- 0845 DialTutorials - Webspace > .htaccess
Tutorials & FAQs: General: .htaccess.htaccess is a file that you can create using Notepad in Windows (or any text editor) to add some additional functionality to your website and server. It is usually supported by all Unix/Linux web hosts which use the Apache server. This tutorial will help you create the file and use it on your site.
Note 1: .htaccess is the full name of this file, to create it using Notepad load it up, add text to the file, then go to File > Save As. Then click the drop down menu saying Save As Type and select All files. Then in the filename, type in .htaccess and it will save it.
Note 2: You may not be able to view it in your FTP program after uploading so investigate how to switch on the -a command with the filters in your FTP client, or SSH to the server and use the ls -a command to view all the files.
.htaccess files affect the directory they are placed in and all sub-directories. That is, an .htaccess file located in your root directory (yoursite.com) would affect yoursite.com/content, yoursite.com/content/contents, etc.
The .htaccess file will allow you to include the following features in your site:
- Error Documents
- Password protection
- Enabling SSI via htaccess
- Deny users by IP
- Change your default directory page
- Redirects
- Prevent viewing of .htaccess
- Adding MIME types
- Preventing hot linking of your images
- Preventing directory listing
Error Documents
These are very useful and allow you to specify a page that the user goes to if there is an error. The most useful way you could use this is with the "404 Page Not Found" error. You can provide the user a list of common links, a link to your homepage, an e-mail address or whatever you feel like!
You create this in the .htaccess file by including the following command, replacing the value in [square brackets]:
| ErrorDocument [number] [path to document location] |
So, for example, the Olate 404 page is done like this:
| ErrorDocument 404 /errors/404.php |
Instead of directing users to a page, you can display some HTML instead:
| ErrorDocument 404 "<b>Page Not Found</b><p /><br /><a href="index.php">Return to the homepage</a> |
However, it is better to use the page as you have more control. You can find a list of error codes here.
Password Protection
You can protect a specific directory with the .htaccess file by doing the following:
- Create a new file called .htpasswd in the same way as we created the .htaccess file above.
- The .htpasswd file uses the following format for storing username and passwords:
| username:password |
There must be no spaces on the line before username, either side of the colon or after the password text. If you want several people to have access to the protected space, with each having a different login, you can add as many username/password lines as you wish making sure each one is on a separate line.
username can be any text or name but should not contain any spaces.
password should not be entered as plain text because this file could be viewed. Use the following link to get an encrypted version of your password: http://www.euronet.nl/~arnow/htpasswd , then use the encrypted version as the password for the username.
To simplify the process, a tool now exists that can create your .htpasswd file entries for you which you can then cut/paste into your own .htpasswd file: http://users.plus.net/htpasswd/
| AuthUserFile /share/isp/plusnet/www/uu/username/htdocs/directory/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require valid-user |
The first line is the full server path to your .htpasswd file and will be different for each webspace (note: the path should be entered on the same line as AuthUserFile). To get your correct path for AuthUserFile just replace uu with the first 2 chars of your username, username with your username and directory with the name of the folder/directory you want to password protect. The .htaccess and .htpasswd files should then be put in directory. Note: if you put the .htaccess and .htpasswd files in the root of your site (htdocs on www server), it will password protect the entire site and ask for a username/password each time someone visits so it is not recommended to protect that one. Just place it in the sub directory you want to protect.
You can replace the EnterPassword text of AuthName with whatever you like, this is what is displayed in the login box when you acces the protected area. If you wish the message to have spaces in it, enter it within quote marks, such as "Enter The Password".
The above example shows the path to use for your www webspace. To find the path to use for your CGI server webspace do the following:
- use telnet (or similar app) to connect to your cgi server shell e.g. telnet plus.net
- Enter your cgi username & password to the login and password prompts
- At the shell prompt ($) enter pwd followed by the return key. This will show your current working directory which is the root of your cgi webspace.
- Use that information + the name of the directory/folder you want to protect as the path for the AuthUserFile line.
E.g.: /files/homeX/username/secret/.htpasswd where X could be 1, 2 or 3.
Once you have created your .htaccess and .htpasswd files and copied them to the directory/folder you want to protect you should test the folder protection via a browser. Enter the URL to the protected webspace (e.g. for www webspace if you put the files into a directory called protected, it may be something like http://www.username.plus.com/protected ). You should then be presented with a login screen where you must enter your username and password. If it works, entering a valid username/password will give you access to the folder, invalid username/password should not allow access to the folder.
If the above fails, check you have created the .htaccess and .htpasswd files correctly and that you have copied them to the correct place. If you used FTP to copy the files to your webspace (www or cgi) make sure you transfered them as text and they have gone into the correct folder. Or ftp them as htaccess.txt and htpasswd.txt and rename them to .htaccess and .htpasswd.
Enabling SSI Via .htaccess
If you cannot use SSI (Server Side Includes) with your host, you can try and enable it via the following command in the .htaccess file:
| AddType text/html .shtml AddHandler server-parsed .shtml Options Indexes FollowSymLinks Includes |
The first line tells the server which files it should parse as having SSI. The second line adds the handler that actually parses the SSI files.
SSI is already enabled on the PlusNet homepages server so you do not need to use the above code. However, to allow SSI in your .htm pages then use the following lines in your .htaccess file to avoid problems:
| AddType text/html .htm AddHandler server-parsed .htm |
Deny users by IP Address
If you want to stop a specific user from accessing your site, then include the following:
| order allow,deny deny from 123.45.6.7 deny from 12.34.5. allow from all |
Replace the IP addresses with the addresses you want to block. Or, as on the second "deny from" line, you can specify a section of the IP address, which will block all hosts whose IP addresses begin with a matching address.
Note: This features does not work on PlusNet servers.
Change your default directory page
This is a command which allows you to specify a file that is to be loaded as your default page whenever a directory or url request comes in, that does not specify a particular page.
| DirectoryIndex filename.html |
This would cause filename.html to be the default page of your site, so www.yourdomain.com would not go to index.html, but to filename.html.
Note: This features is disabled on all PlusNet servers except the HTML server (www.username.plus.com).
Redirects
If you change a section of your site structure, why leave people with a 404 when you can just redirect them?
| Redirect /olddirectory/oldfile.html http://yoursite.com/newdirectory/newfile.html |
If the user tries to access the old file, they will be redirected to the new file.
Prevent viewing of .htaccess file
To stop people from viewing the .htacess file in your site, include this line in the file:
| <Files .htaccess> order allow,deny deny from all </Files> |
Adding MIME Types
If the server is not setup correctly to serve certain file types, then you can change that with this line:
| AddType application/x-shockwave-flash swf |
Preventing hot linking of images
To stop people from using your images on their site while the image is still on your site (stealing valuable bandwidth), add the following to the .htaccess file:
| RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC] RewriteRule \.(gif|jpg)$ - [F] |
Replace mydomain.com with your domain name and the gif|jpg with any other file extension, such as gif|jpg|swf
Preventing Directory Listing
Sometimes, if you have a directory containing files, but not an index file, then the server will display the entire contents of that directory. To prevent this from happening, include this:
| IndexIgnore * |
The * is known as a wildcard and means all files. You could just block the gif and jpg files for example:
| IndexIgnore *.gif *.jpg |
That basically sums up the major functions you can use with .htaccess! I hope you have fun with it!
You can read more about Apache Directives here http://www.apache.org/docs/mod/directives.html which lists all the possible uses the .htacess file has!
Article Credit - http://www.olate.com
Password protection section updated 29/01/04 - petervaughan
Original Article by: mytton - Edited by: MauriceB