Controlling file extensions using an .htaccess file can be useful for enforcing certain security measures or custom configurations on your website. You can control access to specific types of files or set rules for how certain file extensions are handled. Below are some examples of how you can achieve this with the .htaccess file:

To control file extensions using an `.htaccess` file, you can use Apache’s mod_rewrite module to rewrite URLs and enforce specific file extensions. Here’s an example of how you can achieve this:

1. Create or edit the `.htaccess` file in the root directory of your website.

2. Add the following lines to the `.htaccess` file:

apache
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

In the above example, the rule `^([^\.]+)$` matches any URL segment that doesn’t contain a dot (.), which indicates a file extension. The rule then appends `.php` to the URL, effectively adding the PHP file extension.

You can modify the rule according to your needs. For example, if you want to enforce the `.html` file extension, you would replace `$1.php` with `$1.html`.

3. Save the `.htaccess` file.

After applying the changes, any URL segment without an extension will automatically have the desired extension appended. For example, if someone requests `example.com/page`, it will be internally rewritten to `example.com/page.php`. This way, the server can serve the appropriate file.

Remember to ensure that the mod_rewrite module is enabled on your Apache server. Additionally, make sure that you have AllowOverride set to at least FileInfo or All in the appropriate Apache configuration to allow the use of `.htaccess` files.

Block Access to Specific File Types:

To block access to certain file types (e.g., .ini, .log, .bak), you can use the FilesMatch directive along with the Deny and ErrorDocument directives:

apache
<FilesMatch “\.(ini|log|bak)$”>
Order allow,deny
Deny from all
ErrorDocument 403 “Access Forbidden”
</FilesMatch>

This example denies access to files with extensions .ini, .log, and .bak and returns a 403 Forbidden error if someone tries to access them.

Allow Access to Specific File Types:

Conversely, if you want to allow access only to specific file types, you can use a similar approach with the FilesMatch directive:

apache
<FilesMatch “\.(html|css|js|jpg|png|gif)$”>
Order deny,allow
Allow from all
</FilesMatch>

This example allows access to files with extensions .html, .css, .js, .jpg, .png, and .gif and denies access to all other file types.

Redirect Requests for a Specific File Type:

To redirect requests for a specific file type to another location, you can use the RedirectMatch directive:

apache
<FilesMatch “\.pdf$”>
RedirectMatch 301 ^/.*$ http://www.example.com/forbidden.html
</FilesMatch>

This example redirects all requests for .pdf files to a specific HTML page located at http://www.example.com/forbidden.html.

Change Default Page for a Directory:

If you want to change the default page served for a directory (e.g., from index.html to home.html), you can use the DirectoryIndex directive:

apache
DirectoryIndex home.html

This example sets home.html as the default index file for directories.

Important Notes:

• Always make a backup of your .htaccess file before making changes.
• Test your configurations to ensure they work as expected.
• Be cautious when blocking or redirecting file types, as it can impact the functionality of your website.
• Regularly monitor your access logs for any unexpected issues.

Remember that the effectiveness of these configurations may depend on your server configuration and the modules available. Additionally, on shared hosting environments, certain configurations might be restricted by the hosting provider.