There is a lot of confusion when it comes to
.htaccess. This section is meant to resolve those confusions and make
.htaccess understandable to even the newest user. When most people think
about .htaccess or hear about it they think of user authentication. In
fact, .htaccess can be used for many different useful things, so many in
fact, you'll wish you knew more about .htaccess earlier on. Well maybe.
After reading this guide on .htaccess you will feel confident about
creating your own .htaccess files and using beginner to intermediate
directives. Here is a brief overview of what will be discussed:
But first, let us discuss how .htaccess works and is applied to the file
structure of a Web Server. The great thing about .htaccess is that it
can be directory specific or directory all-inclusive, which simply means
that an .htaccess file can be applied to one directory or a multitude
of directories. Take the following [figures] for example:
figure 1.
domain.com/.htaccess
figure 2.
domain.com/images/.htaccess
domain.com/scripts/.htaccess
figure 3.
domain.com/images/A.htaccess
domain.com/images/hires/apples/B.htaccess
Knowing that .htaccess files control the directory in which it is in and
the directory's sub-directories, File A, controls the image directory
and the hires sub-directory. If file A happend to be the only .htaccess
file, it would control the apples directory as well. But, in this case,
File B controls the apples directory and any sub-directories that may be
in it.
Now that you know the very basics let's move on to some of the features.
Don't worry, the features will increase in difficulty but as they do
you will build core platform of understanding how to make .htaccess
files work for you.
Custom Error Pages
We've all seen them on our own website and other's. Yes they serve a
great purpose by notifying us of varying issues but they also look very
dull. In an era where keeping visitors within the confines of your
website at all times is soo important, .htaccess files can help you turn
a potentially dull moment(seeing an error page) for a visitor into a
better experience.
figure 1.
figure 1.a
ErrorDocument 404 /404error.html
The / in the above example represents your public_html folder.
figure 1.b
ErrorDocument 404 http://www.otherdomain.com/404error.html
Redirects
Redirects are another great thing .htaccess can do for you. You have to
be careful though... otherwise you can create an infinite loop which
could mean Ultimate Mayhem Death and Destruction for your Server.
Figure 1 will show you the correct way to redirect pages and Figure 2
will show you an easy way to get your account suspended for not being
careful.
figure 1.
Redirect /images/ http://www.domain.com/gallery.html
The first / in the above example represents your public_html folder. In
this example, any call to any file in the image directory or any of its
sub-directories will be redirected to
http://www/domain.com/gallery.html. If you want to be creative you can
even redirect users to different files like mp3s telling them they
shouldn't be nosing around in your images directory etc...
figure 2.
Warning: The following is an example of
what you should NOT do. The following creates an infininte loop and can
cause excessive cpu load depending on certain circumstances.
Redirect /images/ http://www.domain.com/images/
The first / in the above example represents your public_html folder. In
this example, any call to any file in the image directory or any of its
sub-directories will be redirected back to the images directory causing
an infinite loop.
Block IPs
Every once and a while and for some people more than others, there are
people that like to cause trouble and or countries that are known for
causing trouble. With .htaccess you can block individual IP addresses as
well as a range of them. Although, like every singe security measure
there is no guarantee of 100% protection. However, if you'd like to know
hwo to block IP addressses through .htaccess please proceed.
figure 1.
order allow,deny
deny from 104.123.8.
deny from 104.123.8.120
allow from all
The above example will block access from IP addresses 104.123.8.0 to
104.123.8.120. Be careful though, you don't want to block out a huge
chunk of your audience unintentionally.
Disable Hot Linking and Fight Back
Most webmasters have fallen victim to hot linking somewhere down the
line. Heck, most of us are even guilty of it (e.g., linking to an image
on another website for a forum/profile post). The Linkage adds up and
translates into wastes bandwidth/money. The most common/popular form of
hotlinking occurs with images. A growing trend in this day an age is
hotlinking .js and other related scripting files. While the file sizes
of scripts may be lower than most of images, hotlinking still affects
the server that is being used and getting nothing in return.
Through .htaccess there are ways to block all sorts of file-types from
being hotlinked. This includes, images, music files, scripts, and
movies. To preven hotlinking through .htaccess you must have mod_rewrite
enabled on your server.
figure 1.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourwebsite.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]
Line 1: Establishes that the Rewrite Engine should be on.
Line 2: Establishes that any referrer is barred from hotlinking.
Line 3: Establishes your Domain name.
Line 4: Establishes the file-types to prevent hotlinking. Currently,
gifs, jpgs, js scripts, and css files are blocked from hotlinking. You
could easily add mp3 to the list. Line 4 would then look something like
this:
RewriteRule \.(gif|jpg|js|css|mp3)$ - [F]
Wait... didn't this topic mention something about Fighting Back? Oh yes,
yes it did. You can set .htaccess to recognize a hotlinking attempt and
instead, serve alternate content chosen by you. You can surprise your
attacker by linking to any url. Perhaps you want hotlinkers to see a
disturbing image or one that links back to your site. Maybe, you want to
get a little creative and have an mp3 play of how angry you are with
someone trying to steal your bandwidth. All of this is possible with
.htaccess.
figure 2.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourwebsite.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css|mp3)$ http://www.yourwebsite.com/middlefinger.gif [R,L]
Line 1: Establishes that the Rewrite Engine should be on.
Line 2: Establishes that any referrer is barred from hotlinking.
Line 3: Establishes your Domain name.
Line 4: Establishes the file-types to prevent hotlinking. And, redirect link to alternative media.
Change Default Index Page
.htaccess has a little known feature that lets you change the name of
the default index page. Even if you have just been designing websites
for a small amount of time, you know by know that the default name of
the main web page is index. It just so happens that you can change it to
whatever you want. Maybe you want to change your default main page name
to darkchocolate.
figure 1.
DirectoryIndex darkchocolate.html
Line 1: Establishes that the default main page
is now set to darkchocolate.html. If you'd like to expand the
extensions you could do something like this:
DirectoryIndex darkchocolate.html darkchocolate.htm darkchocolate.php