What is the htaccess file

by Posted on

If you are a web developer you must be looking for a solution to convert your URLs to be more comprehensive and SEO friendly rather than having URLs ending with .php, .asp, .jsp, or other such extensions. Before understanding how htaccess can help you we have to understand the URLs structure first.

Old URL

What if I say, the above URL can be rewritten like below?

New URL

A modified URL is possible because of .htaccess file. Let’s understand it in detail.

.htaccess

.htaccess(Hypertext Access) is a configuration file used to write rules/commands for configuration which can modify any URL request on the fly, coming on the Server from the browsers, before passing it to the application code. htaccess can be configured when the server is running on the Apache webserver software, basically, Apache delivers it as a tool to modify your URLs on the go.

mod_rewrite is the Apache module, which allows you to pass commands to server configuration. mod_rewrite must be enabled to write any rules to htaccess file. In most of the current web-hosting providers, this field is by default enabled.

If you are working in PHP, you can simply check this on a webpage using phpinfo() function. just create a PHP page on the server and add “<?php phpinfo(); ?>” code you must be seeing a result like below.

If mod_rewrite is not enabled, you can simply change the httpd.conf file of Apache web server, open it and search for below line and uncomment it (just remove the “#” symbol) and it’s done. this line will load the mod_rewrite module on Apache.

LoadModule rewrite_module modules/mod\_rewrite.so

Where you keep .htaccess file

Generally, .htaccess file should be copy-pasted in /public_html folder of your website directory. however, you can have different versions of .htaccess in separated directories to maintain directory level access restrictions.

What goes inside the .htaccess file

  1. Allow/Deny Directory Indexing
  2. Allow/Deny File indexing
  3. Redirect URLs
  4. If conditions based on URL passed
  5. Convert Directory based URLs to parameterized URLs(like OLD URL in image above)
  6. Defining error page URLs or path for errors like 404, 503 etc.
  7. To create rest APIs.

Above points 1 to 7 are some of the things that can be done using htaccess files, lets’s see first how htaccess code works.

RewriteCond & RewriteRule

There are two main directives of the mod_rewrite module, RewriteCond, and RewriteRule. RewriteCond is short for Rewrite condition, which works as the if-else condition in htaccess and RewriteRule is used to define the formula according to which a URL must be modified. suppose you have defined 2 RewriteCond in htaccess, it will check both and then only will allow running RewriteRule command. more than one condition can be evaluated using OR, AND Flags.

RewriteCond Con1 [OR]

RewriteCond Con2

RewriteRule Rule1

This code will run from top to bottom, if any of the conditions are true, it will allow the RewriteRule command to execute.

Variables

There are certain standard variables that have data coming from the browser and can be used by the Server to check the legitimacy of the request.

Variable nameValue the variable holds
%(THE_REQUEST}Complete URL browser is requesting for
%{HTTP_REFERER}If the request is coming from another domain, like facbook.com is redirecting you to youtube.com then the value will be “facebook.com”
%{SCRIPT_FILENAME}Files/Directory listing in any directory
%{HTTP_HOST}host URL
%{QUERY_STRING}The parameterized query part of a URL is just after the “?” symbol.
%{REQUEST_URI}The path component of a URL, like in our example “order/joe/12356” is our path component of the main URL

Flags

There are certain flags you can pass in “[flag_value]” after RewriteRule and RewriteCond.

FLAGMeaning
LThis indicates, there are no more rules to be followed.
RRedirect current URL to another URL
NRe-start RewriteRule if not condition satisfied, kinda loop.
NCThe comparison is case insensitive

We have understood the main ingredients of the htaccess file, let’s understand now, how these all are going to work together.

Before writing any RewriteRule and RewriteCond directives, we have to write RewriteEngine On command, then other statements will follow the execution.

Basic Syntax

.htaccess follows syntax to write any RewriteRule or RewriteCond statement.

As you can see statements are read from left to write and flags are optional. what RegX here is, a big deal, you have to understand the basics of Regular expressions before messing up with your htaccess file.

In simple words, Regular expressions are text/string patterns against which Server will qualify your values passed for eg. ^([a-zA-z0-9_]+ indicates a string/text which has only letters from a to z, a number from 0-9 and an underscore character “_” in it. “^” indicates the start of the text and “+” after [ ] is indicating the 1 or more time occurrence of any of the defined tokens (letter/number/syntax).

We will talk about RegX in some other blog, let’s focus on how htaccess uses them.

RewriteRule example-

RewriteRule page1 http://example.com/go/123 [L,R]

Understand here any request to http://example.com/page1 will be redirected to http://example.com/go/123 page. here passing L flag, to check no further rule, and R for redirect, the order doesn’t matter, it can be [R,L].

RewriteCond example-

RewriteCond %{HTTP_HOST} !^www\. [NC]

RewriteCond syntax will be like – > RewriteCond TestPattern ConditionPattern [Flags]. the above example will check for domains that do not start with www. “!” here is making the string false positive like we have != in if condition statements.

Changing Parameterized query URLs to path URLs.

RewriteEngine On
RewriteCond %{THE_REQUEST} \s(.+?)/+[?\s]
RewriteRule ^(.+?)/$ http://yourwebsite.com/$1 [R=301,L]
RewriteRule ^(order/+)([a-zA-Z]+)/([a-zA-Z]+)/?$ ./order.php?user=$1&order_id=$2 [NC]

In the above 4 lines of code, line 1 is the mandatory one, cause we are going to write RewriteRule, line 2 is checking of whitespaces and alphabetic characters, line 3 is checking the URL asked and passing all the requests to yourwebsite.com, line 4 where the main thing happening, here htaccess is checking the Request URL pattern and matching it with the asked one. one thing to understand ( [a-zA-Z]+ ) works as a parameter and can be identified using $1, $2 from left to right to pass it to the parameterized version of URL. below is the Requested URL from the browser and how the Server is interpreting it after htaccess code execution.

  • Requested Url: www.yourwebsite.com/order/joe/12356
  • Passed Url: www.yourwebsite.com/order.php?order_id=12356&user=joe

Default Error Pages

If any of the RewriteCond fails then we must have some error pages on our website. there comes the ErrorDocument directive of htaccess. whenever any of the RewriteCond is not satisfied on htaccess file, it will redirect the requests to a defined error document URL. those redirects can also work for errors like 503 when the machine is not available.

Example – 

ErrorDocument 404 http://yourwebsite.com/error

How to save .htaccess file ?

Just write any of the code examples explained above in a simple text file, and then save it as “.htacess” in your desired directory. you don’t have to give any extension like .txt etc. to this file and any name, just write “.htaccess”. and you are done.

Bonus Examples-

Disable Directory/Files explorer in the browser- Using this user can not use the browser as a directory explorer on your website for example image directory.

RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d

Change the default start page – you can set multiple default startup pages of the website goes from left to right based on availability.

DirectoryIndex home.html page.html backup.html

Deny/Allow users by IP address- you can deny or allow traffic on your website based on the machine’s ip address like below.

order allow,deny
deny from 140.0.2.0
deny from 140.45.9.1
allow from all

Below links can be useful to digg down this topic.

Learn Regular Expression – https://regexone.com/

Regular expressions validation – https://regexr.com/

htaccess documentation – https://httpd.apache.org/docs/2.4/howto/htaccess.html

htaccess Tester – https://htaccess.madewithlove.com/

Happy Reading, Keep Sharing!

Leave a Reply

Your email address will not be published.