Webhosting - .htaccess file - VEDOS Knowledge Base

In this article you will learn:

What is the .htaccess file and what is it for?
How to restore the default .htaccess
How to set up .htaccess
What commands are blocked in .htaccess
Common problems
Frequently Asked Questions

.htaccess file

The .htaccess file (must have a period at the beginning) contains the Apache server settings that control the web hosting operation. The most common uses include routing in the webhost's directory structure, enforcing HTTPS, redirecting web addresses, and disabling proxy caching.

Accessing the .htaccess file

To access the .htaccess file, do the following:

Log in to the hosting via FTP, for example the WebFTP client ⧉(Manual).
Enter the www folder.
Find the file named .htaccess among the files.

WebFTP - .htaccess file in the www folder

The rules in the default .htaccess apply to all sites. Rules in .htaccess files in other directories (often, for example, www/domains/domain.tld) apply only to the contents of that directory and all its subdirectories.

You can have more than one .htaccess file - it depends on the number of directories where you want to set specific rules.

Restore default .htaccess

If you are unable to find the cause of the error caused by the modified default .htaccess file, or you accidentally deleted this file, you can restore it directly in the customer administration.

Log in to the customer administration ⧉.
In the top menu, select Hosting Services Webhosting or WMS.
Select the web host where you want to restore the .htaccess file.
Click Tools in the left menu.
In the Restore Default .htaccess table, click Restore .htaccess.

Open Web Hosting Tools

Button to restore the default .htaccess file

At the same time as restoring the default .htaccess file, this button creates a backup of the existing file, which the system copies to the same folder.

The button restores only the .htaccess file in the www folder. Other .htaccess files, such as those created by editorial systems, must be restored in other ways.

The default .htaccess file does not contain rules for HTTPS. If you use HTTPS, add the rules to the restored file manually.

.htaccess settings

The conditions and commands in the .htaccess file use regular expressions. If you don't know them, you can still edit the file, but pay close attention to the instructions. A broken .htaccess causes Error 500 - Internal Server Error.

Make a backup of your.htaccess file before you start editing it .

In this chapter you will find instructions for:

Routing in the web hosting directory structure
HTTPS settings
Redirecting web addresses
Disabling proxy cache

Routing in the Web Hosting Directory Structure

The main purpose of our default .htaccess file is to direct requests to the correct Webhosting folders, namely domains and subdomains. If you observe errors in navigating to the directories, please correct the .htaccess file to include the following text, or restore it completely.

RewriteEngine On

# domain targets (aliases)
RewriteCond %{REQUEST_URI} !^domains/
RewriteCond %{REQUEST_URI} !^/domains/
RewriteCond %{HTTP_HOST} ^(www\.)?(.*)$
RewriteCond %{DOCUMENT_ROOT}/domains/%2 -d
RewriteRule (.*) domains/%2/$1 [DPI]

# subdomains (with or without www at the beginning)
RewriteCond %{REQUEST_URI} !^subdom/
RewriteCond %{REQUEST_URI} !^/subdom/
RewriteCond %{HTTP_HOST} ^(www\.)?(.*)\.([^\.]*)$
RewriteCond %{DOCUMENT_ROOT}/subdom/%2 -d
RewriteRule (.*) subdomain/%2/$1 [DPI]

# aliases - correct redirection on missing /
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^domains/[^/]+/(.+[^/])$ /$1/ [R]

# subdomains - correct redirection when missing /
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^subdom/[^/]+/(.+[^/])$ /$1/ [R]

HTTPS settings

When you activate HTTPS, among other things, you set a .htaccess rule that selects the HTTPS option as the default. Set it directly in the .htaccess file in the www folder, immediately below the line RewriteEngine On.

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]
Header set Content-Security-Policy "upgrade-insecure-requests;"

Adding this code may cause our application installer to be blocked. If you encounter a problem with the .htaccess file during installation, temporarily restore it and overwrite it again with an automatically created backup after a successful installation.

The default .htaccess file does not contain rules for HTTPS. If you have restored it and want to use the HTTPS rules, add them again.

URL redirection

The following rule, known as a 301 redirect, tells the browser and search engines that the page has definitely moved from the old address to the new one. In particular, search engines will then not perceive the moved content as duplicate.

Copy the text below and paste it into the .htaccess file under the line RewriteEngine On. Next, modify it according to these rules:

In the text staraadresa\.tld replace text old address the address from which the redirection takes place, and tld replace it with the correct ending. Make sure that before the character . (dot) is the character \ (backslash).
In the text http://novaadresa.tld Replace novaaddress.tld the address to which you are redirecting the website. If the new address uses https, rewrite the text as well http.
To redirect new addresses to the default page, delete the characters on the second line $1.

RewriteCond %{HTTP_HOST} ^(www\.)?staraadresa\.tld$
RewriteRule (.*) http://novaadresa.tld/$1 [R=301,L]

Access restrictions for selected IP addresses

In the .htaccess file, you can restrict access to certain (or all) files from only certain IP addresses. Here is an example for blocking access to a file wp-login.php (WordPress administration login page):

<Files wp-login.php>
    Order Deny,Allow
    Deny from all
    Allow from X.X.X.X
</Files>

You can edit the code according to these rules:

V <Files ___> you can specify either a specific file or a character * for all files in the folder and subfolders.
Address X.X.X.X replace it with your IPv4 or IPv6 address.
Direktiv Allow from X.X.X.X you can enter more than one, each on its own line.

Accesses to the file from other IP addresses will result in Error 403.

The only way to access a file from a blocked address is to add that address to the allowed list, or to discard the code. Neither of these actions are performed by customer support.

Disabling proxy cache

If you need to disable proxy caching for a site or a part of it (directory, subdomain), insert the following code into the .htaccess file:

# DISABLE CACHING
<IfModule mod_headers.c>
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires 0
</IfModule>

.htaccess restrictions on web hosting

In order to prevent unwanted server behavior, we have set some restrictions on the .htaccess file.

Using any unauthorized command or parameter in the Options command will cause the entire site to malfunction, which will manifest itself Error 500 - Internal Server Error.

You may use the following categories of htaccess commands in your web server configuration:

AuthConfig
FileInfo
Limit
Indexes
Options*

Avoid using commands:

php_flag
php_value
ServerSignature
SetEnv
SetHandler
XBitHack
AddHandler
Options*

* For the Options command, you can only use the Indexes option, the others are disabled.

Common problems

Common problems with the .htaccess file include:

New settings do not show up or break the site
Restoring the default .htaccess does not work
The .htaccess file is overwriting something

New settings not working

Problem: After changing the .htaccess settings, the new behavior did not appear or the site stopped working altogether. The most common errors are Internal Server Error and Too Many Redirects.

Cause: This could be an error in the naming or location of the .htaccess file, the location of the code in this file, or the correctness of the code.

Solution: Do a thorough check and fix the errors:

Make sure the file is in the correct folder (it doesn't have to be just www) and is named exactly .htaccess, including the period at the beginning.
Make sure the code is placed in the correct location in the file (for example, at the beginning after the RewriteEngine On), and that all parts that contained placeholder text (e.g. domena.tld) are replaced by the correct text.
If the file contains blocked commands, delimit the lines by placing the character # to the beginning of the line.

Restoring the default .htaccess does not work

Problem: After restoring the default .htaccess, the site still behaves the same.

Cause: either you are restoring an incorrect .htaccess, or the incorrect site display is cached.

Solution: Refresh the page without browser cache using the Ctrl+Shift+R keyboard shortcut.

If you need to restore the default state of the .htaccess file elsewhere than in the www folder (or the .htaccess folder of a content management system such as WordPress), get it from a backup or the content management system's Web site.

Unknown program overwrites .htaccess

Problem: After changing the .htaccess settings, something soon overwrites it with unwanted code.

Cause: There is a software (usually a plugin, can be malware) on the webhost that generates its own code in .htaccess.

Solution: Find the originator of the changes in the .htaccess file:

Security plugins usually use .htaccess to block access to sensitive areas of the system, such as the administration of the editorial system. When you try to gain access, you often see Error 403: Forbidden. The solution is to reconfigure or disable the security plugin.
Updates to the editorial system can introduce problematic code into their .htaccess that most often causes Error 500 - Internal Server Error. The solution is to disable automatic updates and quickly intervene in the .htaccess code immediately after a manual update.
Malware commonly disrupts the display of a page or redirects it to an unwanted URL. The solution is a thorough site antivirus, which unfortunately VEDOS does not provide or support.

Frequently Asked Questions

How do I restore the default .htaccess of the content management system?

Before you start editing the .htaccess file, make a backup of it. If you don't have one, either reinstall the CMS or look elsewhere for the default .htaccess content of the same CMS version. If all else fails, contact customer support.

Where can I find advanced .htaccess commands?

We do not provide support for advanced .htaccess commands. You can find some in the community articles in the .htaccess &box; category. For tutorials found online, keep in mind the limitations of .htaccess on Webhosting.

Did the instructions help you?

Thank you for your feedback!

Webhosting - .htaccess file