Manipulating HTTP Headers with .htaccess

Last update : July 25, 2013

.htaccess is a very ancient configuration file that controls the Web Server running your website, and is a very powerful configuration file. htaccess is sometimes called “HyperText Access” because of its ability to control access of the WWW’s HyperText Transfer Protocol (HTTP) using Password Protection, 301 Redirects, and much much more.

The AskApache website offers a lot of tutorials, tricks and hacks for webmaster and online tools related to .htaccess.

.htaccess tips and tricks are available at the corz.org website.

Redirection of a webpage

To avoid “404 File Not Found” Error!’s after deleting webpages in the context of a website update, it’s often useful to redirect these webpages to a new url. There are at least 2 major different forms of web page redirection : Client-side Redirection & Server-side Redirection.

Stay away from Client-side Redirection. These methods of redirecting a webpage range from using html meta tags, to javascript, and even using flash embedded on a page to redirect. All of these methods are notorious for getting you de-indexed from search engines, or at the very least, you’re page getting automatically penalized from search engines.

The best and safest way to this is the “301 Redirect“. The following tutorials describe the “301 Redirect” method :

There are different ways to set up an “301 Redirect“. Using .htaccess to accomplish the 301 redirect is highly suggested due to it being fairly convenient to manage, rather than setting redirects on each individual page, you can simply add the redirect code to the .htaccess file. An Online .htaccess editor to configure the redirection is offered by Hideyo Ryoken & Masato Mannen.

A php sample code to redirect an individual page permanently to a new location is shown hereafter :

  1. <?
  2. header( “HTTP/1.1 301 Moved Permanently” );
  3. header( “Status: 301 Moved Permanently” );
  4. header( “Location: http://www.new-url.com/” );
  5. exit(0); // This is Optional but suggested, to avoid any accidental output
  6. ?>

If the redirection is only temporary, you should use the “302 redirect” method. A php sample code to redirect an individual page temporary to a new location is shown below :

  1. <?php
  2. header(”Location: http://www.NewTemporaryWebAddress.com”);
  3. exit();
  4. ?>

.htpasswd & .htaccess on webservers

Apache and other webservers lets you password protect individual files, folders, or your entire website fairly easily with .htpasswd and .htaccess.

To password protect a folder on your site, you need to put the following code in your .htaccess file:

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName “My Secret Folder”
Require valid-user

The path /full/path/to/.htpasswd should be the full path (the path to the file from the Web server’s volume root) to a text file called  .htpasswd uploaded in a folder outside of the web root, if possible.

The textfile .htpasswd contains the following informations, separated by a colon (:)

username:encryptedpassword

It’s possible to include multiple users in the .htpasswd file.

To encrypt the password, you can use free webtools like

or  the htpasswd utility that comes with Apache.

More details are available in the following tutorial.