In this article you will learn:
- What the .htaccess file is and what it is used for
- How to restore the default .htaccess
- How to configure .htaccess
- Which commands are blocked in .htaccess
- Common problems
- Frequently asked questions
The .htaccess file
The .htaccess file (it must start with a dot) contains Apache server settings that control webhosting operations. The most common uses include routing in the webhosting directory structure, forcing HTTPS, redirecting web addresses, and disabling proxy cache.
Accessing the .htaccess file
To access the .htaccess file, follow these steps:
- Log in to the hosting via FTP, for example using the WebFTP ⧉ client (Manual).
- Enter the www folder.
- Find the file named .htaccess among the files.

Rules in the default .htaccess apply to all websites. Rules in .htaccess files in other directories (often, for example, www/domains/domena.tld) apply only to the contents of that directory and all of its subdirectories.
You can have more than one .htaccess file – it depends on the number of directories where you want to set specific rules.
Restoring the default .htaccess
If you cannot find the cause of an error caused by modifying the default .htaccess file, or if you accidentally deleted this file, you can restore it directly in the client administration.
- Log in to the client administration ⧉.
- In the top menu, select Hosting Services Webhosting or WMS.
- Select the webhosting for which you want to restore the .htaccess file.
- In the left menu, click Tools.
- In the Restore default .htaccess table, click the restore .htaccess button.

At the same time as restoring the default .htaccess file, this button creates a backup of the current file, which the system copies to the same folder.
The button restores only the .htaccess file in the www folder. Other .htaccess files, for example those created by content management systems, must be restored differently.
The default .htaccess file does not contain HTTPS rules. If you use HTTPS, add the rules to the restored file manually.
Configuring .htaccess
Conditions and commands in the .htaccess file use regular expressions. If you do not know how to work with them, you can still edit the file, but pay close attention to the instructions. A non-functional .htaccess causes Error 500 – Internal Server Error.
Before you start editing the .htaccess file, make a backup of it.
In this chapter you will find instructions for:
- Routing in the webhosting directory structure
- HTTPS setup
- Redirecting web addresses
- Disabling proxy cache
Routing in the Webhosting directory structure
The main purpose of our default .htaccess file is to route requests to the correct Webhosting folders, especially domains and subdom. If you notice errors in directory navigation, fix the .htaccess file so that it contains the following text, or restore it completely.
RewriteEngine On
# all domains (aliases)
RewriteCond %{REQUEST_URI} !^domains/
RewriteCond %{REQUEST_URI} !^/domains/
RewriteCond %{HTTP_HOST} ^(www\.)?(.*)$
RewriteCond %{DOCUMENT_ROOT}/domains/%2 -d
RewriteRule (.*) domains/%2/$1 [DPI]
# subdomains (with or without www at the beginning)
RewriteCond %{REQUEST_URI} !^subdom/
RewriteCond %{REQUEST_URI} !^/subdom/
RewriteCond %{HTTP_HOST} ^(www\.)?(.*)\.([^\.]*)\.([^\.]*)$
RewriteCond %{DOCUMENT_ROOT}/subdom/%2 -d
RewriteRule (.*) subdom/%2/$1 [DPI]
# aliases - correct redirect when / is missing
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^domains/[^/]+/(.+[^/])$ /$1/ [R]
# subdomains - correct redirect when / is missing
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^subdom/[^/]+/(.+[^/])$ /$1/ [R]
HTTPS setup
When activating HTTPS, you also set a .htaccess rule that selects the HTTPS variant as the default. Add it directly to the .htaccess file in the www folder, immediately below the line RewriteEngine On.
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]
Header set Content-Security-Policy "upgrade-insecure-requests;"
Adding this code may block our application installer. If you encounter a problem with the .htaccess file during installation, temporarily restore it and, after a successful installation, overwrite it again with the automatically created backup.
The default .htaccess file does not include HTTPS rules. If you have restored it and want to use HTTPS rules, add them again.
URL Redirects
With the following rule, known as a 301 Redirect, you tell both the browser and search engines that the page has permanently moved from the old address to the new one. Search engines in particular will then not treat the moved content as duplicate content.
Copy the text below and insert it into the .htaccess file below the line RewriteEngine On. Then adjust it according to these rules:
- In the text
staraadresa\.tld, replace the text staraadresa with the address from which the redirect is being made, and replace tld with the correct extension. Make sure that before the . (dot) character there is a \ (backslash) character. - In the text
http://novaadresa.tld, replace novaadresa.tld with the address to which you are redirecting the website. If the new address uses https, also replace the text http. - If you want to redirect to the default page of the new address, delete the
$1characters on the second line.
RewriteCond %{HTTP_HOST} ^(www\.)?staraadresa\.tld$
RewriteRule (.*) http://novaadresa.tld/$1 [R=301,L]
Restricting access for selected IP addresses
In the .htaccess file, you can restrict access to certain (or all) files only from specific IP addresses. Here is an example of blocking access to the wp-login.php file (the login page of the WordPress administration):
<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from X.X.X.X
</Files>
You can adjust the code according to these rules:
- In
<Files ___>, you can specify either a particular file or the*character for all files in the given folder and subfolders. - Replace the address
X.X.X.Xwith your IPv4 or IPv6 address. - You can specify multiple
Allow from X.X.X.Xdirectives, each on its own line.
Access from other IP addresses to the given file will end with Error 403.
The only way to gain access to the file from a blocked address is to add that address to the allowed list, or remove the code. Neither of these interventions is performed by customer support.
Disabling proxy cache
If you need to disable proxy cache for a website or part of it (directory, subdomain), insert this code into the .htaccess file:
# DISABLE CACHING
<IfModule mod_headers.c>
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires 0
</IfModule>
Restrictions on .htaccess on Webhosting
To prevent unwanted server behavior, we have set certain restrictions for the .htaccess file.
Using any disallowed command or parameter with the Options command will cause the entire website to stop working, which will manifest as Error 500 – Internal Server Error.
In the webserver configuration, you may use the following categories of commands for htaccess:
- AuthConfig
- FileInfo
- Limit
- Indexes
- Options*
Avoid using the following commands:
- php_flag
- php_value
- ServerSignature
- SetEnv
- SetHandler
- XBitHack
- AddHandler
- Options*
* For the Options command, you may use only the Indexes option; others are prohibited.
Common problems
Common problems with the .htaccess file include:
- The new settings do not take effect or break the website
- Restoring the default .htaccess does not work
- The .htaccess file is overwritten by something
The new settings do not work
Problem: After changing the .htaccess settings, the new behavior does not appear, or the website has stopped working completely. This usually includes the Internal Server Error and Too Many Redirects errors.
Cause: This may be an error in the name or location of the .htaccess file, the placement of the code in this file, or the correctness of the code itself.
Solution: Perform a thorough check and fix the errors:
- Check that the file is in the correct folder (it does not have to be just www) and is named exactly .htaccess, including the dot at the beginning.
- Make sure the code is placed in the correct part of the file (for example, at the beginning after the
RewriteEngine Oncommand), and that all parts containing placeholder text (e.g.domena.tld) have been replaced with the correct text. - If the file contains blocked commands, disable the relevant lines by placing the
#character at the beginning of the line.
Restoring the default .htaccess does not work
Problem: After restoring the default .htaccess, the website still behaves the same.
Cause: Either you are restoring the wrong .htaccess, or the website display is cached incorrectly.
Solution: Refresh the page without browser cache using the keyboard shortcut Ctrl+Shift+R.
If you need to restore the default state of the .htaccess file elsewhere than in the www folder (or the CMS .htaccess, for example WordPress), get it from the backup or from the CMS website.
An unknown program is overwriting .htaccess
Problem: After changing the .htaccess settings, something soon overwrites it with unwanted code.
Cause: There is software on the webhosting (usually a plugin, but it may also be malware) that generates its own code in .htaccess.
Solution: Find the source of changes in the .htaccess file:
- Security plugins usually use .htaccess to block access to sensitive parts of the system, such as the CMS administration. When trying to access it, you will often see Error 403: Forbidden. The solution is to reconfigure or disable the security plugin in question.
- CMS updates may introduce problematic code into their .htaccess, which most often causes Error 500 – Internal Server Error. The solution is to disable automatic updates and quickly adjust the .htaccess code immediately after a manual update.
- Malware commonly disrupts the display of the page or redirects it to an unwanted URL. The solution is a thorough virus cleanup of the website, which VEDOS unfortunately does not provide, nor does it offer support for it.
Frequently asked questions
How do I restore the default CMS .htaccess?
Before you start editing the .htaccess file, make a backup of it. If you do not have one, either reinstall the CMS or find the default .htaccess content for the same CMS version elsewhere. If all else fails, contact customer support.
Where can I find advanced .htaccess commands?
We do not provide support for advanced .htaccess commands. Some can be found in community articles in the .htaccess category ⧉. When using guides found online, keep in mind the .htaccess restrictions on Webhosting.