This is an introduction to. htaccess and a document about the. htaccess application that is easy to understand. I translated it at will and played it myself. htaccess • Part 1-Introduction to Introduction • Part 2-. htaccess commande command • Part 3-password protection Part 1-Introduction to Introduction Introduction to Introduction In this tutorial you will find out about. htaccess file and the power it has to improve your website. although. htaccess is only a file, it can change settings on the servers and allow you to do your different things, the most popular being able to have your own custom 404 error pages .. htaccess isn' t difficult to use and is really just made up of a few simple instructions in a text file. From this guide, you can learn about the. htaccess documentation and its functions to optimize your website. Although. htaccess is just a document, but it can change the server settings, allowing you to do many different things, the most popular feature is that you can create a custom "404 error" page .. Htaccess is not difficult to use. It just adds several simple commands to a text document. Will my host support it? Does my host support it? This is probably the hardest question to give a simple answer. many hosts support. htaccess but don't actually publicise it and have other hosts have the capability but do not allow their users to have. htaccess file. as a general rule, if your server runs Unix or Linux, or any version of the Apache Web server it will support. htaccess, although your host may not allow you to use it. This may be difficult to answer with simple answers. Many hosts support. htaccess but do not explicitly declare that many other types of hosts have the ability but do not allow their users to use. htaccess documentation. As a general rule, if your host uses a Unix or Linux system or any version of Apache network server, it is generally supported. although your host server may not allow you to use it. A good sign of whether your host allows. htaccess files is if they support password protection of folders. to do this they will need to offer. htaccess (although in a few cases they will offer password protection but not let you use. htaccess ). the best thing to do if you are unsure is to either upload your own. htaccess file and see if it works or e-mail your web host and ask them. Whether your host allows. htaccess. A good sign is whether it supports folder password protection. To this end, they will provide. htaccess support (although they provide password protection in rare cases, they do not allow you to use. htaccess ). If you are not sure, the best way is to upload your own. htaccess document to see if it is useful, and the second is to send an email to your host service provider. What can I do? What should I do? You may be wondering what. htaccess can do, or you may have read about some of its uses but don't realize how many things you can actually do with it. You may wonder what. htaccess can do, or you may have known some of its functions but do not really know how much you can actually use it to do. There is a huge range of things. htaccess can do including: password protecting folders, redirecting users automatically, custom error pages, changing your file extensions, banning users with certian IP addresses, only allowing users with certain IP addresses, stopping directory listings and using a different file as the index file. . Htaccess can do a lot of things, including: folder password protection, automatic redirection by users, custom error pages, change your file extension, shield specific user IP addresses, only allow specific IP addresses, stop directory tables, and use other files index file. Creating a. htaccess file to create a. htaccess document Creating. htaccess file may cause you a few problems. writing the file is easy, you just need enter the appropriate code into a text editor (like Notepad ). you may run into problems with saving the file. because. htaccess is a strange file name (the file actually has no name but a 8 letter file extension) It may not be accepted on certain systems (e.g. windows 3.1 ). with most operating systems, though, all you need to do is to save the file by entering the name: Creating a. htaccess document may cause several problems. It is easy to write documents. You only need to write the appropriate code in the Text Editor (for example, WordPad. Then, you may encounter difficulties in saving the document, because. htaccess is an odd file name (there is actually no file name in the document and there is only one extension consisting of eight letters). Some systems (such as Windows 3.1) cannot accept such a file name. In most operating systems, what you need to do is to save the document as follows:
". Htaccess"
(Including the quotes ). if this doesn't work, you will need to name it something else (e.g. htaccess.txt) and then upload it to the server. once you have uploaded the file you can then rename it using an FTP program. (Including quotation marks ). If this happens, you need to rename it to another name (such as htaccess.txt) and then upload it to the server. Then you can use the FTP software to rename it. Warning warning Before beginning using. htaccess, I shoshould give you one warning. although using. htaccess on your server is extremely unlikely to cause you any problems (if something is wrong it simply won't work), you should be wary if you are using the Microsoft FrontPage extensions. the Frontpage Extensions use. htaccess file so you shoshould not really edit it to add your own information. if you do want to (this is not recommended, but possible) You shoshould download. htaccess file from your server first (if it exists) and then add your code to the beginning. Before using. htaccess, I must give you some warnings. Although it is used on the server. htaccess is unlikely to cause you any trouble (if something is wrong, it is useless), but if you use MICROSOFT FrontPage extensions, you need to be careful. FrontPage Extensions uses. htaccess, so you cannot edit it and add your own information. If you need it (not recommended, but possible), you should first download the. htaccess document from the server (if any), and then add your code to the front. Custom error pages The first use of. htaccess file which I will cover is custom error pages. these will allow you to have your own, personal error pages (for example when a file is not found) instead of using your host's error pages or having no page. this will make your site seem much more professional in the unlikely event of an error. it will also allow you to create scripts to publish y you if there is an error (for example I use a PHP script on free webmaster help to automatically e-mail me when a page is not found ). What I want to introduce. the first application of htaccess is a custom error page, which allows you to have your own personalized error page (for example, when a file cannot be found ), instead of the error pages provided by your service provider or without any pages. This will make your website look more professional when an error occurs. You can also use the script program to notify you when an error occurs (for example, if I use the free webmaster help PHP script program, I will automatically email it to me when the page cannot be found ). You can use custom error pages for any error as long as you know its number (like 404 for page not found) by adding the following to your. htaccess file: Any code error that you know (such as page 404 cannot be found) can be converted into a custom page. All you need to do is add the following section to the. htaccess file:
Errordocument errornumber/file.html
For example if I had the file notfound.html IN THE ROOT direct Ory of my site and I wanted to use it for a 404 error I wocould use: For example, if my root directory contains a nofound.html document, I want to use it as a 404 error page:
Errordocument 404/notfound.html
If the file is not in the root directory of your site, you just need to put the path to it: If the file is not in the root directory of the Website, you only need to set the path:
Errordocument 500/errorpages/500.html
These are some of the most common errors: The following are some of the most common errors:
401-authorization required 400-bad request 403-Forbidden 500-Internal Server Error 404-Wrong page
Then, all you need to do is to create a file to display when the error happens and upload it and the. htaccess file. In this way, you only need to generate an error display document and upload them. Part 2-. htaccess command Introduction to Introduction In the last part I introduced you to. htaccess and some of its useful features. In this part I will show you how to use the. htaccess file to implement some of these. In the previous section, I have introduced you to. htaccess and some of its useful functions. In this section, I will show you how to apply the. htaccess document to implement these functions. Stop a Directory Index from being shown stop show Directory Index Sometimes, for one reason or another, you will have no index file in your directory. this will, of course, mean that if someone types the directory name into their browser, a full listing of all the files in that directory will be shown. this cocould be a security risk for your site. Sometimes, for some reason, there is no index file in your directory. Of course, this means that if someone typed the directory path in the address bar of the browser, all the files in the directory will be displayed, this poses a security threat to the website. To prevent against this (without creating lots of new 'index' files, you can enter a command into your. htaccess file to stop the directory list from being shown: To avoid this situation (instead of creating a bunch of new index documents), you can type the following command in your. htaccess document to prevent the display of directory indexes:
Options-Indexes
Deny/allow certian IP addresses block/allow specific IP addresses In some situations, you may want to only allow people with specific IP addresses to access your site (for example, only allowing people using a special ISP to get into a certian directory) or you may be want to ban certian IP addresses (for example, keeping disruptive memembers out of your message boards ). of course, this will only work if you know the IP addresses you want to ban and, as most people on the Internet now have a dynamic IP address, so this is not always the best way to limit usage. In some cases, you may only want to allow users of certain IP addresses to access your website (for example, only users of specific ISPs can access a directory ), or you want to intercept some specific IP addresses (for example, isolate low-level users out of your information version ). Of course, this is only useful when you know the IP address you want to intercept. However, most users on the Internet use dynamic IP addresses, so this is not a common method to restrict the use of dynamic IP addresses. You can block an IP address by using: You can use the following command to intercept an IP Address:
Deny from 000.000.000.000
Where 000.000.000.000 is the IP address. If you only specify 1 or 2 of the groups of numbers, you will block a whole range. The intercepted IP address is 000.000.000.000. If you only specify one or two of the code groups, you can intercept the IP addresses of the entire region. You can allow an IP address by using: You can use the following command to allow access from an IP address:
Allow from 000.000.000.000
Where 000.000.000.000 is the IP address. If you only specify 1 or 2 of the groups of numbers, you will allow a whole range. The allowed IP address is 000.000.000.000. If you only specify one or two code groups, you can allow the IP addresses of the entire region. If you want to deny everyone from accessing a directory, you can use: If you want to prevent everyone from accessing the file directory, you can use:
Deny from all
But this will still allow scripts to use the files in the directory. However, this will still allow the script program to use the files in this directory. Index document replaced by alternative index files You may not always want to use index.htm or index.html as your index file for a directory, for example if you are using PHP files in your site, you may want index. PHP to be the index file for a directory. you are not limited to 'index' files though. using. htaccess you can set foofoo. blah to be your index file if you want! You may not want to directly use index.htmor index.html as the index document of the directory. For example, if your site uses the PHP document, you will want to use index. php as the index document of the directory. Of course, you do not need to be limited to the "Index" document. If you want to, you can use foofoo. balh as your index document! Alternate index files are entered in a list. the server will work from left to right, checking to see if each file exists, if none of them exisit will display a directory listing (unless, of course, you have turned this off ). The alternative index document can be arranged in a list, and the server will search from left to right to see which document exists in the real directory. If one cannot be found, it will display the Directory List (unless you close the display directory file list ).
Directoryindex index. php index. php3 messagebrd. pl index.html index.htm
Redirection points again One of the most useful functions of. htaccess file is to redirect requests to different files, either on the same server, or on a completely different web site. it can be extremely useful if you change the name of one of your files but allow users to still find it. another use (which I find very useful) is to redirect to a longer URL, for example in my newsletters I can use a very short URL for my affiliate links. the following can be done to redirect a specific file: One of the most useful features of. htaccess is to redirect requests to different documents on or off the site. This feature is extremely useful when you change the document name but still want users to find it using the old link. Another application (which I found very useful) is to point to a long URL again. For example, in my current affairs information, I can use a very short URL to point to my union link. Here is an example of pointing to a specific document again:
Redirect/location/from/root/file. Ext http://www.othersite.com/new/file/location.xyz
In this above example, a file in the root directory called oldfile.html wocould be entered: In the example above, if the name of the root directory is oldfile.html, you can type:
/Oldfile.html
And a file in the old subdirectory wocould be entered: To access a file in an old sub-directory, enter:
/Old/oldfile.html
You can also redirect whole directoires of your site using. htaccess file, for example if you had a directory called olddirectory on your site and you had set up the same files on a new site: http://www.newsite.com/newdirectory/ you cocould redirect all the files in that directory without having to specify each one: You can also use. htaccess to redirect the entire website directory. If your website has a directory named olddirectory:
Redirect/olddirectory http://www.newsite.com/newdirectory
Then, any request to your site below/olddirectory will bee redirected to the new site, with Extra information in the URL added on, for example if someone typed in: In this way, any request directed to/olddirectory in the site will be directed to the new site again, including additional URL Information. For example, someone typed:
Http://www.youroldsite.com/olddirecotry/oldfiles/images/image.gif
They wocould be redirected: The request will be redirected:
Http://www.newsite.com/newdirectory/oldfiles/images/image.gif
This can prove to be extremely powerful if used correctly. This function is extremely powerful if used correctly. Part 3-password protection Introduction to Introduction Although there are using uses of. htaccess file, by far the most popular, and probably most useful, is being able to relaibly password protect directories on websites. although JavaScript etc. can also be used to do this, only. htaccess has total security (as someone must know the password to get into the directory, there are no 'back docs ') Although there are a variety of. htaccess usage, the most popular and perhaps the most useful practice is to use it for reliable password protection of website directories. Although such as javascrip can also be achieved, only. htaccess has perfect security (that is, visitors must know the password to access the directory, and there is no "backdoor" to go ). The. htaccess File Adding password protection to a directory using. htaccess takes two stages. the first part is to add the appropriate lines to your. htaccess file in the directory you wowould like to protect. everything below this directory will be password protected: Using. htaccess to add password protection to a directory involves two steps. The first step is to add the appropriate lines of code to your. htaccess document, and then put the. htaccess document in the directory you want to protect:
Authname "section name" Authtype basic Authuserfile/full/path/to/. htpasswd Require valid-user
There are a few parts of this which you will need to change for your site. you shoshould Replace "section name" with the name of the part of the site you are protecting e.g. "Members area ". There are several small parts that you may need to modify based on your website situation. Replace "section name" with the name of the protected part, for example, "members area ". The/full/Parth//. htpasswd shocould be changed to reflect the full server path to. htpasswd file (more on this later ). if you do not know what the full path to your webspace is, contact your system administrator for details. In addition,/full/Parth/to/. htpasswd should be replaced with the complete server path pointing to the. htpasswd document (which will be detailed later. If you do not know the full path of your website space, ask your system administrator. The. htpasswd File Password protecting a directory takes a little more work than any of the other. htaccess functions because you must also create a file to contain the usernames and passwords which are allowed to access the site. these shoshould be placed in a file which (by default) shoshould be called. htpasswd. like. htaccess file, this is a file with no name and an 8 Letter extension. this can be placed anywhere within you website (as the passwords are encrypted) but it is advisable to store it outside the Web root so that it is impossible to access it from the web. Directory password protection ratio. other features of htaccess are troublesome, because you must create a document containing the user name and password to access your website. The relevant information (by default) should be located in a file named. in the htpasswd document. like htaccess ,. htpasswd is also a document without a file name and has an 8-bit extension. It can be stored anywhere on your website (the password should be encrypted at this time ), however, it is recommended that you save it outside the root directory of the website so that it cannot be accessed through the network. Entering usernames and passwords enter the user name and password Once you have created your. htpasswd file (you can do this in a standard text editor) You must enter the usernames and passwords to access the site. They shocould be entered as follows: After creating the. htpasswd document (you can create it in a text editor), enter the user name and password used to access the website:
Username: Password
Where the password isEncryptedFormat of the password. to encrypt the password you will either need to use one of the premade scripts available on the Web or write your own. there is a good username/password service at the KXS site which will allow you to enter the user name and password and will output it in the correct format. The "password" must be an encrypted password. You can obtain the encrypted password in several ways: First, you can use a permade script provided on the Internet or write it yourself; the other good username/password encryption service is through the KXS website, here, you can enter the user name and password, and then generate a password in the correct format. For multiple users, just add extra lines to your. htpasswd file in the same format as the first. there are even scripts available for free which will manage. htpasswd file and will allow automatic adding/removing of users etc. For multiple users, you only need to add a line in the same format in the. htpasswd document. In addition, there are some free script programs that can easily manage the. htpasswd documentation and automatically Add/Remove users. Accessing the site When you try to access a site which has been protected. htaccess your browser will pop up a standard username/password dialog box. if you don't like this, there are certain scripts available which allow you to embed a username/password box in a website to do the authentication. you can also send the username and password (unencrypted) in the URL as follows: When you try to access a directory protected by the. htaccess password, the standard username/password dialog window will pop up in your browser. If you do not like this method, some script programs allow you to embed username/password input boxes in the page for authentication, you can also enter the user name and password (unencrypted) in the URL of your browser in the following ways ):
Http: // username: password@www.website.com/directory/
Summary . Htaccess is one of the most useful files a Webmaster can use. There are a wide variety of different uses for it which can save time and increase security on your website. . Htaccess is a powerful tool that can be applied by site administrators. More changes can be made to adapt to different purposes, saving time and improving website security. |