What Can I Do With an .htaccess File?

Everything you need to know about .htaccess File. Learn how to connect, access, Block, rewrite, redirect, and customize htaccess file.

Cloudways Product avatar
Written by Cloudways Product
Updated over a week ago

Table of Contents

You can easily control various server and application settings using the Cloudways Platform. We are continuously adding new settings there and you can leave suggestions on our feedback page, so we can look into them.

However, there are additional settings or other tasks that you want to accomplish that are currently not supported via our Platform. This is where the .htaccess file comes into place and will allow you to further customize your Cloudways experience.

Connect to your Application via SSH

The best way to create/edit a .htaccess file for your application is via an SSH session. Open a session to your application with your credentials access your .htaccess file. Here are some of the articles to help you get started:

.htaccess Access/Security Tips

Here we are going to list a number of actions you can achieve via the .htaccess file to control access/protect your site. You may want to do this during development and before your site is publicly available or if your application is intended for a limited audience so will need to keep tight control on access:

1) Password Protect Your Application

a) Find the path of the public_html folder of your application by running pwd from the shell.

[wjdjmhbxbg]:public_html$ pwd
/home/08518-6164.cloudwaysapps.com/wjdjmhbxbg/public_html
[wjdjmhbxbg]:public_html$

b) Add in the .htaccess file following code (update AuthUserFile to your path above):

AuthName "Add your login message here."
AuthType Basic
AuthUserFile /home/08518-6164.cloudwaysapps.com/wjdjmhbxbg/public_html/.htpasswd
require user name-of-user

c) Create the password file .htpasswd and add a user using the following code (make sure you are in the public_html folder of the application you want to password protect):

[wjdjmhbxbg]:public_html$ htpasswd -c .htpasswd name-of-user
New password:
Re-type new password:
Adding password for user name-of-user
[wjdjmhbxbg]:public_html$

From now on, you will have to provide the user and password you have set above to access your site. Revert the changes to open access again.

2) Block Access to Certain IP(s)

You may want to do this i.e. if you got attacked from a specific IP, you will need to add the following code in the .htaccess file of the desired application (changes the IPs for your target ones):

<Limit GET POST>
order allow,deny
deny from 46.228.47.114
deny from 46.225.88.5
allow from all
</Limit>

3) Block All IP(s) With Few Exceptions

You could do this again during development. Again, replace IP(s) with your desired ones:

<Limit GET POST>
order deny,allow
deny from all
# Just Allow a Single IP
allow from 84.89.61.164
</Limit>

4) Block Access to Specific Bots

Sometimes, malicious actors use bots to overwhelm your website and launch attacks such as Dictionary attacks, Web Scraping, XMLRPC attacks, and Brute Force attacks. Therefore, it is best to block those specific bots using the following code snippet.

Make sure to replace s2bot with the correct name of the bot you are trying to block.

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} s2bot [NC]
RewriteRule .* - [F,L]

5) Block Access to Multiple Bots

Similarly, you can also block access to multiple bots at once.

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(Go!Zilla|GrabNet|s2bot).*$ [NC]
RewriteRule .* - [F,L]

.htaccess Rewriting/Redirection Tips

There are different types of URL rewrite/redirection we can achieve via the .htaccess file. Here we are describing some of the essentials. Just add the listed code to the .htaccess of your target application (update the URL to match your application one):

1. 301 (Permanent) Redirect

Redirect 301 / http://example.com/

2. 302 (Temporary) Redirect

Redirect 302 / http://example.com/

3. Force the URL to www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]


4. Force the URL to non-www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

5. Force HTTPS

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

6. Force HTTP

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} ^https$
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI}</IfModule>

7. Redirection of Domain to a Subdirectory

RewriteCond %{HTTP_HOST} ^example.com$
RewriteCond %{REQUEST_URI} !^/sub-directory name/
RewriteRule (.*) /subdir/$1

.htaccess PHP Settings and Other Items

You can control many PHP settings via entries in the .htaccess file, some examples are below. We have also added some other miscellaneous items to this list.

Important

For new servers (deployed from August 23, 2016) on Cloudways Flexible, use PHP settings editor for PHP directives.

1) Editing the Post Max Size

php_value post_max_size 20M

2) Enabling PHP Directory Listing

Options +Indexes

3) Setting Alternate Directory Index Pages

DirectoryIndex first.html index.htm index.html index.php

4) Enabling mod_rewrite

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

5) Setting Max Input Time

php_value max_input_time 200

6) Disable Logging of Repeated Errors

php_flag ignore_repeated_errors on

7) Disable Max Error String Length

php_value log_errors_max_len 0

8) Change the Default Character Set for PHP (Replace * with charset value)

php_value default_charset *

9) Stop PHP Scripts from Executing in a Directory:

removehandler .php

10) max_input_vars:

php_value max_input_vars 3000

11) Disable APC Cache:

php_flag apc.cache_by_default Off

That’s it! We hope this article was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.


Try managed hosting at Cloudways Platform to experience top-notch performance, simplicity, and flexibility with Cloudways. In addition, Cloudways removes all your server administration and maintenance hassles, so you remain focused on your business.

Did this answer your question?