The .htaccess file in Drupal 7 / Drupal 8

An "htaccess" file is a configuration file read and used by the Apache web server to configure settings local to your website or even just a subdirectory in the website. These are local settings as opposed to what you would configure in .conf files in Apache's conf directory.

There should be a dot in the filename: .htaccess - and so the file will often be hidden or invisible in directory listings unless you specify that hidden or system files should appear. But the file should exist in any Drupal installation in the top-most directory of Drupal (next to the README and CHANGELOG files).

.htaccess is specific to Apache and doesn't do anything for nginx (or other web servers). This means that any rewrite rules for Clean URLs which Drupal's .htaccess does for us when using Apache need to be rewritten for nginx.

If you somehow managed to lose the .htaccess file you can get it again by downloading Drupal, unpacking the .tar.gz or .zip, and copying .htaccess from the newly created Drupal root folder. Drupal 7 and Drupal 8 have different .htaccess files so make sure you get the appropriate version as some of the differences make them incompatible.

If you don't have the Drupal-specific .htaccess file then you can still install and use Drupal, but you will not have pretty URLs like you normally would. There are also some security measures included in Drupal's .htaccess file.

If you make local changes to .htaccess, remember that this is technically a Drupal "core" file and will get overwritten if you upgrade your version of Drupal, and your file transfer (ftp) or version control (git) software might be set to ignore files beginning with dot (.).

Drupal places another .htaccess file inside sites/default/files/. This one is different from the main .htaccess and is there to prevent hackers from uploading malicious scripts onto your Drupal site.