How to Enable & Set Up .htaccess File on Apache

April 9, 2019

What is an htaccess File?

The .htaccess file in Apache is a tool that allows configurations at the directory and subdirectory level. Using .htaccess enables you to configure website permissions without altering server configuration files.

This tutorial will show you how to set up and enable htaccess on Apache. Also, it instructs on how to restrict access to specific localizations on the server, manage IP addresses, and redirect traffic.

How to Enable and Set Up .htaccess File on Apache Guide

Note: If you do not have Apache on your system, you can find a step-by-step instruction guide on installing Apache on Ubuntu.

Prerequisites

  • A working Apache web server
  • Access to a terminal window/command line
  • Access to a user account with sudo privileges
  • A text editor, such as Nano, included by default

Step 1: Enable Apache .htaccess

By default, the .htaccess file is not enabled.

1. Open the default host configuration file by entering the following command in the terminal:

sudo nano /etc/apache2/sites-available/default

2. Locate the section labeled <Directory /var/www>.
In that section, change the AllowOverride None entry to all:

AllowOverride All

htaccess AllowOverride All command

Save the file and exit.

3. Next, restart the Apache service:

sudo systemctl apache2 restart

Step 2: Create .htaccess File

Like most Linux software packages, Apache functions on configuration files. The .htaccess file is one of these. It works by specifying a setting along with a value.

To create and open the .htaccess file for editing, enter:

sudo nano /var/www/my_website.com/.htaccess

Replace my_website with the name of your actual website. If this file doesn’t exist, your text editor will create it.

Step 3: Restrict Directory Listings

There may be locations on your server that you want to restrict access to. You can do this by creating a list of usernames and passwords that are authorized to have access.

1. Start by creating a new file, .htpasswd in a different directory:

sudo nano /user/safe_location/.htpasswd

Enter a username and password for each user that you want to create. Make sure to use strong passwords, and enter only one username/password pair per line.

Save the file and exit.

2. Next edit .htaccess to enable authentication:

AuthUserFile /user/safe_location/.htpasswd

AuthGroupFile /dev/null

AuthName "Please Enter Password"

AuthType Basic

Require valid-user
restrict directory listing in apache wit htaccess

Replace /user/safe_location/htpasswd with the location of your choice. Don't store it in the same directory as your web content, for security reasons.

AuthUserFile - This sets the location for your .htpasswd file.

AuthGroupFile - We're not using a group, so this is a placeholder.

AuthName - This is the prompt to the user – you may rephrase if you'd like.

AuthType - Type of authentication used – don't change this.

Require valid-user – Allows any one of several authorized people to log on. You could change this to Require user new_user to restrict access only to someone with the username new_user.

Manage IP Addresses

There are many ways you can manage IP addresses:

  1. Allow only specific IPs.
  2. Block specific IP addresses.
  3. Block visitors by the referrer.

Allow IP Addresses

To allow IP addresses, you can switch the behavior to allow a few designated IP addresses, and block the rest.

Enter the commands:

order deny, allow 

allow from 192.168.0.54

allow from 192.168.0 
allow ip addresses example

Block IP Addresses

To block IP addresses in htaccess, enter: order allow, deny

To block a single IP address, enter this code next: deny from 192.168.0.54

If you leave off the final digit, it will block all IP addresses in the 0 - 255 range:

For Example: deny from 192.168.0

blocking all ip addresses with htaccess

Note: You can save your .htaccess file after each operation listed below. If you’re done making changes, just reload your Apache service before testing. Also, when editing the file, it's helpful to make comments. Use the # sign to mark a line as a comment, which will let you make notes that the system won’t read as commands.

Block Visitors by Referrer

You may want to prevent people from being redirected from a specific site to your server. This might be helpful if you want to isolate traffic patterns. You might also use it if you were getting excess server traffic from a questionable source.

Open the .htaccess file and add the following block:

RewriteEngine on

# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} blockeddomain\.com [NC]

RewriteRule .* - [F]

The NC option instructs to ignore the upper or lower case so that the rule can't be bypassed by entering BlockedDomain.com.

If you want to add more domains, note the following:

RewriteEngine on

# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} blockeddomain\.com [NC,OR]

RewriteCond %{HTTP_REFERER} blockeddomain2\.com

RewriteRule .* - [F]

The OR flag tells the system that you’re not done adding blocked referrers yet. Omit this option on the last entry.

Redirect Traffic

You can use the .htaccess file to redirect traffic.

Open the file and enter the following:

Redirect301/Other_Website.com/index.html/My_Website.com/index.html

This command takes any traffic that’s searching for Other_Website.com and redirects it to My_Website.com.

Set a 404 Page

You can use the .htaccess file to point basic functions to a new location. One example is the 404 page.

1. Open the .htaccess file and enter:

ErrorDocument 404 /404.html

This line tells the system to look at the website’s content directory for a /404.html file as the error page.

2. Create the 404 page using this command:

sudo nano cd /var/www/My_Website.com/public.html/404.html

This should open the 404.html file in your text editor.

3. Next, add the following code:

<!doctype html>

<html>

 <body>

   404 Error: Page not found

 </body&gt;

</html>
404 page not found coding setup

This page can now be customized to display any kind of error message you want. You can also customize any other error pages you’d like. Just specify the ErrorDocument number, for example, Error 500 than point .htaccess to the new error.html file that you create.

Conclusion

Enabling .htaccess can be an incredibly valuable tool for managing your Apache web server.

This guide provides basic commands and settings, with some of the most likely scenarios you might encounter.

Was this article helpful?
YesNo
Goran Jevtic
Goran combines his leadership skills and passion for research, writing, and technology as a Technical Writing Team Lead at phoenixNAP. Working with multiple departments and on various projects, he has developed an extraordinary understanding of cloud and virtualization technology trends and best practices.
Next you should read
How to Install Apache on CentOS 8
February 6, 2020

The Apache web server is widely used, especially as part of the LAMP stack software package. Learn how to ...
Read more
How To Install SSL Certificate on Apache for CentOS 7
September 15, 2019

Learn how to obtain and install SSL Certificates on Apache CentOS 7. The article explains how to use an ...
Read more
How to Create & Edit the Default WordPress .htaccess File
March 20, 2024

The .htaccess file in WordPress is a configuration file for managing hyperlinks. It is most commonly used to ...
Read more
How to Install Apache on Ubuntu 18.04
April 9, 2019

This guide will help you install the Apache web server on an Ubuntu Linux 18.04 operating system.
Read more