The Ultimate .htaccess Guide for Web Developers
The .htaccess file is one of the most powerful configuration tools available on Apache web servers. It allows you to control URL redirects, enable caching, block malicious traffic, enforce HTTPS, create clean URLs, and much more — all without editing the main server configuration. This guide covers the most useful .htaccess directives for web developers.
What Is .htaccess?
The .htaccess (hypertext access) file is a directory-level configuration file for Apache web servers. It is placed in a directory and affects that directory and all subdirectories. The file is read on every request, which means changes take effect immediately without restarting the server.
The file must be named exactly .htaccess (with the leading dot) and must be uploaded as a plain text file. On Windows, you may need to create it via the command line or rename it after upload, as Windows Explorer does not allow filenames starting with a dot by default.
Redirects
301 Permanent Redirect
A 301 redirect tells search engines and browsers that a page has permanently moved. This preserves SEO value from the old URL. Use it when restructuring your site or changing domain names.
Redirect 301 /old-page.html /new-page.html
Redirect Entire Domain
RewriteEngine On
RewriteCond %{HTTP_HOST} ^olddomain\.com [NC]
RewriteRule ^(.*)$ https://newdomain.com/$1 [L,R=301]
Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Force www or non-www
Redirect non-www to www:
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
Clean URLs
Remove file extensions from URLs to make them cleaner and more search-engine friendly. This is exactly what tools like HostCheck use for their blog and content pages.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^([^/]+)/?$ $1.php [L]
Caching
Enable browser caching to dramatically improve load times for returning visitors:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
</IfModule>
Compression
Enable GZIP compression to reduce file sizes during transfer:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/json
</IfModule>
Security
Block Directory Listing
Options -Indexes
Protect Sensitive Files
<FilesMatch "^\.(htaccess|htpasswd|env|git)">
Order Allow,Deny
Deny from all
</FilesMatch>
Block Hotlinking
Prevent other sites from embedding your images directly, saving bandwidth:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?yourdomain\.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp)$ - [F]
Custom Error Pages
Set custom pages for HTTP errors:ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
Migration Considerations
When migrating from Apache to Nginx, .htaccess files are not supported. All rules must be converted to Nginx configuration directives. This is one of the most commonly overlooked aspects of server migration. Test your .htaccess-dependent features on the new server using HostCheck before making the DNS switch.
Conclusion
.htaccess is an incredibly powerful tool for Apache web servers. Whether you need redirects, caching, security hardening, or clean URLs, .htaccess can handle it. Just remember that .htaccess is Apache-specific — if you migrate to an Nginx server, you will need to convert your rules. Always test URL rewrites and redirects after migration to ensure nothing breaks.