.htaccess (specifics, editation)

The contents of the .htaccess file is part of the Linux webserver configuration, most commonly used to mod rewrite, but you can also influence other useful parameters. Some examples of use and syntax can be found below..

How to create/edit .htaccess file?

Either by using the tool available in the Customer Center - it allows you to edit existing files, but the main advantage is the ability to create a new file through the graphical interface, or you can create a file by using your favorite text editor, and place it on the server the desired directory.

  1. Log in to Customer center.
  2. Choose hosting, where you wish to edit .htaccess (Services / Hosting and servers / Virtual servers).
  3. In Server detail click in category .htaccess on Settings button.
  4. There select directory, for which you want to edit the .htaccess ( "/" is root directory - www).
  5. Type the required .htaccess record in the form and confirm the change by clicking the Save button.

Detailed walkthrough:

  1. Use your login to sign in to the Customer Center. Alternatively, you can ask for a forgotten password.
  2. After logging in, choose the virtual server where you want to edit the .htaccess (Services / Hosting and servers / Virtual servers).
  3. In Server detail click in category .htaccess on Settings button.
  4. There select directory, for which you want to edit the .htaccess ( "/" is root directory - www).
  5. Type the required .htaccess record in the form and confirm the change by clicking the Save button.

Inheriting settings

Settings in .htaccess apply not only to the directory in which the file is located, but it is also inherited for all directories in it and below (which may, for example, interfere with rewrite rules).

Inherited settings can always be "overwhelmed" by the new .htaccess settings in the lower directory (which will continue to inherit its subfolders).

Important: Incorrect setup causes "Internal Server Error"

Examples of settings


Password protected access to the directory

You can set up access to a specific directory only after entering a valid username and password in Customer center in section Services/Webhosting and servers/Virtual servers after clicking on domain name and choosting the "settings" button at ".htaccess file edit". Select "Password" at the appropriate folder.

  1. Select "Password" at the appropriate folder.

  2. Next, set the login information in the directory and confirm it by clicking the Set password button.

TIP: An overview of already created access details, including passwords (in encrypted form), is in the .htpasswd edit at the bottom of the settings. You also have the option to delete accesses (to re-enable directory access without a password).

Webserver settings

# Comment - all text that is on the line after the "#" character is ignored by the server
# You can then write notes for later orientation

# Set Default Directory Files (Indexes) - Default Settings
# Names are separated by a space, case-sensitive (index.php and Index.php are 2 different files)

DirectoryIndex index.php index2.php ThirdIndex.htm LastIndex.html

# Directory Content Listing - default off
# If there is no index file in the directory (see DirectoryIndex above), you can have its content listed

Options +Indexes

# Setting up custom error pages
# An address or a relative path can be given as the address - the relative address is given from the /www/

ErrorDocument 401 /path/file401.html # (umístění souboru je tedy /www/cesta/soubor401.html)
ErrorDocument 404 /path/file404.html
ErrorDocument 500 /path/file500.html
ErrorDocument 503 http://domain.cz/path/file.html

# Access control
# enable / disable access to the directory by IP address

Allow from all # Default settings - access allowed from all IP addresses
Deny from all # Prevents access from all IP addresses (eg, PHP gets locally in the directory)
Deny from # Block access from a specific IP address
Deny from 81.95.96 # Block access address range 81.95.96.xx

PHP settings

Setting register globals
php_flag register_globals on/off

Setting magic quotes
php_flag magic_quotes_gpc on

Setting display errors
php_flag display_errors on

# Setting max_input_vars 
php_value max_input_vars 5000 (or other number you need)

Some PHP settings (for example memory_limit) in .htaccess cannot be set  


Mod Rewrite

# before setting any rules, rewrite must be turned on
RewriteEngine On

# redirecting the domain something.domain.cz into the domain domain.cz/folder over 301
RewriteCond %{HTTP_HOST} ^something\.domain\.cz$
RewriteRule ^(.*)$ http://domain.cz/folder [R,L]

# redirecting the domain something.domain.cz into the folder domain.cz/folder
RewriteCond %{HTTP_HOST} ^something\.domain\.cz [NC]
RewriteCond %{REQUEST_URI}  !^/folder/
RewriteRule ^(.*)$ /folder/$1 [L,QSA]

# redirecting from domain.cz/folder on domain.cz - the path to folder is not showed
RewriteCond %{HTTP_HOST} ^(www.)?domain.cz$
RewriteCond %{REQUEST_URI} !^/folder/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /folder/$1
RewriteCond %{HTTP_HOST} ^(www.)?domain.cz$
RewriteRule ^(/)?$ folder/index.php [L]

More information to mod rewrite can be found in documentation:

Turning off eAccelerator

php_flag eaccelerator.enable 0
php_flag eaccelerator.optimizer 0

Implementing HTTPS (.htaccess redirect)

HTTPS is on Linux hosting implemented (the same as HTTP) by using reverse proxy Nginx which does so called TLS offloading.

Operation between Nginx and Apache is no longer encrypted, and Apache only learns about encryption. This results in the following limitations for applications that try to verify that they are accessed through secure HTTPS.

- detection in PHP using the variable $ _SERVER ['HTTPS']! = 'on' is fully functional
- the variable $ _SERVER ['SERVER_PORT'] also contains 80 when using HTTPS
- Detection in the .htaccess file using the rules "RewriteCond% {SERVER_PORT} !^443 $" and "RewriteCond% {HTTPS}! on" is not working! The port in these cases will always be 8x, according to the PHP version, and the HTTPS variable is always Off. Instead of the variable% {HTTPS}, you need to use the% {HTTP: X-Forwarded-Proto} variable for detection.

Forwarding to HTTPS with retention compatibility is recommended to perform the following conditions:

RewriteEngine On

RewriteCond %{HTTPS} !on

RewriteCond %{HTTP:X-Forwarded-Proto} !=https

RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,NE]