A beginner's guide to creating redirects in an .htaccess file
Have you ever felt a need to change the configuration of your website running on an Apache webserver without having root access to server configuration files (httpd.conf
)? This is what the .htaccess
file is for.
The .htaccess
file provides a way to make configuration changes to your website on a per-directory basis. The file is created in a specific directory that contains one or more configuration directives that are applied to that directory and its subdirectories. In shared hosting, you will need to use a .htaccess
file to make configuration changes to your server.
[ You might also enjoy: 6 sysadmin skills web developers need ]
Common uses of .htaccess file
The .htaccess
file has several use cases. The most common examples include:
- Redirections for certain URLs
- Load custom error pages, like 404 pages
- Force your website to HTTPS instead of HTTP
- Allow or deny specific IP addresses access to your website
- Password-protect certain directories on your server
When not to use .htaccess?
The .htaccess
file is commonly used when you don't have access to the main server configuration file httpd.conf
or virtual host configuration, which only happens if you have purchased shared hosting. You can achieve all of the above-mentioned use cases by editing the main server configuration file(s) (e.g., httpd.conf
) or virtual host configuration files, so you should not use .htaccess
when you have access to those files. Any configuration that you need to put in a .htaccess
file can just as effectively be added in a <Directory> section in your main server or virtual host configuration files.
Reasons to avoid using .htaccess
There are two reasons to avoid the use of .htaccess
files. Let's take a closer look at them.
First: Performance - When AllowOverride is set to allow the use of .htaccess
files, httpd
will look for .htaccess
files in every directory starting from the parent directory. This will cause a performance impact, whether you're using it or not. The .htaccess
file is loaded every time a document is requested from a directory.
To have a full view of the directives that it must apply, httpd
will always look for .htaccess
files starting with the parent directory until it reaches the target sub-directory. If a file is requested from directory /public_html/test_web/content
, httpd
must look for the following files:
/.htaccess
/public_html/.htaccess
/public_html/test_web/.htaccess
/public_html/test_web/content/.htaccess
So, four file-system accesses were performed for each file access from a sub-directory content even if the file is not present.
Second: Security - granting users permission to make changes in .htaccess
files gives them full control over the server configuration of that particular website or virtual host. Any directive in the .htaccess
file has the same effect as any placed in the httpd
configuration file itself, and changes made to this file are live instantly without a need to restart the server. This can become risky in terms of the security of a webserver and a website.
Enable the .htaccess file
To enable the .htaccess
file, you need to have sudo/root privileges on the server.
Open the httpd
configuration file of your website:
/etc/httpd/conf/test.conf
You should add the following configuration directive in the server's virtual host file to allow the .htaccess
file in the DocumentRoot directory. If the following lines are not added, the .htaccess
file will not work:
</VirtualHost>
<Directory /var/www/test.com/public_html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
In the case of shared hosting, this is already allowed by the hosting service providers. All you need to do is to create a .htaccess
file in the public_html
directory to which the service provider has given you access and to which you will upload your website files.
Redirect URLs
If your goal is to simply redirect one URL to another, the Redirect directive is the best option you can use. Whenever a request comes from a client on an old URL, it forwards it to a new URL at a new location.
If you want to do a complete redirect to a different domain, you can set the following:
# Redirect to a different domain
Redirect 301 "/service" "https://newdomain.com/service"
If you just want to redirect an old URL to a new URL on the same host:
# Redirect to a URL on the same domain or host
Redirect 301 "/old_url.html" "/new_url.html"
Load a custom 404 Error page
For a better user experience, load a custom error page when any of the links on your website point to the wrong location or the document has been deleted.
To create a custom 404 page, simply create a web page that will work as a 404 page and then add the following code to your .htaccess
file:
ErrorDocument 404 /error/pagenotfound.html
You should change /error/pagenotfound.html
to the location of your 404 page.
Force the use of HTTPS instead of HTTP for your website
If you want to force your website to use HTTPS, you need to use the RewriteEngine module in the .htaccess
file. First of all, you need to turn on the RewriteEngine module in the .htaccess
file and then specify the conditions you want to check. If those conditions are satisfied, then you apply rules to those conditions.
The following code snippet rewrites all the requests to HTTPS:
# Turn on the rewrite engine
RewriteEngine On
# Force HTTPS and WWW
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [OR,NC]
RewriteCond %{https} off
RewriteRule ^(.*)$ https://www.test-website.com/$1 [R=301,L]
Let's go through each line.
RewriteEngine on turns on the RewriteEngine module. This is required; otherwise, conditions and rules won't work.
The first condition checks if www
is entered. [OR, NC] stands for no case, which means even if the entered URL has a mix of upper or lowercase case letters.
Next, it checks if the HTTPS protocol was already entered by the user. %{https} off means that HTTPS protocol was not used.
When the RewriteCond is satisfied, we use RewriteRule to redirect the URL to HTTPS. Note that in this case, all URLs will be redirected to HTTPS whenever any request is made.
[ A free guide from Red Hat: 5 steps to automate your business. ]
Wrap up
Website owners often use the .htaccess
file to control the behavior of their website. In this article, we have covered the basics of the .htaccess
file and some common use cases in place on most of the websites.
Abdul Rehman
Abdul Rehman is a Red Hat Certified Architect (RHCA), passionate about Linux, Virtualization, Automation, and Cloud. Currently, he's working as a Solution Architect where he solves business problems by designing and managing Private/Public Cloud-based innovative solutions. More about me