70%
  • CSS compression up to 80%
  • Compress JavaScript up to 60%
  • Speed up site loading

Optimization for SPA

<IfModule mod_rewrite.c>
    RewriteEngine On
    # Specify the correct path if the application is in a subdirectory
    RewriteBase /path/to/app/
    RewriteRule ^index\.html$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l
    RewriteRule . /path/to/app/index.html [L]
</IfModule>

Note: If your application is in the root of the site, use RewriteBase /. For a subdirectory, specify the appropriate path.

Debugging and monitoring

Error Logging

php_flag log_errors on
php_value error_log /path/to/error.log

Customization for development

php_flag display_errors on
php_value error_reporting E_ALL

Recommendations for use

Best Practices

  • Create backups before making changes
  • Test in a secure environment
  • Document changes
  • Group related directives
  • Check logs regularly
  • Optimize the number of rules
  • Use up-to-date security methods
  • Monitor performance

Typical errors

  • Incorrect RewriteRule order
  • Lack of condition checking
  • Overuse of .htaccess
  • Lack of error handling
  • Insecure permissions settings

Conclusion

The .htaccess file is a powerful Apache customization tool that, when used correctly, can greatly improve the security and performance of your site. However, it is important to keep in mind the potential impact on performance and the need to thoroughly test all changes.

Useful Resources

© 2025 0x69.online

Powered by ❤️

A brief summary of my skills
  • C# and C++ - high-performance development ⚡
  • PHP (Laravel) and JavaScript - creating web applications and interactive services 🚀
  • MySQL and PostgreSQL - reliable relational databases 💾
  • Adaptive HTML, CSS and JS - modern design for any device 💡
About me

Hi! I’m Rianvy (this is my pseudonym), and my real name is Maxim Alexandrov. I’m 27 years old, I live in Tula. I’m a senier developer and designer 😎
In this blog I share notes about technology, life and everything that inspires me 🚀

If you have any questions or ideas, write in the comments or send an email to my inbox 📩
I’d be happy to chat and maybe work together 🤝

My Open Source projects 🌟
Title Description
Stalker2Control A versatile tool for S.T.A.L.K.E.R. 2, allowing you to control the game: item spawning, god mode activation, noclip, time acceleration, and more.
QuickInstallApp A handy and simple application for automating software installation on Windows.
AsyncPaymentsPHP A simple library for accepting payments in your projects.
Comments