A .htaccess (hypertext access) file is a configuration file for use on web servers running the Apache Web Server.It is a directory-level configuration file,as the name .htaccess reflects – allow per-directory access control, e.g requiring a password to access the content.
When a .htaccess file is placed in a directory or folder, then the .htaccess file is detected and executed by the web server it is called overridden of .htaccess.
These .htaccess files can be used to alter the configuration (global configuration for that directory, and all sub-directories if there) of the Apache Web Server to enable/disable additional functionality and features that the Apache Web Server has to offer by default.
These facilities include basic redirect functionality, for instance if a 404 file not found error occurs and others, or for more advanced functions such as content/directory password protection or image hot link prevention and content type and character set setting.
.htaccess files must be uploaded as ASCII mode, not BINARY and need to CHMOD the .htaccess file to 644 or (RW-R–R–). This permission makes the file usable by the server, but prevents it from being read by a browser.Suppose if you have password protected directories and browser can read the .htaccess file, then they can get the location of the authentication file and then the list to get full access to any portion that you previously had protected.
These are some common usage of .htaccess file
- Authorization, authentication
- Rewriting URLs
- Directory listing
- Customized error responses
- MIME types
- Cache Control