Ultra Web Hosting Docs

Working with .htaccess

The .htaccess file lets you control how your website behaves — redirects, HTTPS, access rules, and more — without touching the main server configuration. This guide covers where it lives, how to edit it safely, and the most common things you will use it for.

What .htaccess Is and Where It Lives

.htaccess is a per-directory Apache configuration file. When Apache serves a request, it reads any .htaccess file in that folder and applies its rules. This lets you change behavior for a whole site or just one folder.

Your site's main .htaccess lives in public_html, the document root of your primary domain. You can also place a separate .htaccess inside any subfolder to apply rules to just that folder and everything beneath it. The filename begins with a dot, which makes it a hidden file, so you will not see it unless hidden files are shown.

Editing .htaccess in File Manager

  1. Log into cPanel and open File Manager in the Files section.
  2. Click Settings in the top right and enable Show Hidden Files (dotfiles), then save.
  3. Navigate to public_html (or the folder you want to configure).
  4. If a .htaccess file already exists, right-click it and choose Edit. If it does not exist, click + File, name it .htaccess, and then edit it.
  5. Make your changes, click Save Changes, and reload your site to confirm it still works.
Warning A single syntax error in .htaccess causes a 500 Internal Server Error for the entire site, not just one page. Always back up the file first — copy its contents somewhere safe or use File Manager's Copy option — so you can restore it instantly if something breaks.

Redirects and HTTPS

Redirects send visitors from one address to another, and are the most common use of .htaccess.

Redirect a single page permanently with a 301:

Redirect 301 /old-page.html https://www.yourdomain.com/new-page.html

Force every visitor onto HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Force the www version of your domain:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\.com [NC]
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [L,R=301]

Or force the non-www version instead:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.yourdomain\.com [NC]
RewriteRule ^(.*)$ https://yourdomain.com/$1 [L,R=301]
Tip For simple page and domain redirects, cPanel's Redirects tool writes these rules for you through a form — a safer starting point than editing .htaccess by hand.

Error Documents and Access Rules

Serve your own custom error pages:

ErrorDocument 404 /404.html
ErrorDocument 403 /403.html

Allow or deny access by IP address — useful for locking down an admin area:

<RequireAll>
    Require all granted
    Require not ip 203.0.113.10
</RequireAll>

To allow only one address and deny everyone else:

Require ip 203.0.113.25

Hotlink Protection and Caching

Block other sites from embedding your images directly (hotlinking), which steals your bandwidth:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?yourdomain\.com/ [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp)$ - [F,NC]

Set browser caching headers so returning visitors load your site faster:

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/css "access plus 1 week"
    ExpiresByType application/javascript "access plus 1 week"
</IfModule>

Setting PHP Values

You can adjust some PHP settings from .htaccess when your site runs under certain handlers:

php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value memory_limit 256M
Note If a php_value line produces a 500 error, your account is using PHP-FPM, which ignores these directives. Use the MultiPHP INI Editor in cPanel, or the PHP Selector, to change PHP values instead. Remove the php_value lines from .htaccess if they cause an error.

If Something Goes Wrong

If your site returns a 500 error after an edit, the fix is almost always the last change you made. Restore your backup of the file, or comment out the new lines by adding # at the start of each, then reload the site. Our guide to the 500 Internal Server Error walks through diagnosing these in more detail. If you are still stuck, open a support ticket and we will take a look.