What is .htaccess file
.htaccess files provide a way to make configuration on a per-directory basis. In the .htaccess file, we provide directives to apply a configuration for the server.
When to use .htaccess
Generally, this file should be used when you have no access to your server configuration file (httpd.conf).
The best example would be shared hosting providers where you don’t get root access to make changes in httpd.conf file. In such scenarios .htaccess plays a very important role.
In shared hosting, we make .htaccess files to secure our websites. We create this file on each directory to secure it from hackers or attackers.
When to avoid .htaccess file
We should not use this if we have access to our main configuration file.
There are two main reasons to avoid the use of .htaccess file.
The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, httpd will look in every directory for .htaccess files. Thus, permitting .htaccess files cause a performance hit.
The Other reason is .htaccess file is loaded every time a document is requested.
One should go with .htaccess file only when there is no other option left.
How to create .htaccess file
Step 1: Go inside the root directory of your website. And then create an empty file with the extension .htaccess
So now website folders are looking like this
If you haven’t read my previous server security article then please check out this
How to secure the server using .htaccess
Hide Server Details On Page Footer
First, we will hide our server details on footer which gets visible when error pages get displayed. To do this I will add the ServerSignature directive and set its value to Off. The ServerSignature will hide the server details on the footer.
Thus, we will add the below line then save the file and restart the server.
ServerSignature Off
Hide Directory Listing
When there is no default file is available in the directory which is generally index.html or index.php then the server gets confused which file to show and it displays all the files and folders. This is quite dangerous because if an attacker finds this then they can misuse the data.
when no default file is available it displays contents like this
In order to hide the content, we will add the below line save the file, and restart the server.
Options -Indexes
In this article, we have seen the other way of securing our website when we do not have access to the server main configuration. I hope you have learned something new with this article.