htaccess file - what you should know

The .htaccess file (hypertext access) in short is a plain text file that is read by our server Apache to apply configurations to the root directory and its subdirectories.

According to the documentation of the Apache project, the use of this type of file should be avoided if we have access to the main configuration file httpd, due to possible delays presented in the server with the use of this configuration.

Among the configurations that we can have with this file are several modules that change the behavior of the folders; The documentation in Spanish for the configuration and modules can be found at:
https://httpd.apache.org/docs/2.4/en/howto/htaccess.html

Initial Configuration

By default when you buy a hosting with us, the .htaccess file is inside the “public_html” folder.

# php -- BEGIN cPanel-generated handler, do not edit # Set the “ea-php72” package as the default “PHP” programming language.    AddHandler application/x-httpd-ea-php72 .php .php7 .phtml </IfModule> # php -- END cPanel-generated handler, do not edit

You should consider changing the configuration according to your needs (adding directives); These directives apply to the directory where the file is and its nested folders, so it is not necessary to have this type of file in all the folders, unless a subdirectory requires some particular configuration.

For performance, you should only have absolutely necessary directives; This is because every time the page is loaded, a call to this configuration is required, so too many directives can cause delays in page loading.

Security Settings

By default access to this file must be blocked for external users, this is important due to possible attack attempts (search for vulnerabilities) by observing the configured directives.

In the event that the file can be observed, we must add the following directive (directive to block access to the .htaccess file):

<Files .htaccess> Order allow,deny Deny from all </Files>

Block File Reading

Currently there are bots running 24/7 indexing the information present on the servers, so it is important not to allow access to files that we do not want to become public, this can be easily seen with search engines such as Google for example with the following search:

To block access to files that we do not want (according to their extension) to be public, we must add the following directive:

<FilesMatch "\.(htaccess|htpasswd|ini|phps|xlsx|pdf|txt)$">  Order Allow,Deny  Deny from all </FilesMatch>

Keep in mind to configure the extensions as needed.

Block access to our page by IP

Although Internet pages are considered global access, it is often recommended for traffic management or security reasons, to limit access to the region in which we focus our sale of goods or services; We can achieve this by filtering (allowing or denying) according to IP.

By default IP addresses depending on the country can vary from time to time, we can both deny and allow access with the following directive:

Order Deny, Allow Deny from ip_denied Allow from ip_permitted

A list of IP addresses by country or region can be obtained from pages such as countryipblocks.

In red some of the IP addresses that we should allow for Latin America are highlighted, keep in mind that these addresses change from time to time, and that there are different ways to put these restrictions.

Page Error 404

One of the most used directives is to configure the page that will be loaded when an error occurs on our server; frequently and due to the dynamism of the Web, many times we forget to correctly update the links as we change access to other pages within our portal.

This is known as the 404 error, which occurs when the user requests a page that is not found on the server, either by our error or by the client.

This directive is configured as follows:

ErrorDocument 404 "/error/error404.php"

Where the text between quotes must be replaced by the page that Apache must load in case you want to access a non-existent page.

Redirect Home Page

Among the options we can also configure the redirection to a different home page; For example, we can use this temporarily to direct you to a promotional page or something that we want to report.

DirectoryIndex index.html contact us.html public.html

With this configuration the server loads the file it finds, according to the order we specify.

Comment in .htaccess files

As a matter of order, and if we have to modify in the future the configuration established in the hypertext file, we must internally document the directives that we have applied and their reason for being.

For this we use the '#' characters at the beginning of each line that contains text that will only be interpreted by us and will not be taken into account by the Apache server.

#The error handling directive starts here. #Photo file path.

In the given example, both lines will not be executed by the server, but they will provide documentation of the operation of the directive or of the text that we write in order to remember the operation of our code.

CONCLUSION

The .htaccess file allows you to establish configurations that will be decisive in the behavior of the server for the interpretation of our Web page; It is an essential file and in which we must always work with the greatest possible care, because it can optimize how to slow down our page due to a good or bad configuration.

Before modifying this file it is recommended to make a backup, and read the documentation in order to minimize errors; a page where you can find a summary of several of its directives is:

http:/ /www.htaccess-guide.com/