.htaccess - General information
An .htaccess file is a configuration file for the Apache web server that is stored in a directory in order to change server-side settings specifically for this directory and its subdirectories. It is often used to set up URL rewrites (rewrite rules), access rights, password protection or redirects. This allows web developers to make simple configuration changes without direct access to the main server configuration. Nginx servers, on the other hand, do not use .htaccess files; these tasks are performed by the server configuration files (usually nginx.conf).
An .htaccess file is usually located in the start directory of a website (the directory that is entered as the target path in the domain settings, also known as DOCROOT).
The settings are effective in the current directory and all subdirectories. However, settings can be overwritten with an .htaccess file in a subdirectory.
The .htaccess file is evaluated each time the Apache web server is called and for each individual component of the website. If a page consists of 1 HTML file, 5 CSS files, 10 Javascript files and 40 images/icons, the .htaccess file is therefore run through 56 times when the website is called up.
Incidentally, the web server is very fussy about the correct spelling and syntax of the entries. The smallest error usually leads to a "Server Error 500". Therefore, after every change to the .htaccess file, you must check whether the website can still be accessed.
If you have any questions about configuring an .htaccess file, our hosting customers are welcome to contact our support team at hosting@jweiland.net. Our team will be happy to help you!
Redirects
The different types of forwarding
Depending on the application, redirects can be made with different status codes:
- 301 (Moved Permanently): This redirect signals that the address of the page is changing permanently. It is interpreted by search engines as meaning that an existing entry in the search index has been given a new address.
- 302 (Found): Temporary redirect. It should be used if the move or change is only temporary, e.g. during maintenance work or tests. Search engines retain the old URL in their index.
- 307 (Temporary Redirect): Works in a similar way to 302, but guarantees that the HTTP method (e.g. POST) remains unchanged. This is helpful for redirects that process form entries.
- 308 (Permanent Redirect): Similar to 301, but also retains the original HTTP method. This redirect is useful if the content moves permanently but specific methods must not be changed, e.g. for certain API calls.
The desired status code is specified at the end of the RewriteRule command in square brackets, e.g. [R=301,L]
Notes on the performance of redirects
The processing of an .htaccess file by the Apache web server is extremely fast and usually only takes a few microseconds per request. This makes .htaccess rules very efficient, especially for simple redirects.
Alternatively, the redirect module in the backend can also be used for redirects in TYPO3. However, this loads the entire TYPO3 framework, which can take several hundred milliseconds. This can lead to an increased server load, especially with a high number of accesses. It is therefore advisable to implement simple redirects preferably in the .htaccess file.
Meaning of the "L" parameter for RewriteRules
The parameter L stands for "Last Rule" and ensures that no further rewrite rules are processed after this rule has been executed. This prevents unwanted side effects from subsequent rules.
RewriteRule ^old-page$ /new-page [L,R=301]
Here an old page is forwarded to a new one. Processing of the .htaccess file is terminated after processing.
Example: Redirection from HTTP to HTTPS
If all pages of a domain are to be accessed exclusively via an encrypted SSL connection, this can be set up via an entry in the .htaccess file in the start directory of the domain:
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Explanation:
RewriteCond %{HTTPS} !=on: Checks whether the connection is not via HTTPS.RewriteRule ^ %{HTTP_HOST}%{REQUEST_URI} [L,R=301]: Redirects the request to the HTTPS version of the current domain and URL.
Example: Always remove "www" before the domain
RewriteCond %{HTTP_HOST} ^www\.(.*)$
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]Explanation:
RewriteCond %{HTTP_HOST}^www\.(.*)$: Checks whether the domain begins with "www.".RewriteRule ^ %1%{REQUEST_URI} [L,R=301]: Removes "www." and redirects to the version without "www.".
Example: Always add "www" before the domain
With the following entry, all calls for a domain without www are forwarded to the variant with www:
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Explanation:
RewriteCond %{HTTP_HOST} !^www\.: Checks that the domain does not begin with "www.".RewriteRule ^ www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]: Redirects the request to the version with "www." in front of the domain.
Special feature: Anchor on one side
Anchors" can be set as jump markers on a website. When called up, the browser does not jump to the beginning of the page but directly to the anchor point. The anchor is identified by a hash character # in the URL followed by the name of the jump label. Example of an address with an anchor:
domain.tld/current.html#article25If direct reference is to be made to a jump label via .htaccess redirection, the additional parameter NE (No Encoding) must be specified in square brackets:
RewriteRule ^news\.html$ /current.html#article25 [R=301,L,NE]Example: Forward old domain to new domain
If you want to redirect to a new domain, the entry in the .htaccess file is as follows:
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com$
RewriteRule ^ https://domain.de%{REQUEST_URI} [L,R=301]Explanation:
RewriteCond %{HTTP_HOST}^(www\.)?domain\.com$: Checks whether the request is intended for "domain.com" or "www.domain.com".RewriteRule ^ domain.de%{REQUEST_URI} [L,R=301]: Redirects the request to "domain.com", keeping the path and parameters.
Remove parameters from the URL
Sometimes you want to remove a parameter from a URL, e.g. if there is only the default language of an originally multilingual page. If Google then calls up a page such as jweiland.net/index.php?id=289&L=1, you can redirect the URL to jweiland.net/index.php?id=289. This can be achieved with the following entry in the .htaccess file:
RewriteCond %{QUERY_STRING} ^(.+?&|)L=[^&]*(?:&(.*)|)$ [NC]
RewriteRule ^ %{REQUEST_URI}?%1%2 [R=301,L]The parameter to be removed (here L=) must be adapted in the first line.
Redirection with ? in the URL
http://www.domainname.de/index.php?id=7should be according to
http://www.domainname.de/impressum.htmlshould be redirected. The problem is the ? in the old URL. This must be queried via QUERY_STRING in the condition.
Solution:
RewriteCond %{QUERY_STRING} ^id=7$
RewriteRule ^.*$ https://name-der-domain.de/impressum.html? [R=301,L]The browser cache is also important. This should definitely be emptied, because if a call is still in the cache, you may still end up on the wrong page.
This prevents old URLs that no longer exist due to a move or reprogramming from leading to a poorer ranking in the search engines.
Best performance and perfect service for hosting your website. All web hosting plans with 100% SSD. Server location Germany.
Find out more about our offers here.
Free removal service
If you are currently with another hosting provider, we offer you a free migration service to one of our hosting plans. free of charge. This will allow you to take advantage of our expert support and benefit from our comprehensive services in the future.
Directory Listing
If a directory listing is to be realized via a protected subpage (e.g. fileadmin/downloads) of the website, the .htaccess should be set as follows:
AuthType Basic
AuthName "system - "
Options +Indexes
IndexOptions +FancyIndexing
AuthUserFile /*your_serverpath/projectpath/filadmin/downloads/.htpasswd
AuthGroupFile /dev/null
require valid-userYou can find *your_server_path in your customer menu under Technical Info or by entering the command $PWD in the shell.
The user with encrypted password must be present in the .htpasswd in this case.
The subpage with the directory listing must be excluded from the TYPO3 index.php and can be reached via the .htaccess in the project directory with the following information after the
RewriteEngine On:
RewriteRule ^fileadmin/downloads/$ - [L]
RewriteRule ^fileadmin/downloads/.*$ - [L]Block certain IP addresses
Sometimes it is necessary, e.g. in the event of an attempted attack on the website, to block certain IP addresses from accessing the website. The following entry in the .htaccess file (before the entry 'RewriteEngine On') in the start directory of the page can be used to block unwanted visitors:
order allow,deny
deny from 192.168.2.17
deny from 10.10.20.63
allow from allIf there are several IP addresses, each is entered in a separate line. The setting is also valid for all subdirectories. If someone tries to access the page with a blocked address, they will receive a 403 error code (access denied).
Allow HTML5 videos
If there are problems playing videos embedded via HTML5 in individual browsers, the following lines in the .htaccess file in the project directory may help:
AddType video/ogg .ogm
AddType video/ogg .ogv
AddType video/ogg .ogg
AddType video/webm .webm
AddType audio/webm .weba
AddType video/mp4 .mp4
AddType video/x-m4v .m4vPassword protected area
If you want to create an area that is not accessible to the public, for example for a test installation (test.meinedomain.de) of your own website or an employee download area with the pictures of the Christmas party (test.meinedomain.de/downloads/weihnachtsfeier2015/), not much is needed.
Once the directory protection has been set up, the protected area can only be accessed from outside with a user name and password.
Create .htaccess and .htpasswd files
To create the files, connect to the web space via SSH.
Then use cd or mc to change to the directory to be protected (e.g.: cd typo3cms/projekt1/).
Please note that a .htaccess file may already exist in the directory! With the Unix command
ls -lah .ht*this can be checked. If a .htaccess file already exists there, the adjustments must be added to it. The additional lines of code must be made at the beginning of the file or before any existing rewrite rules, otherwise the settings will not work correctly!
Content of the .htaccess
AuthType Basic
AuthName "Please log in"
AuthUserFile /complete/server/path/to/the/directory/.htpasswd
require valid-userImportant: The shell command pwd can be used to display the complete server path, as the .htpasswd can only be found in this way. In the code above, replace /complete/server/path/to/the/directory/ with the output of the pwd command.
There are several ways to create the .htpasswd file, for example online generators, but we consider these to be critical. You are forced to enter your user name and password in an external form and do not know what is actually happening with your data.
For this reason, we recommend the following procedure:
You can do this easily with the Unix command htpasswd. An example call would then look like this:
htpasswd -cm ./.htpasswd usernameYou will then be asked to enter a password, including a repetition. If further users are then added, the -c option (create new file) must not be set under any circumstances, otherwise the file will be overwritten without prompting. The -m means that the password is written to the file encrypted with MD5.
htpasswd -m ./.htpasswd additionalusernameTo test whether everything was successful, simply call up the protected URL in the browser. If a dialog box for logging in is displayed there and the login works, the protection has already been set up. If a "Server Error 500" is displayed, this is most likely due to a syntax error in the .htaccess or .htpasswd.