There is a lot of confusion when it comes to
.htaccess. This section is meant to resolve those confusions and make
.htaccess understandable to even the newest user. When most people think
about .htaccess or hear about it they think of user authentication. In
fact, .htaccess can be used for many different useful things, so many in
fact, you'll wish you knew more about .htaccess earlier on. Well maybe.
After reading this guide on .htaccess you will feel confident about
creating your own .htaccess files and using beginner to intermediate
directives. Here is a brief overview of what will be discussed:<br>
Custom Error Pages</li><br><li>Password Protect DirectoriesDisable Hot Linking & Fight BackBlock Referrers Change Default index page Redirecting Pages</li>Disable .htaccess File AccessHide Directory Listing
But first, let us discuss how .htaccess works and is applied to the file
structure of a Web Server. The great thing about .htaccess is that it
can be directory specific or directory all-inclusive, which simply means
that an .htaccess file can be applied to one directory or a multitude
of directories. Take the following [figures] for example:<br>
An .htaccess file in the public_html directory would apply to every
directory in the entire website (if it was in fact the only .htaccess
file).
domain.com/.htaccess
You do not have to place an identical .htaccess file in every
single directory that you want it applied. Instead, you can put it in
the main directory as illustrated in figure 1. above.
domain.com/images/.htaccess
domain.com/scripts/.htaccess
illustrates how you would place different
.htaccess within different directories. You will notice that in this
example the .htaccess files each begin with a letter... this is only to
portray a visual representation and help us understand that the withing
the following .htaccess files are differences. In reality you would
never name an .htaccess file because an .htaccess file has no name and
only the extenison, htaccess.
domain.com/images/A.htaccess
domain.com/images/hires/apples/B.htaccess
Knowing that .htaccess files control the directory in which it is in and
the directory's sub-directories, File A, controls the image directory
and the hires sub-directory. If file A happend to be the only .htaccess
file, it would control the apples directory as well. But, in this case,
File B controls the apples directory and any sub-directories that may be
in it.
Now that you know the very basics let's move on to some of the features.
Don't worry, the features will increase in difficulty but as they do
you will build core platform of understanding how to make .htaccess
files work for you.
We've all seen them on our own website and other's. Yes they serve a
great purpose by notifying us of varying issues but they also look very
dull. In an era where keeping visitors within the confines of your
website at all times is soo important, .htaccess files can help you turn
a potentially dull moment(seeing an error page) for a visitor into a
better experience.
Let's say that a visitor visits a certain page on your website only
to see the error 404 Not Found. What if you could turn that 404 page
into a page that allows your visitor to search what he/she was looking
for? This is completely possible through .htaccess. In fact, .htaccess
will let you either redirect traffic to a page on your site, or a page
on a completely separate domain.
figure 1.a illustrates how you can add 1 line of code to your
existing .htaccess file and have an error page redirect to another page
within your websit
ErrorDocument 404 /404error.html
The / in the above example represents your public_html folder.
figure 1.b illustrates how you can add 1 line of code to your
existing .htaccess file and have an error page redirect to another page
outside of your website.</li><br>
<blockquote>ErrorDocument 404 <a href="http://www.otherdomain.com/404error.html" target="_blank">http://www.otherdomain.com/404error.html</a></blockquote><br>
Redirects are another great thing .htaccess can do for you. You have to
be careful though... otherwise you can create an infinite loop which
could mean Ultimate Mayhem Death and Destruction for your Server.
Figure 1 will show you the correct way to redirect pages and Figure 2
will show you an easy way to get your account suspended for not being
careful.
Redirect /images/ "http://www.domain.com/gallery.html""_blank">http://www.domain.com/gallery.html</a><br>
The first / in the above example represents your public_html folder. In
this example, any call to any file in the image directory or any of its
sub-directories will be redirected to
http://www/domain.com/gallery.html. If you want to be creative you can
even redirect users to different files like mp3s telling them they
shouldn't be nosing around in your images directory etc...
Warning:The following is an example of
what you should NOT do. The following creates an infininte loop and can
cause excessive cpu load depending on certain circumstances.</blockquote><br>
Redirect /images/"http://www.domain.com/images/""_blank">http://www.domain.com/images/</a><br>
The first / in the above example represents your public_html folder. In
this example, any call to any file in the image directory or any of its
sub-directories will be redirected back to the images directory causing
an infinite loop.</blockquote><br>
Every once and a while and for some people more than others, there are
people that like to cause trouble and or countries that are known for
causing trouble. With .htaccess you can block individual IP addresses as
well as a range of them. Although, like every singe security measure
there is no guarantee of 100% protection. However, if you'd like to know
hwo to block IP addressses through .htaccess please proceed
order allow,deny
deny from 104.123.8.
deny from 104.123.8.120
allow from all
The above example will block access from IP addresses 104.123.8.0 to
104.123.8.120. Be careful though, you don't want to block out a huge
chunk of your audience unintentionally.
Disable Hot Linking and Fight Back
Most webmasters have fallen victim to hot linking somewhere down the
line. Heck, most of us are even guilty of it (e.g., linking to an image
on another website for a forum/profile post). The Linkage adds up and
translates into wastes bandwidth/money. The most common/popular form of
hotlinking occurs with images. A growing trend in this day an age is
hotlinking .js and other related scripting files. While the file sizes
of scripts may be lower than most of images, hotlinking still affects
the server that is being used and getting nothing in return.
Through .htaccess there are ways to block all sorts of file-types from
being hotlinked. This includes, images, music files, scripts, and
movies. To preven hotlinking through .htaccess you must have mod_rewrite
enabled on your server.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$<br>
<br>
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourwebsite.com/.*$ [NC]<br>
<br>
RewriteRule \.(gif|jpg|js|css)$ - [F]<br>
<br>
Line 1: Establishes that the Rewrite Engine should be on.<br>
<br>
Line 2: Establishes that any referrer is barred from hotlinking.<br>
<br>
Line 3: Establishes your Domain name.<br>
<br>
Line 4: Establishes the file-types to prevent hotlinking. Currently,
gifs, jpgs, js scripts, and css files are blocked from hotlinking. You
could easily add mp3 to the list. Line 4 would then look something like
this:
RewriteRule \.(gif|jpg|js|css|mp3)$ - [F]
Wait... didn't this topic mention something about Fighting Back? Oh yes,
yes it did. You can set .htaccess to recognize a hotlinking attempt and
instead, serve alternate content chosen by you. You can surprise your
attacker by linking to any url. Perhaps you want hotlinkers to see a
disturbing image or one that links back to your site. Maybe, you want to
get a little creative and have an mp3 play of how angry you are with
someone trying to steal your bandwidth. All of this is possible with
.htaccess.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourwebsite.com/.*$ [NC]
RewriteRule \$ <a href="http://www.yourwebsite.comhttp://www.yourwebsite.com/middlefinger.gif [R,L]
Line 1: Establishes that the Rewrite Engine should be on.
Line 2: Establishes that any referrer is barred from hotlinking.
Line 3: Establishes your Domain name.
Line 4: Establishes the file-types to prevent hotlinking. And, redirect link to alternative media.
Change Default Index Page
.htaccess has a little known feature that lets you change the name of
the default index page. Even if you have just been designing websites
for a small amount of time, you know by know that the default name of
the main web page is index. It just so happens that you can change it to
whatever you want. Maybe you want to change your default main page name
to darkchocolate.
DirectoryIndex darkchocolate.html
Establishes that the default main page
is now set to darkchocolate.html. If you'd like to expand the
extensions you could do something like this:
