Top 30 sites for freelancers
Every site you'll ever need! check it out →

Htaccess tutorial

Htaccess tutorial

What it does:

The .htaccess file has incredible power to improve your website. They provide configuration changes on a per-directory basis. When an htaccess file is placed in a particular document directory, the directives contained in the file apply to that director and all the subdirectories within..

It can be used to specify alternate index files, create custom error pages, stop a directory index from being shown, assist in password protection, basic (though not very secure) user authentication, and can even block IP addresses from being able to use the site.

How to use it:

You can create an .htaccess file locally on your computer or on the server using a regular text editing program like TextEdit or Notepad. When you save the file, simply name it “.htaccess”.

The htaccess file will need to live in the root directory of your website. This is usually the public_html/ or www/ folder.

Things all htaccess files should contain:

A common mistake web designers make is forgetting to forbid directory browsing. This can pose a security issue for your site. Maybe you’ve stumbled upon a scene like this before:

Index Directory from a website

Index Directory from a website

To fix this problem, simply copy and paste the following line into your existing .htaccess file and upload it to your server:

# disable directory browsing
Options ExecCGI Includes IncludesNOEXEC SymLinksIfOwnerMatch –Indexes


If you’d like to allow this directory browsing to occur, you can insert this snippet instead:

# enable directory browsing
Options All +Indexes


Another good thing to add to your htaccess file (if you’re experiencing errors with self-hosted HTML5 video) is the following snippet:

AddType video/ogg .ogm
AddType video/ogg .ogv
AddType video/ogg .ogg
AddType video/webm .webm
AddType audio/webm .weba
AddType video/mp4 .mp4
AddType video/x-m4v .m4v

Go further:

The host you or your client is using usually provides a tutorial for the htaccess file, if they provide it to you at all. You should generally avoid making changes to the htaccess file because most changes should be done on the servers’ .config file. A good practice is to get in touch with your host’s technical support so they can help you with your specific needs.

To learn more about htaccess, check out The Ultimate Htaccess, a website created for advanced users. You can also download a sample htaccess file, which contains many advanced configurations.

Written by Steve

Steve is a freelance web designer, technologist, educator, Adobe Certified Expert and friend from the San Francisco bay area. He is a incessant seeker of knowledge and tirelessly thinks about how he can make things better. You can learn more about him on his website, or by following him on Twitter: @scribblesteve

  • Patrick

    Thanks for this article Steve. I have been looking for the htaccess command to stop people from being able to browse the files directly. When I make that edit, do I have to create an index file or will the server direct them to a white page or error page?

    • Steve

      Thanks, Patrick! The easiest thing to do is create an index file, since that’s what is setup by default for the server to look at. However, you can customize what the default file is for that directory using .htaccess. It’s very powerful. You can learn more about that step in the “Ultimate Access” link above. Good luck!