Creating and configuring .htaccess

General information

.htaccess - Apache configuration file. It can be used to set web server settings for specific directories.

The settings specified in .htaccess apply only to the directory where this file is located. This does not affect the main Apache configuration file. htaccess files can also be created for different subdirectories. htaccess file located in a subdirectory takes precedence over a file located in a directory.

In this article you can find out typical redirects.

Site Access Control

The Order Allow, Deny, or Require directives are used to control access. Require is recommended for Apache 2.4 and later.

Deny directives do not work for IPv6 (you need to remove the AAAA domain record).

To allow access to certain IPs (others are denied):

Require ip

Require ip

IP addresses can be specified separated by a space on one line, or you can write another directive

To deny access to certain IPs (others are allowed).


Require all granted

Require not ip


Deny directives are inside <RequireAll> blocks.

Protecting a site or directory with a password. Basic Authentication

.htaccess file can also set up Basic Authentication to secure a site or directory.

1. Set your login and password to login. Connect to the server via SSH and run:

htpasswd -bc ~/.htpasswd login password

As a result, an .htpasswd file will be created in the root directory. .htpasswd file contains the login and password hash. You can use this command again to change the password.

2. Go to the directory for which password access will be set. Create a .htaccess file here and add to it: 

AuthType Basic

AuthName "Authentication Required"

AuthUserFile /home/u/user/.htpasswd

require valid-user

u - the first letter of your login

user - login

To protect the entire site, paste this content into the main .htaccess file in the site's public_html directory.

Blocking requests by User-Agent

Also, to reduce the load on the site, you can restrict access by User-Agent. For example, for bots MJ12bot and SolomonoBot enter:

RewriteCond %{HTTP_USER_AGENT} (SolomonoBot|MJ12Bot)

RewriteRule ^.*$ - [R=404,L]

Restrictions on the types of requests

<Limit> blocks are used to restrict certain types of requests:

SetEnvIfNoCase User-Agent SolomonoBot bad_bot

SetEnvIfNoCase User-Agent MJ12Bot bad_bot



    Require all granted

    Require not env bad_bot



Default index page

The DirectoryIndex directive sets the page that is displayed by default when accessing the directory:

DirectoryIndex new_index.html

If you specify multiple pages, the first available page is displayed (from left to right):

 DirectoryIndex new_index.html index.html index.php

Custom error pages

ErrorDocument specifies the pages that are displayed to the user on certain errors (403, 404, 500, etc.).

Specify the error number and page address:

ErrorDocument 500


Using AddDefaultCharset, you can set the default encoding for all pages. For example, for utf-8 encoding:

 AddDefaultCharset utf-8

Displaying listing (directory contents)

If the index file of the requested directory is unavailable, a 403 Forbidden error will be displayed. To display the contents of the directory, add to .htaccess:

Options +Indexes

If you have any questions, please create a ticket to technical support.