FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


General .htaccess tutorial.





cr3ativ3
I was surprised to find that there was no tutorial outlining more then one feature of .htaccess, on the frihost forums.

I have decided to write my own which I may decide to use on other tutorial sites in the future so don't anyone think that someone has copied it if you see an exact copy of this tutorial some where else. Razz

So lets get started.

---------------------------------------------------------------------------------------------

.htaccess General Use Tutorial


Introduction to .htaccess

This tutorial assumes you know the basics of the web and basic html/xhtml.

Ok, so you want to learn about .htaccess eh? Well you have come to the right place, you have probably stumbled upon this tutorial because you have heard pf .htaccess don't really know much about it but would like to learn.

.htaccess is a means of overriding certain configurations in the apache httpd.conf file, you probably have no idea what I am talking about if you haven't worked with a server before so I will explain this in more detail.

Apache is a http server all web servers have a http server, i guess you could say an http server is a web server, apache is the is one of the top free http server technology's if not the top. Apache is configured using a file called httpd.conf this file contains all the configuration settings and other stuff. If you are on a shared server you won't have access to this file directly, so .htaccess allows you to modify some of the popular settings in the httpd.conf.

Now, if you are an evil person you might be thinking to your self now I will learn how to ruin a server (mwahahahaha). Using .htaccess will only affect the folder you put it in its sub folders, so to bad.

Oh, if you don't already no .htaccess is the file you will use to enter the commands so create a file .htaccess it is just .htaccess not filename.htaccess just plain .htaccess. I would recommend you create the file in the control panel that your webhost has given you to edit your site, not a ftp client because some ftp clients won't display the .htaccess file.


Popular uses for .htaccess.

Some popular uses for .htaccess would be:


    Error Documents
    Redirects
    Prevent files from being (Hot Linked)
    Prevent Directory Listing
    Blocking Certain IP's/Sites
    Password Protecting Your Directory's
    Change your default page



Error Documents

Ok, first of all we will work with error documents. These can be very handy and a neat aspect to your website, might also be useful in keeping track of missing pages.

I am sure you have noticed trying to get somewhere on the internet that the page was not found (doesn't exist) in web terms we call it a 404 error. Using apache you can have the server redirect visitors that encounter a 404 error on your domain (www.yourdomain.com/somerandompage) having the somerandompage not exist you could have them redirected to an error page lets just for now say 404.html. Where 404.html could have your sites template then have it say sorry this page does not exist or something.

So in our .htaccess file lets enter this:

Code:

ErrorDocument 404/404.html


that is assuming the the 404.html is in the same directory at the .htaccess page. For other directory's change it to:

Code:

ErrorDocument 404 somedirectory/404.html


Now, there are other error codes many more they ones usually used in error pages and the ones I will be teaching you about here are: 500, 404, 403, and 401.

500 is a Internal Server Error message usually caused by an issue with a server setup. 403 is a Forbidden error the most usually causes for this error is when a user try's accessing a directory without a default page and directory listing disables, for example http://www.somesite.com/somedirectory/ with the previous things happening would bring back a 403 error. 401 Authorization Required this is Shown when a failure to login to a .htaccess password protection system, which you will learn how to setup later.

So if we were to setup error pages for all of these our .htaccess file would look like this:

Code:

ErrorDocument 401 401.html
ErrorDocument 403 403.html
ErrorDocument 404 404.html
ErrorDocument 500 500.html



Redirects

Redirects can be useful because their are downsides to meta redirects the most common type of redirect that aren't in .htaccess redirects.

Lets take a look at the following code:

Code:

Redirect olddirectory/oldfile.html http://yourdomain.com/newdirectory/newfile.html


If we place this in our .htaccess file if someone try's visiting the oldfile.html then they would be redirected to http://yourdomain.com/newdirectorys/newfile.html so the three parts to the redirect are Redirect then a [space] the old file [space] where to redirect.

Some Notes: the file or directory doesn't have to actually exist.


Prevent files from being (Hot Linked)

For those of you that don't know the meaning of Hot Linking. Hot Linking refers to someone linking directly to a file not on there own server.

Scenario:
Say site1.com and site2.com are on two differen't servers. site1.com has two files in there main directory logo.png and styles.css, ahh what the heck lets add in a functions.js. Now site two has a web page on it webpage.html in webpage.html is this:

Code:

<html>
<head>
<script
language="javascript" src="functions.js"></script>
<link rel="stylesheet" type="text/css" href="http://www.site1.com/styles.css" />
</head>
<body>
<img src="http://www.site1.com/logo.png" />
</body>
</html>


So, as we can see in this scenario site2.com is linking directly to the image on site1.com same with their .js and .css file. This is the process of hotlinking and many webmasters don't like people doing this to files on their servers. The reason is this takes up bandwidth/transfer on the server that contains the files. For more information on bandwidth do a google search.

Now to prevent people from being able to link to your files say you were site1.com you would have a .htaccess file with this in it:

Code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(png|js|css)$ - [F]


Now, before you have a brain melt down, I know this is complicated you don't need to learn what all that does right now as long as you just want to use it to stop hot linking. So for you would change yourdomain.com to whatever your domain is. Then on the last line (png|js|css) these are the file types we don't want to be able to be hot linked. You can add more file types to that by simply separating it with a | like this if we wanted to add jpg (jpg|png|js|css).

Ideas:
Here is a cool technique to drive the person that is hot linking your images from your site crazy. Using this it will allow you to replace images with a differen't image on your server maybe a image that says No HotLinking!

Code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.mydomain.com/angryman.gif [R,L]


Same idea just replace yourdomain.com with your domain but on the last line change the url to the image on your site you want it to substitute. Now with this knew capability I am sure you can figure out a way to ruin the site but I am not going to show you how Razz.


Prevent Directory Listing

You might be thinking, what is Directory Listing. Well directory listing which you have probably seen on sites before is where all the files in a directory are displayed because the default for that file is not there, usually index.*. Note this isn't suppose to happen most server have this disabled for security reasons usually to solve this you create a plain index file. Using .htaccess we can prevent apache from displaying the directory files for servers that haven't been configured to prevent this.

Lets take a look at the following code:

Code:

Options -Indexes


Pretty simple, this will just disable directory listing completely. Now if you haven't already guessed if you want to display a directory then you would.

Code:

Options +Indexes


You can also customize what files to display so lets say we don't want to display any files that are .php or .png but we want to display all other files we would do this:

Code:

Options +Indexes
IndexIgnore *.php *.png


Note: remember don't allow people to see files that could compromise your websites security.


Blocking Certain IP's/Sites

Have you got a visitor which is wreaking haveck on your site? Maybe, they are posting nasty comments on your public comment system well using .htaccess we can block them from your site atleast there ip address, they might start using proxy's or use a different computer and they could get past this but at least it makes it harder for them.

Let's take a look at the following piece of code:

Code:

order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all


Now if we added this to the .htaccess file we would be banning all the ip address 123.45.6.7 and 012.34.5.* the star in the second address wild card means that any thing in that block will be blocked like 012.34.5.0, 012.34.5.1, 012.34.5.2, 012.34.5.3, etc.

Now lets say we want to deny from all but one IP address then we would use this:

Code:

order allow,deny
allow from 123.45.6.7
deny from all


Now we would be allowing only the IP address 123.45.6.7 to visit the site if you are unsure what and IP address is google it.

You can even block sites from visiting your site I am not exactly sure how this would be helpful though.

Code:

order allow,deny
deny from .google.com
allow from all


This would block google.com from viewing your site. and any sub domains such as gmail.google.com. Just change the .google.com to the site you want to block.


Password Protecting Your Directory's

You may want to protect a directory on your site but don't know how to one of these solutions, usually other solutions using php, asp, or even javascript would be very complicated to create.

With .htaccess we can create a protection system which simply prompts the user for a user name and password on entering the directory or any files in it, you may be asking your self do I really want the user to have to login over and over again to visit pages in a certain folder? Well don't, using this it will keep that user logged in the whole time their browser is open so they will only have to log back in if they exit their browser. There are other conditions which could cause the user to have to log back in but for simplicity I'll just say they have to log back in if they exit there browser.

Using .htaccess protection is usually more secure than other solutions like php or asp.

Lets take a look at the following code:

Code:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/cr3ativ3/domains/oypanel.uni.cc/public_html/development/.htpasswd
AuthGroupFile /dev/null
require valid-user


Let's look at the first line AuthName "Restricted Area" This is the name of the prompt that pops up when the user visits the directory so in this case it would say Restricted Area. Let's skip a line and look at this line AuthUserFile /home/user/domains/yourdomain.com/public_html/securedir/.htpasswd this is the 'absolute path' to our password file which contains the user name's and password's for the users that are able to log in to the prompt.

Now your probably wondering how to find your absolute path I made a neat little tool that you may use to find this. Just create a plain .php file on your server where you want to put your .htpasswd file then paste this into the file:

Code:

<?php
echo $_SERVER['SCRIPT_FILENAME']
?>


That will give you the absolute path to the .php file just change the filename at the end to .htpasswd.

Now let's look at the contents of the .htpasswd file which you should have created at the same location the absolute path points to.

Code:

tutorialuser:ZH1Lxn1bE.b6k
tutorialuser2:bf1VWZNWQC8lw


As you may have already guessed what is before the : is the username and what is after it is the encrypted password, your probably asking yourself how do I know the encrypted version of my password. Well, there is a neat script at javascript kit for creating the .htaccess and .htpasswd file for password protection here is a link: http://www.tools.dynamicdrive.com/password/

Note: As I was talking about in the error pages section the 401 error is the error that occurs if the user exits the login without loging in. So you can create a page for that.


Change Your Default Page

Many of you if you have worked with websites even the simplest/worst of them you will know what a Default Page is, if not a default page is the page that is called up when just the directory is called. For instance on most servers index.* is the default page so when you visit www.yourdomain.com it would really show you www.yourdomain.com/index.*, same would happen if you visited www.yourdomain.com/directory/ it would show you www.yourdomain.com/directory/index.* (*) being the extension of the file.

Let's take a look at the following code:


Code:

DirectoryIndex default.html default.htm default.php default.asp default.htm


Pretty simple I am sure you understand this but if not.., this would just set the default directory to default.html instead of the usual index.html we have also appended names to it so if there is no default.html then it would use default.htm and if no default.htm could be found then it would use default.php and so on... if you want to add names just separate them with a space and it selects which one to use by the order of the list.


Conclusion

Look were already at the conclusion of the tutorial Razz so I would just like to point some things out again if I haven't already.

Certain servers that are set up incorrectly or just plain bad will allow a visitor to view the .htaccess file directly from there browser which can be a security risk if your using password protection so just stick this at the top of your .htaccess file to prevent this:

Code:

<Files .htaccess>
order allow,deny
deny from all
</Files>


.htaccess will effect the directory it is put in and any sub directory's if you don't want it to effect a directory below it just put a .htaccess file in that directory. (the nearest.htaccess file to the directory it uses).

.htaccess does use apache and can cause the server to slow down so make sure you ask your host before using .htaccess you don't want to get iin to trouble.

.htaccess only works on servers that are running apache as the server software most web hosts use apache.

Use .htaccess sparingly.

And most of all have fun.

Also, just before I leave you with this I would like to post a .htaccess file for a site that someone might find useful for a site.

Code:

<Files .htaccess>
order allow,deny
deny from all
</Files>

ErrorDocument 403 403.html
ErrorDocument 404 404.html
ErrorDocument 500 500.html

DirectoryIndex default.htm default.html default.php

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|png|bmp|js|css)$ - [F]

IndexIgnore *


Thank, you for reading this very very very long tutorial. If you see any errors or run into a problem please just post I will see if I can figure it out.
brokenadvice
Great tut. I think I will have to try the image redirect Wink
cr3ativ3
Glad you liked it Wink
futurcat
Great tutorial. Next time I need to play with that I will read this first. So far I was always reverse engineering other files when needed to do one. That is not bad by itself, but learning upfront is better.
Pande
I'd seen this file on other websites and had no idea what it does. I just learned so much from this thank you!
dustindallas
Nice tutorial Smile
Related topics
FDisk Tutorial
htaccess Password Protection
.htaccess tutorial
CANT UPLOAD .htaccess, .htpasswd, .header, .footer
Tutorials
C++ TUTORIAL : INTRODUCTION TO C++
Complete Tutorial LINKS for every language
Hosting Layout Tutorial
[PhP] News Posting Tutorial (code, actually ^^')
CUSTOM ERROR PAGES
Carl's Start-to-Finish Professional Website Tutorial
Master Tutorial on SEO
AJAX tutorial [2nd part now updated]
htaccess Problem
Reply to topic    Frihost Forum Index -> Miscellaneous -> Tutorials

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.