The .htaccess file is a powerful configuration file used by the Apache web server. It allows you to control how your web server behaves on a per-directory basis, including URL redirects, access control, custom error pages, caching, and much more.
Please note: Screens and options may vary slightly depending on your cPanel version and hosting plan.⚠️ Caution: Incorrect changes here can make your website inaccessible. If you are unsure about any step, please contact our support team before proceeding.
Where Is .htaccess?
The main .htaccess file is located in your document root (e.g. /home/username/public_html/.htaccess). It affects the directory it's in and all subdirectories below it.
To see it in the File Manager, enable Show Hidden Files (dotfiles) in the File Manager settings.
Common .htaccess Uses
Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Redirect www to non-www (or vice versa)
# Redirect www to non-www
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
# Redirect non-www to www
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
Custom Error Pages
ErrorDocument 404 /custom-404.html
ErrorDocument 500 /custom-500.html
Block an IP Address
<RequireAll>
Require all granted
Require not ip 203.0.113.50
</RequireAll>
Enable Gzip Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
AddOutputFilterByType DEFLATE application/javascript application/json
AddOutputFilterByType DEFLATE image/svg+xml
</IfModule>
Set Browser Caching
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
</IfModule>
Password Protect a Directory
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/username/.htpasswd
Require valid-user
Prevent Directory Listing
Options -Indexes
Tips
- Always back up your
.htaccessfile before making changes. A syntax error can make your entire site return a 500 error. - If your site breaks after an
.htaccesschange, rename the file (e.g. to.htaccess_broken) via the File Manager or FTP to restore access, then fix the issue. .htaccessrules are processed on every request, so keep the file as lean as possible on high-traffic sites.- WordPress, Joomla, and other CMS platforms create their own
.htaccessrules. Be careful not to overwrite them. - Test changes in a browser's incognito/private window to avoid cached results.
What Next?
- Setting Up URL Redirects — Use cPanel's interface instead of manual .htaccess rules.
- Improving Website Performance with Caching — Caching strategies using .htaccess and beyond.