How to setup rules and redirects in .htaccess

.htaccess - is a directory-level configuration file supported by Apache web server. It is used to alter web server configuration (enable or disable additional features) for the specific account without changing global server settings.

.htaccess file takes effect over the entire directory it is placed in, including all files and subdirectories. The changes made in this file will be implemented immediately and no server restart is required.

To access main .htaccess file of your hosting account, follow the steps below:

1) Log in to your cPanel
2) Navigate to section Files > File Manager



3) Choose Document Root for: option, and choose your main domain.
Do not forget to checkmark “Show Hidden files (dotfiles)” (otherwise .htaccess file will still be invisible)




4) You will be redirected to /public_html/ directory. Find .htaccess file and open it for editing:


You are ready to add your own configuration rules and save them!


The common usage of .htaccess file is listed below:


Authorization/authentication – specifies security restrictions for directory/subdirectory.
You can password protect a directory, or several of them, and any time a visitor tries to access it, username and password will be required.
To set up such protection, you need to:

1. Create the directory you want to protect in /home/cpanel_user/.htpasswds/ folder

e.g. for public_html/test the path will be .htpasswds/public_html/test/

2. Create passwd file in this directory and add hashed access details using this online generator

3. Add the following directives to .htaccess:

AuthType Basic
AuthName "Directory Name"
AuthUserFile /home/cpanel_user/.htpasswds/public_html/passwd
require valid-user


Blocking – blocks users by IP address or domain. It is very useful to block unwanted visitors, or to allow accessing certain sections of the website by its owner, administration area for example.
To set up certain blocking rules, create .htaccess file with the following text:

- to block users with X.X.X.X IP address, allow access to everybody else

order allow,deny
allow from all
deny from X.X.X.X

- to block all the visitors except for specific admin IP for example, or yourself

order deny,allow
deny from all
allow from X.X.X.X



Custom Error Pages – allows creating custom error pages for a site. This option is very useful as it allows you to show web site visitors an error message matching your website theme if a URL on your web site does not work. This helps to avoid default '404 File Not Found' error for example, and allows you to display customly designed error with the guiding directions back into your web site content, rather than leaving puzzled.

To set up custom error document, create .htaccess file with the following text below:

ErrorDocument 404 /404.htmlWhenever a 404 (File Not Found) error appears, this line tells the Apache Web server to load 404.html file, located in the directory root of the domain you set the error page for.

NOTE: To set up document for other errors (403, 500, etc.), just replace 404 with the corresponding error code and /404.html with the path to the error file.


Mod_Rewrite – specifies how web pages and URLs are displayed to the visitors.

We would like to draw your attention to the usage of Mod_Rewrite rules in .htaccess file.

By default, Mod_Rewrite maps a URL to a filesystem path. However, it can also be used to redirect one URL to another URL.

Before creating a redirect, you should choose the redirection type which would be more preferable for you:

- Permanent redirect has a status code of 301, and unlike the temporary one is cached in the browser memory. It implies that the page has been moved, and requests all search engines and user agent coming to the page to update the URL in their database. This is the most common type of redirect.

- Temporary redirect means that the page is sending status code 302 to the browser. The 302 code tells the browser not to cache this redirect into its saved data. It will redirect the visitor or search engine, but search engine will continue to index to the original page. This is the recommended type of redirect, unless you are absolutely sure that you will never change it in the future.

The list of the most common and useful redirects, which can be set through .htaccess file can be found below (the domains specified in examples should be replaced with your own ones):


// Permanent redirect from example.com to domain.com

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^/?$ "http\:\/\/domain\.com\/" [R=301,L]


// Temporary redirect from example.com to domain.com

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^/?$ "http\:\/\/domain\.com\/" [R=302,L]


NOTE: below are the examples of permanent redirects. Temporary one can be defined by replacing [R=301,L] with [R=302,L] in the end of the code (where necessary).


//Redirect from example.com/subfolder to domain.com

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^subfolder$ "http\:\/\/domain\.com\/" [R=301,L]


//Redirect from HTTP to HTTPS

- for any domain .htaccess takes effect on:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

- for a certain domain, example.com:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]


//Redirect from non-WWW to WWW

- for any domain .htaccess takes effect on:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

- for a certain domain, example.com:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]


//Redirect from WWW to non-WWW

- for any domain .htaccess takes effect on:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

- for a certain domain, example.com:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule (.*) http://example.com/$1 [R=301,L]


//Changes the directory root for the main domain to public_html/subfolder

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteCond %{REQUEST_URI} !^/subfolder/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /subfolder/$1
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^(/)?$ subfolder/index.php [L]


NOTE: .htaccess file should be located in the directory root of the domain you wish to configure certain rules for.


That's it!