htaccess file is quite useful for the following reasons:

1. If you’re reorganising your site and moving pages around,you can use the .htaccess file to redirect visitors from the old page to the new one.

2. Another function of the .htaccess file is to allow you to serve up pages which include PHP or Server Side Includes (SSI) but whose file name still uses the .htm or .html extension.

3. Allow or prevent directory browsing.

4. Because the server should check the .htaccess file before anything is delivered to the client, you can use it to password protect parts of your site.

5. You can also block various bots with the .htaccess file — for example, you can keep some spammers out, or prevent search engine spiders from indexing your images folder.

you have to overwrite php.ini’s s settings in .htacess

upload_max_filesize 100M

php_value post_max_size 100M
php_value upload_max_filesize 100M

.htaccess files (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis.
In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. The .htaccess file is placed inside the web tree, and is able to override a subset of the server’s global configuration; the extent of this subset is defined by the web server administrator.[1] The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access the content), hence the name. Nowadays .htaccess can override many other configuration settings, mostly related to content control, e.g. content type and character set, CGI handlers, etc.

Using this “.htaccess” file we can control “php.ini” and “httpd.conf” file.

Disable directory browsing using .htaccess:-

* Open your .htacces file
* Look for Options Indexes
* If Options Indexes exists modify it to Options -Indexes or else add Options -Indexes as a new line
* The directory browsing feature should be disable by now

Disable directory browsing using httpd.conf:-

* Open your httpd.conf, normally it’s located at /usr/local/apache/conf or /etc/httpd.conf
* Go to your own Virtual Host settings and look for “Options Indexes”
* Change the Indexes to -Indexes if Option Indexes exists or else add the Options -Indexes line
* Restart your apache web server.
* The directory browsing feature should be disable by now

Disable directory browsing in CPanel Share Hosting enviroment:-

* Login to your CPanel
* Click on Index Manager
* Directory will be list down. Click on the directory name which you want to disable the directory browsing
* Select No Index and click Save
* The directory browsing feature should be disable by now

The password protection depends on two files. The first one is the .htaccess file. It tells the webserver that viewing the file and/or folder requires authorization. The second file is the .htpasswd file it stores information about the users and their passwords. Its content will look similar to the following line:

webuser:qkbPmuht5Gzgc

The first part is the username, the second part of the line after the colon symbol is the password. The password is encrypted either using a modified version of MD5 or the system crypt() function.

Creation of the .htpasswd file is usually handled by the Apache htpasswd command line utility.
In case you do not have access to it on your server, you can use the following form to generate your .htpasswd file.

It is recommended that the .htpasswd file is located in a folder that is not accessible through the web. However most servers retrict acces to these files in their setup.

Once you have the .htpasswd file ready you need to create a file named .htaccess and place it in the folder you wish to have protected. The file should have the following lines

AuthType Basic
AuthUserFile "/home/username/path_to_htpasswd/.htpasswd"
AuthName “Enter valid username and password!”
require valid-user

The line AuthUserFile tells the web server where to look for the file containing the usernames which are allowed to access the folder.

The AuthName is what is printed in the user/prompt of the visitor’s browser.

Protecting a single file is a little tricky, you will need to add some more lines to the .htaccess file. Let’s say you wish to protect a file named “my-secret-file.html”. Then you will need to following .htaccess:

AuthType Basic
AuthUserFile "/home/username/path_to_htpasswd/.htpasswd"
AuthName "Enter valid username and password!"

require valid-user

The .htaccess file should be located in the same folder where the my-secret-file.html is located.

These will allow you to have your own, personal error pages (for example when a file is not found) instead of using your host’s error pages or having no page.

You can use custom error pages for any error as long as you know its number (like 404 for page not found) by adding the following to your .htaccess file:

ErrorDocument errornumber /file.html

These are some of the most common errors:

401 – Authorization Required
400 – Bad request
403 – Forbidden
500 – Internal Server Error
404 – Wrong page

if someone types the directory name into their browser, a full listing of all the files in that directory will be shown. This could be a security risk for your site.

To prevent against this (without creating lots of new ‘index’ files, you can enter a command into your .htaccess file to stop the directory list from being shown:

Options -Indexes

In some situations, you may want to only allow people with specific IP addresses to access your site or you may want to ban certian IP addresses this will only work if you know the IP addresses you want to ban and, as most people on the internet now have a dynamic IP address, so this is not always the best way to limit usage.

You can block an IP address by using:

deny from 000.000.000.000

You can allow an IP address by using:

allow from 000.000.000.000

If you want to deny everyone from accessing a directory, you can use:

deny from all

but this will still allow scripts to use the files in the directory

You may not always want to use index.htm or index.html as your index file for a directory, for example if you are using PHP files in your site, you may want index.php to be the index file for a directory. You are not limited to ‘index’ files though. Using .htaccess you can set foofoo.blah to be your index file if you want to!

Alternate index files are entered in a list. The server will work from left to right, checking to see if each file exists, if none of them exisit it will display a directory listing (unless, of course, you have turned this off).

DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm

One of the most useful functions of the .htaccess file is to redirect requests to different files, either on the same server, or on a completely different web site. It can be extremely useful if you change the name of one of your files but allow users to still find it. Another use (which I find very useful) is to redirect to a longer URL, for example in my newsletters I can use a very short URL for my affiliate links. The following can be done to redirect a specific file:

Redirect /location/from/root/file.ext http://www.othersite.com/new/file/location.xyz

In this above example, a file in the root directory called oldfile.html would be entered as:

/oldfile.html

and a file in the old subdirectory would be entered as:

/old/oldfile.html

You can also redirect whole directoires of your site using the .htaccess file, for example if you had a directory called olddirectory on your site and you had set up the same files on a new site at: http://www.newsite.com/newdirectory/ you could redirect all the files in that directory without having to specify each one:

Redirect /olddirectory http://www.newsite.com/newdirectory


Then, any request to your site below /olddirectory will bee redirected to the new site, with the
extra information in the URL added on, for example if someone typed in:

http://www.youroldsite.com/olddirecotry/oldfiles/images/image.gif

They would be redirected to:

http://www.newsite.com/newdirectory/oldfiles/images/image.gif

This can prove to be extremely powerful if used correctly.