Htaccess User Guide

Source: Internet
Author: User
Tags change settings microsoft frontpage password protection

The. htaccess of the Apache server is a very powerful distributed configuration file. Learn to use. htaccess, which can implement many functions for VM users. Here is an easy-to-understand. htaccess introduction, which is very suitable for getting started articles. The article was originally translated from and qiran in Chinese. I will improve it.

  • Part 1-Introduction to Introduction
  • Part 2-. htaccess commande command
  • Part 3-password protection

Part 1-Introduction to Introduction

Introduction to Introduction

In this tutorial you will find out about. htaccess file and the power it has to improve your website. although. htaccess is only a file, it can change settings on the servers and allow you to do your different things, the most popular being able to have your own custom 404 error pages .. htaccess isn' t difficult to use and is really just made up of a few simple instructions in a text file.
In this guide, you can learn about. htaccess files and their functions and optimize your website. Although. htaccess is just a file, but it can change the server settings and allow you to do many different things. The most popular feature is that you can create a custom "404 error" page .. Htaccess is not difficult to use. In the final analysis, it simply adds several simple commands to a text document.

Will my host support it? Does my host support it?

This is probably the hardest question to give a simple answer. many hosts support. htaccess but don't actually publicise it and have other hosts have the capability but do not allow their users to have. htaccess file. as a general rule, if your server runs Unix or Linux, or any version of the Apache Web server it will support. htaccess, although your host may not allow you to use it.
This may be difficult to answer with simple answers. Many hosts support. htaccess, but they are not specifically declared. Many other types of hosts have the ability but do not allow their users to use. htaccess. In general, if your host uses a Unix or Linux system or any version of Apache network server, it is theoretically supported. htaccess, although your host service provider may not allow you to use it.

A good sign of whether your host allows. htaccess files is if they support password protection of folders. to do this they will need to offer. htaccess (although in a few cases they will offer password protection but not let you use. htaccess ). the best thing to do if you are unsure is to either upload your own. htaccess file and see if it works or e-mail your web host and ask them.
Determine whether your host allows. htaccess. A good sign is that it supports folder password protection. To achieve this function, the host service provider needs to use. htaccess (of course, although they provide password protection in a few cases, they do not allow you to use. htaccess ). If you are not sure whether your host supports. htaccess, the best way is to upload your own. htaccess file to see if it is useful, or directly send an e-mail to your host service provider for consultation.

What can I do? What should I do?

You may be wondering what. htaccess can do, or you may have read about some of its uses but don't realize how many things you can actually do with it.
You may wonder what. htaccess can do, or you may have known some of its functions but do not really know how much you can actually use it to do.

There is a huge range of things. htaccess can do including: password protecting folders, redirecting users automatically, custom error pages, changing your file extensions, banning users with certian IPAddresses, only allowing users with certain IPAddresses, stopping directory listings and using a different file as the index file.
. Htaccess can do a lot of things, including: folder password protection, automatic user redirection, custom error pages, users who change your file extension, ban specific IP addresses, users who only allow specific IP addresses, and list of prohibited directories, and use other files as index files.

Creating a. htaccess file to create a. htaccess document

Creating. htaccess file may cause you a few problems. writing the file is easy, you just need enter the appropriate code into a text editor (like Notepad ). you may run into problems with saving the file. because. htaccess is a strange file name (the file actually has no name but a 8 letter file extension) It may not be accepted on certain systems (e.g. windows 3.1 ). with most operating systems, though, all you need to do is to save the file by entering the name:
Creating a. htaccess file may bring you some difficulties. It is easy to write files. You only need to write the appropriate code in the Text Editor (for example, WordPad. The real difficulty may be the file storage, because. htaccess is an odd file name (it does not actually have a file name and only has an extension consisting of eight letters), which cannot be accepted in some systems (such as Windows 3.1. In most operating systems, what you need to do is to save the document as follows:

". Htaccess"

(Including the quotes ). if this doesn't work, you will need to name it something else (e.g. htaccess.txt) and then upload it to the server. once you have uploaded the file you can then rename it using an FTPProgram.
(Including quotation marks ). If so, you should first name it as its nickname (for example, htaccess.txt), then upload it to the server, and then rename it directly using the FTP software.

Warning warning

Before beginning using. htaccess, I shoshould give you one warning. although using. htaccess on your server is extremely unlikely to cause you any problems (if something is wrong it simply won't work), you should be wary if you are using the Microsoft FrontPage extensions. the Frontpage Extensions use. htaccess file so you shoshould not really edit it to add your own information. if you do want to (this is not recommended, but possible) You shoshould download. htaccess file from your server first (if it exists) and then add your code to the beginning.
Before using. htaccess, I must give you some warnings. Although it is used on the server. htaccess is unlikely to cause you any trouble (if something is wrong, it is useless), but if you use MICROSOFT FrontPage extensions, you must be very careful. Because Frontpage Extensions uses. htaccess, you cannot edit it and add your own information. If you do need this (not recommended, but possible), you should first download the. htaccess document from the server (if any), and then add your code in front of it.

Custom error pages

The first use of. htaccess file which I will cover is custom error pages. these will allow you to have your own, personal error pages (for example when a file is not found) instead of using your host's error pages or having no page. this will make your site seem much more professional in the unlikely event of an error. it will also allow you to create scripts to your y you if there is an error (for example I use a PHPScript on free webmaster help to automatically e-mail me when a page is not found ).
I want to introduce. the first application of htaccess is a custom error page, which allows you to have your own personalized error page (for example, when a file cannot be found ), instead of the error pages provided by your service provider or without any pages. This will make your website look more professional when an error occurs. You can also use the script program to notify you when an error occurs (for example, if I use the free webmaster help PHP script program, I will automatically email it to me when the page cannot be found ).

You can use custom error pages for any error as long as you know its number (like 404 for page not found) by adding the following to your. htaccess file:
You can add the following text to the. htaccess file to convert any page error code you know (such as page 404 cannot be found) to a custom page:

Rrordocument errornumber/file.html

For example if I had the file notfound.html IN THE ROOT direct
Ory of my site and I wanted to use it for a 404 error I wocould use:
For example, if my root directory contains a nofound.html file, I want to use it as the 404 error page:

Errordocument 404/notfound.html

If the file is not in the root directory of your site, you just need to put the path to it:
If the file is not in the root directory of the Website, you only need to set the path:

Errordocument 500/errorpages/500.html

These are some of the most common errors:
The following are some of the most common errors:

401-authorization required needs verification
400-bad request error request
403-Forbidden prohibited
500-Internal Server Error
404-Wrong page cannot find the page

Then, all you need to do is to create a file to display when the error happens and upload it and the. htaccess file.
Next, you only need to create a file displayed when an error occurs, and then upload them together with. htaccess.

Part 2-. htaccess command

Introduction to Introduction

In the last part I introduced you to. htaccess and some of its useful features. In this part I will show you how to use the. htaccess file to implement some of these.
In the previous section, I have briefly introduced. htaccess and some of its useful functions. In this section, I will show you how to use the. htaccess document to implement these functions.

Stop a Directory Index from being shown stop show directory list

Sometimes, for one reason or another, you will have no index file in your directory. this will, of course, mean that if someone types the directory name into their browser, a full listing of all the files in that directory will be shown. this cocould be a security risk for your site.
Sometimes, for some reason, there is no index file in your directory, which means that when someone typed the directory path in the address bar of the browser, all the files in the directory will be displayed, this will leave security risks to your website.

To prevent against this (without creating lots of new 'index' files, you can enter a command into your. htaccess file to stop the directory list from being shown:
To avoid this situation (instead of creating a bunch of new index files), you can type the following command in your. htaccess document to prevent the display of the Directory List:


Deny/allow certian IPAddresses blocks/allows specific IP addresses

In some situations, you may want to only allow people with specific IPAddresses to access your site (for example, only allowing people using a participant ISPTo get into a certian directory) or you may want to ban certian IPAddresses (for example, keeping disruptive memembers out of your message boards). Of course, this will only work if you know the IPAddresses you want to ban and, as most people on the Internet now have a dynamic IPAddress, so this is not always the best way to limit usage.
In some cases, you may only want to allow users of certain IP addresses to access your website (for example, only users of specific ISPs can access a directory ), or you want to block some specific IP addresses (for example, isolate low-level users from outside your information layout ). Of course, this is only useful when you know the IP address you want to intercept. However, most users on the Internet use dynamic IP addresses, so this is not a common method to restrict the use of dynamic IP addresses.

You can block an IP addressAddress by using:
You can use the following command to block an IP Address:

Deny from

Where is the IPAddress. If you only specify 1 or 2 of the groups of numbers, you will block a whole range.
Here, is the banned IP address. If you specify only a few of them, you can block the IP address of the entire network segment. If you enter 210.10.56., ~ All IP addresses of

You can allow an IPAddress by using:
You can use the following command to allow an IP address to access a website:

Allow from

Where is the IPAddress. If you only specify 1 or 2 of the groups of numbers, you will allow a whole range.
The allowed IP address is You can block the entire network segment like the banned IP address.

If you want to deny everyone from accessing a directory, you can use:
If you want to prevent everyone from accessing this directory, you can use:

Deny from all

But this will still allow scripts to use the files in the directory.
However, this does not affect the use of the files in this directory by the script program.

Alternative index Files Replaces the index file

You may not always want to use index.htm or index.html as your index file for a directory, for example if you are using PHPFiles in your site, you may want index. PHP to be the index file for a directory. you are not limited to 'index' files though. using. htaccess you can set foofoo. blah to be your index file if you want!
You may not want to use index.htmor index.html as the index file of the directory. For example, if your site uses the PHP file, you may want to use index. php as the index document for this directory. Of course, you don't have to be limited to the "Index" document. If you want to use. htaccess, you can even set foofoo. balh as your index document!

Alternate index files are entered in a list. the server will work from left to right, checking to see if each file exists, if none of them exisit will display a directory listing (unless, of course, you have turned this off ).
These replace index files can be arranged in a list, and the server will search from left to right to check which document exists in the real directory. If one cannot be found, it will display the Directory List (unless you have disabled the display directory file list ).

Directoryindex index. php index. php3 messagebrd. pl index.html index.htm

Redirection redirection

One of the most useful functions of. htaccess file is to redirect requests to different files, either on the same server, or on a completely different web site. it can be extremely useful if you change the name of one of your files but allow users to still find it. another use (which I find very useful) is to redirect to a longer URL, For example in my newsletters I can use a very short URLFor my affiliate links. The following can be done to redirect a specific file:
One of the most useful features of. htaccess is to redirect requests to different documents within or outside the same site. This is extremely useful when you change the name of a file but still want users to access it with an old address. Another application (which I found useful) is redirected to a long URL. For example, in my newsletters, I can use a very short URL to point to my member link. The following is an example of a redirection file:

Redirect/location/from/root/file. ext


In this above example, a file in the root directory called oldfile.html wocould be entered:
In the previous example, if the name of "maid" in the rootdirectory is "oldfile.html", you can type:


And a file in the old subdirectory wocould be entered:
To access a file in an old sub-directory, enter:


You can also redirect whole directoires of your site using. htaccess file, for example if you had a directory called olddirectory on your site and you had set up the same files on a new site: you cocould redirect all the files in that directory without having to specify each one:
You can also use. htaccess to redirect the entire website directory. Assume that you have a directory named olddirectory on your website, and you have logged on to a new website:


Then, any request to your site below/olddirectory will bee redirected to the new site, with
Extra information in the URLAdded on, for example if someone typed in:
In this way, any request directed to the/olddirectory directory at the site will be directed again to the new site, including additional URL Information. For example, someone typed:


They wocould be redirected:
The request will be redirected:


This can prove to be extremely powerful if used correctly.
This feature is extremely powerful if used correctly.

Part 3-password protection

Introduction to Introduction

Although there are using uses of. htaccess file, by far the most popular, and probably most useful, is being able to relaibly password protect directories on websites. although JavaScript etc. can also be used to do this, only. htaccess has total security (as someone must know the password to get into the directory, there are no 'back docs ')
Although there are a variety of. htaccess usage, the most popular and most useful practice is to use it for reliable password protection of website directories. Although such as javascrip can also be achieved, only. htaccess has perfect security (that is, visitors must know the password to access the directory, and there is no "backdoor" to go ).

The. htaccess File Password-protected. htaccess File

Adding password protection to a directory using. htaccess takes two stages. the first part is to add the appropriate lines to your. htaccess file in the directory you wowould like to protect. everything below this directory will be password protected:
Using. htaccess to add password protection to a directory involves two steps. The first step is to add the appropriate lines of code to your. htaccess document, and then put the. htaccess document in the directory you want to protect:

Authname "section name"
Authtype basic
Authuserfile/full/path/to/. htpasswd
Require valid-user

There are a few parts of this which you will need to change for your site. you shoshould Replace "section name" with the name of the part of the site you are protecting e.g. "Members area ".
You may need to modify some of the above content based on your website situation, such as replacing "section name" with "members area" with "section name ".

The/full/Parth//. htpasswd shocould be changed to reflect the full server path to. htpasswd file (more on this later ). if you do not know what the full path to your webspace is, contact your system administrator for details.
/Full/Parth/to/. htpasswd should be replaced with the complete server path pointing to the. htpasswd file (which will be detailed later. If you do not know the complete path of your website space, ask your system administrator.

The. htpasswd File Password-protected. htpasswd File

Password protecting a directory takes a little more work than any of the other. htaccess functions because you must also create a file to contain the usernames and passwords which are allowed to access the site. these shoshould be placed in a file which (by default) shoshould be called. htpasswd. like. htaccess file, this is a file with no name and an 8 Letter extension. this can be placed anywhere within you website (as the passwords are encrypted) but it is advisable to store it outside the Web root so that it is impossible to access it from the web.
Directory password protection ratio. other features of htaccess are troublesome because you must create a document containing the user name and password to access your website. The relevant information (by default) is located in a file named. htpasswd document. Like. like htaccess ,. htpasswd is also a document without a file name and has an 8-bit extension. It can be stored anywhere on your website (the password should be encrypted at this time ), however, it is recommended that you save it outside the web root directory of the website so that it cannot be accessed through the network.

Entering usernames and passwords enter the user name and password

Once you have created your. htpasswd file (you can do this in a standard text editor) You must enter the usernames and passwords to access the site. They shocould be entered as follows:
After creating the. htpasswd document (you can create it in a text editor), enter the user name and password used to access the website:

Username: Password

Where the password is the encrypted format of the password. to encrypt the password you will either need to use one of the premade scripts available on the Web or write your own. there is a good username/password service at the KXS site which will allow you to enter the user name and password and will output it in the correct format.
The "password" must be an encrypted password. You can obtain the encrypted password in several ways: First, you can use a permade script provided on the Internet or write it yourself; the other good username/password encryption service is through the KXS website, here, you can enter the user name and password, and then generate a password in the correct format.

For multiple users, just add extra lines to your. htpasswd file in the same format as the first. there are even scripts available for free which will manage. htpasswd file and will allow automatic adding/removing of users etc.
For multiple users, you only need to add a line in the same format in the. htpasswd document. In addition, there are some free script programs that can easily manage the. htpasswd documentation and automatically Add/Remove users.

Accessing the site

When you try to access a site which has been protected. htaccess your browser will pop up a standard username/password dialog box. if you don't like this, there are certain scripts available which allow you to embed a username/password box in a website to do the authentication. you can also send the username and password (unencrypted) in the URLAs follows:
When you try to access a directory protected by the. htaccess password, the standard username/password dialog window will pop up in your browser. If you do not like this method, some script programs allow you to embed username/password input boxes in the page for authentication, you can also enter the user name and password (unencrypted) in the URL of your browser in the following ways ):

Http: // username:


. Htaccess is one of the most useful files a Webmaster can use. There are a wide variety of different uses for it which can save time and increase security on your website.
. Htaccess is a powerful tool that can be applied by site administrators. More changes can be made to adapt to different purposes, saving time and improving website security.

Related reading:

  • KXS password encrypter
  • Apache. htaccess documentation
  • More. htaccess sites
  • Related reading


. Htaccess special instructions

  • To enable. htaccess, you must modify httpd. conf, enable AllowOverride, and use AllowOverride to restrict the use of specific commands.
  • If you want to use a file name other than. htaccess, you can use the accessfilename command to change the file name. For example, to use. config, you can configure it in the server configuration file as follows:
    Accessfilename. config

  • Generally, the. htaccess file should not be used unless you have no access permission to the master configuration file. There is a common misunderstanding that user authentication can only pass. the htaccess file implementation is not like this. It is feasible to write user authentication in the main configuration file, and it is a good method .. The htaccess file should be used when the content provider needs to change the server configuration for a specific directory without the root permission. If the server administrator is unwilling to modify the configuration frequently, the user can pass. the htaccess file modifies the configuration by itself, especially when the ISP runs multiple user sites on the same machine, and you want to change the configuration by yourself. Even so, we should avoid using the. htaccess file as much as possible. Any configuration that you want to put in the. htaccess file can be placed in the <directory> segment of the main configuration file, and it is more efficient. There are two main reasons to avoid using the. htaccess file: performance and security.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.