General information
.htaccess - Apache configuration file. It can be used to set web server settings for specific directories.
The settings specified in .htaccess apply only to the directory where this file is located. This does not affect the main Apache configuration file. htaccess files can also be created for different subdirectories. htaccess file located in a subdirectory takes precedence over a file located in a directory.
In this article you can find out typical redirects.
Site Access Control
The Order Allow, Deny, or Require directives are used to control access. Require is recommended for Apache 2.4 and later.
Deny directives do not work for IPv6 (you need to remove the AAAA domain record).
To allow access to certain IPs (others are denied):
Require ip 1.1.1.1
Require ip 2.2.2.2
IP addresses can be specified separated by a space on one line, or you can write another directive
To deny access to certain IPs (others are allowed).
<RequireAll>
Require all granted
Require not ip 1.1.1.1
</RequireAll>
Deny directives are inside <RequireAll> blocks.
Protecting a site or directory with a password. Basic Authentication
.htaccess file can also set up Basic Authentication to secure a site or directory.
1. Set your login and password to login. Connect to the server via SSH and run:
htpasswd -bc ~/.htpasswd login password
As a result, an .htpasswd file will be created in the root directory. .htpasswd file contains the login and password hash. You can use this command again to change the password.
2. Go to the directory for which password access will be set. Create a .htaccess file here and add to it:
AuthType Basic
AuthName "Authentication Required"
AuthUserFile /home/u/user/.htpasswd
require valid-user
u - the first letter of your login
user - login
To protect the entire site, paste this content into the main .htaccess file in the site's public_html directory.
Blocking requests by User-Agent
Also, to reduce the load on the site, you can restrict access by User-Agent. For example, for bots MJ12bot and SolomonoBot enter:
RewriteCond %{HTTP_USER_AGENT} (SolomonoBot|MJ12Bot)
RewriteRule ^.*$ - [R=404,L]
Restrictions on the types of requests
<Limit> blocks are used to restrict certain types of requests:
SetEnvIfNoCase User-Agent SolomonoBot bad_bot
SetEnvIfNoCase User-Agent MJ12Bot bad_bot
<Limit GET POST HEAD>
<RequireAll>
Require all granted
Require not env bad_bot
</RequireAll>
</Limit>
Default index page
The DirectoryIndex directive sets the page that is displayed by default when accessing the directory:
DirectoryIndex new_index.html
If you specify multiple pages, the first available page is displayed (from left to right):
DirectoryIndex new_index.html index.html index.php
Custom error pages
ErrorDocument specifies the pages that are displayed to the user on certain errors (403, 404, 500, etc.).
Specify the error number and page address:
ErrorDocument 500 http://domain1.com/errors/page500.html
Encoding
Using AddDefaultCharset, you can set the default encoding for all pages. For example, for utf-8 encoding:
AddDefaultCharset utf-8
Displaying listing (directory contents)
If the index file of the requested directory is unavailable, a 403 Forbidden error will be displayed. To display the contents of the directory, add to .htaccess:
Options +Indexes
If you have any questions, please create a ticket to technical support.