Introduction to .htaccess or server configuration file
With this article I want to open the web resources security chapter. And I’ll start with nothing else, but a mysterious nameless file. Strange file with no name, but with unusual long extension – .htaccess. The file which is not easy to create on some OS.
What is .htaccess?
So what is this .htaccess? First of all, this file – is one of the instruments of the most common HTTP-server in the world – Apache. And more precisely – one of its configuration files, which allows you to configure the server running in separate directories (folders) and web resource in general, without providing access to the main configuration file.
The peculiarity of .htaccess file is the fact that its directives (instructions) are applied only to directories (and all its sub-directories) in which it is located. Even through the default .htaccess is the one in the root folder and its directives are applied to all directories of resource, there can be a lot of .htaccess files on your website and directives of root .htaccess can be easily overwritten by .htaccess files located in sub-directories (just like in CSS – element gets the last style specified in the file).
I will not describe the whole potential of .htaccess in this article. Though, you can check them all by visiting the official site of Apache. However, in the future articles we sure will review some interesting and useful directives. Each article will be devoted to specific instructions and settings. Within this chapter, specifically – instructions and settings that help to improve the security of web resources.
Let’s create .htaccess file
In some Operating Systems, any file that starts with a dot character, commonly called a dot file or dotfile, is to be treated as hidden. So before you sound the alarm in case of .htaccess lack, make sure that the visibility of these files is on. If that is so, but you still don’t see the .htaccess file in the directory of your site, you need to create it.
If you are using Windows, it’s not possible to create such a file in typical way. Therefore, regardless the type of OS, I suggest using the built-in text editors: Windows – Notepad, Macintosh – SimpleText, Linux/UNIX – Emacs. Just open the editor and save the file with no extension (file type – all files) and put .htaccess as the file name.
For the correct running of the newly created .htaccess file you must to:
- Turn word wrapping off (this is important, ‘cause the most of the directives in .htaccess file has to be placed one at a line)
- Set the end of line conversion to Unix-format.
Additionally, if you are using UNIX Operating Systems, you can create such a file by execution of the following commands in terminal:
- touch .htaccess // creates a file in the active directory.
- touch ~ / my_file_path / .htaccess // creates a file in the my_file_path directory.
- sudo nano /var/www/itcuisine.com/.htaccess // with superuser rights creates a file directly on the website (in our case on itcuisine.com), close and save it.
You can check the correctness of .htaccess file by creating index_chk.html file with following code:
<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <title>ITCuisine.com – .htaccess check out</title> </head> <body> <h1>Wow!</h1> <h3>.htaccess works!</h3> </body> </html>
And putting to .htaccess file the following code:
# Load index_chk.html before index.html DirectoryIndex index_chk.html index.html
Where the first line (starting with #) – is a comment, and the second – a directive that makes server firstly load and show file index_chk.html, and if it can’t be found, it goes to index.html. If .htaccess is not working, then the default index.html file will load.