| Webhosting | Prices / Features | Support | Forums | Backgrounds | Announcements | Contact us |


Apache, like any other software, has configuration files. Your host edits these "global" configuration files to serve as a default for all of the sites hosted on the server. The .htaccess file (pronounced "h t access") acts as a "local" configuration file so that individual Websites can customize the configuration to suit their needs.
The .htaccess files have the same directory limitation capabilities that are available from the configuration files, but are set up in a way that permits direct access to configuration by the person maintaining the directory, and doesn't require server restart to upgrade or modify the security of the directory.
In other words, you can control your files in a way that effectively gives you control of the server where your files are concerned, even though you don't have access to the server confiigurations.
The .htaccess file is an ordinary text file that is usually created using telnet. Because some hosts do not allow telnet, we have included instructions for Notepad or any text editor and FTPing it into your Web directory. This file will contain the configuration statements (commands) to customize the Apache Web server software for your Website.
Notice that the file name starts with a period. This is to indicate to the Linux/Unix operating system that it is a "system file" that is used by a server application, not by a user of the system (such as an html file would be). However, with Windows, the period denotes a separator between a file's name and its' "extension". As a result, if you try and create a .htaccess file in Windows, it won't have a name. To get around this, create a file called htaccess.txt, ftp that to the server, and then rename it to .htaccess once it's there.
If you don't see it in your FTP program, check your ftp program settings to make sure you have it set to (Show All Files). With some versions of WS_FTP it's the "Show full directory information" check-box under the "Advanced" tab in the Options window. If, after setting this option, you still don't see the file, it's because the server is set not to show these files. It should still work though, provided your host supports the use of htaccess files.
The most common uses are:
Deny access to certain IP's
Change your default page
Redirect a visitor to another page
Professional Error Page
SSI Without .shtml extension
Stop bandwidth theft from linking to downloads
Trap Pesky Spambots
Stop bandwidth theft from linking to images
Password protect a file or directory

The .htaccess file generally lives in the directory that will be affected.
The .htpasswd and .htgroup files can live in any location within the server. The full Unix pathname is required to define the file and its location.
NOTE that the .htaccess files that reside in your public_html directory can be viewed through the web browser, so you will need to know how to prevent access to the .htaccess file by disabling access to that particular filename.
Adding the following lines to your .htaccess file in the public_html directory will deny visitors from viewing all .htaccess files contained in your website:

<Files .htaccess>
order allow,deny
deny from all
Here is an example of the contents of an .htaccess file.

AuthUserFile /dir/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic
require user webmaster
In this example of allowing and Disallowing Domains, we have no need for the password and the group files. In addition, we will be using the basic method. So our .htaccess file would start with:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName AllowLocalAccess
AuthType Basic
Note that we have set the password and the group files to /dev/null. This has been done to ensure that there is no chance of picking up some stray or unnecessary file.

order deny,allow
deny from all
allow from .localdomain.com
Here we have effectively limited access to the directory by stating that the user can only do GETs and POSTs if we permit that from their domain.
The first thing we do is deny everyone access to GET and POST; this is the default state.
We use the keyword all to make the default cover anyone we don't wish to have access. Then, we use the allow directive for domains to which we want to allow access. Note that we prefix the domain with a period character. That means that any subdomain within that domain can access the directory.
The allow and deny directives are permitted to have multiple hosts on the allow and deny lines.
The following line in the file above would have allowed people from .localdomain.com and .otherlocal.com to access the private directory. allow from .localdomain.com .otherlocal.com
You can further enhance the limitations by using the require directive, as in these examples:

require user joe
require group authors
require valid-user joe
The require user directive states that, even if a person is permitted by the allow directive, their user name still must be in the permitted users file (.htpasswd). The require user form of the directive means that the person's user name must be in the group file if the keyword is group. And, if the keyword is valid-user, the user must enter their name and password to validate that they are permitted into the directory. By default, the user must satisfy all the given directives.
The file can also contain the directive satisfy. The satisfy directive is used to allow any require directive to be satisfied, and then all directives will be satisfied. Again, the default is the keyword all, so it is not required. This is used to open the security up a tad, rather than keeping it tightly closed.

Now that you have a general idea of some commands, scroll down for more tricks.
For quick "Copy and paste" password protection, see Password protect a file or directory


Denying access to certain IP's

This code will block 123.456.789.0 IP and all others that are starting with 128.45.67. Everybody else will be able to access your site. You can block as many addresses as you want, but that kind of defeats the purpose of having a web site in the first place.

<Limit GET>
order allow,deny
deny from 123.456.789.0
deny from 123.45.67
allow from all


Changing your default page

If your website is called company.com and there was a request for http://www.company.com/, the system will return a file. The file that this returns is called the default file. When the server sees the URL above, the server checks to see what the default file is supposed to be, and it will return that file to the user. In most systems the default file is called index.html.

DirectoryIndex products.html
This file, placed the the directory "steel" containing "products.html" will bring visitors to that page.
Example: "http://www.yourcompany/steel/" will default to "http://www.yourcompany/steel/products.html"


Redirect a user to another page

If you have changed the location of a page, prevent bad links from occurring in places you or some one else forgot to change.

Redirect /oldpage.html /newdirectory/newpage.html


Professional Error Page

Did you ever notice how some Websites display a nice fancy "Sorry" page instead of the generic, server-generated "404" error page when a non-existent page is requested? Just create your own custom error pages, named "404.html" "401.html" "500.html" and add these lines to your .htaccess file:

ErrorDocument 404 http://www.domain.com/404.html
ErrorDocument 401 http://www.domain.com/401.html
ErrorDocument 500 http://www.domain.com/500.html


SSI Without .shtml

Looking through an html file for SSI directives is called "parsing", and by default a server doesn't parse every html file. It only parses pages that have a .shtml extension.

AddType text/html .html
AddHandler server-parsed .html
replace .html with .htm if that's what you are using for your pages.


Stop linking to downloads

Say you have taken the trouble to write programs, scripts, ect, and made them available for download. I am sure you would like the credit for it, and preffer people visit your site to get it. The following will prevent people from linking directly to your downloads and claiming it is theirs.

AuthUserFile /dev/null 
AuthGroupFile /dev/null
RewriteEngine On RewriteCond
%{HTTP_REFERER}!>http://yourwebsite.com[NC] RewriteCond %{HTTP_REFERER}!>http://www.yourwebsite.com[NC] RewriteCond %{HTTP_REFERER}!>http://555.555.555.555[NC] RewriteRule /*http://www.yourwebsite.com/page.htm[R,L]
The first line tells the server not to look for users.
The second line tells the server not to look for groups.
The third line tells Apache to turn on the MOD Rewite
The next three lines you change to your address, with, and without the www. as well as your IP.
The last line is where you would like the link from the site trying to download from their pages to be redirected. This way if some one links directly to your "coolscript.zip" from their website, instead of a download, the link will bring them a webpage that you specify.


Trap pesky spambots

Stop paying for bandwidth when all somebody is doing is trying to get e-mail addresses out of your pages.

RewriteEngine  on
     RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon   [OR]
     RewriteCond %{HTTP_USER_AGENT} ^EmailWolf     [OR]
     RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro  [OR]
     RewriteCond %{HTTP_USER_AGENT} ^CherryPicker  [OR]
     RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO     [OR]
     RewriteCond %{HTTP_USER_AGENT} ^Teleport*28     [OR]
     RewriteCond %{HTTP_USER_AGENT} ^EmailCollector
     RewriteRule ^.*$ problem.html  [L]
What this means is if HTTP_USER_AGENT from the beginning matches any of the listed values, they will be redirected to the "problem.html" page that you create. You can have it say whatever you want, but in order to truly trap them, there must be NO links on this page.


  - Account Log ins
  Control Panel Sample

  - Getting Started
  Chosing a Password
  Index Files
  Quick Html
  Virus Tracker
  Anti Spam Tips

  - Creating Databases
  Moving Databases

  - Htaccess
  Hot Linking
  Password Protection

  - Unix Commands
  Regular Expressions
  Telnet / SSH

Our Software Picks



| Copyright | © 2000 MyPagesOnline, All Rights Reserved | Privacy Statement |