.htaccess files - What are they and ho to use them? Part 1

Write your "How To" regarding anything you are comfortable with and you feel it will help the forum members.

NOTE :: All threads started here will appear only after the approval from Administrator
Post Reply
Flipper3
Posts: 353
Joined: Tue Feb 28, 2006 12:34 am

.htaccess files - What are they and ho to use them? Part 1

Post by Flipper3 »

I will be discussing .htaccess files with you and how they can help protect you, remove clutter, and make your directories a lot more organized.

What is a .htaccess files?

According to Wikipedia a .htaccess file is a "hypertext access" and "is placed in a particular directory, and the directives in the .htaccess file apply to that directory." It also "provides the ability to customize configuration for requests to the particular directory," which is key in maintaining a successful website and to limit which users can enter where.

Source: http://en.wikipedia.org/wiki/.htaccess

How to start a .htaccess file?!?

In order to start a .htaccess file you need to create a new file in your cPanel File Manager and make sure to place the .htaccess file in the appropriate folder. However, after you make the file, the cPanel File Manager does not display the file so what you need to do is edit another file and then when you have the option to change the file location at the top change that to the location of your .htaccess file. Here is an example:
/home/username/public_html/admins/.htaccess
Then hit, open. From there you can edit your .htaccess file.

Restricting Access

With .htaccess files you can restrict access globally, allow access globally, or even allow/restrict per ip address. This means that you have a lot of flexibility when it comes to this matter. Firstly, you need to declare the order that the file will be read.

You need to either choose:

Code: Select all

Order allow,deny
or

Code: Select all

Order deny, allow
I will cover the difference between these two later on.


Next, you have lots of options from here.
Your Options
-Allow from all
-Deny from all
-Allow a certain ip
-Deny a certain ip
Now, the allow a certain ip is only necessary whenever you have deny from all set up and vice versa. (Basically, you do not have to allow or deny each ip if you have already allowed/denied all.)

So next, let's put these in our .htaccess file. If we want to allow from all or deny from all then just put that in there. However, when allowing/denying a certain ip you need to do it in this format:

Code: Select all

Allow from ****.****.****.****
Deny from ****.****.****.****
(But of course replace the x's with an ip address.)



Now, back to what the order does. If you do the order allow, deny then the allow's will be looked at first then the deny's and vice versa with the other way. So for example:

Code: Select all

Order allow,deny
Deny from all
Allow from all
In the above example, the user would be denied, but in the below example the user would be allowed.

Code: Select all

Order deny, allow
Deny from all
Allow from all

So what does this denying do to the user?

Simple, it gives the user a 403 error; hence the outcome of the error: (Forbidden: You don't have permission to.....)

And what about the allowing; what does that do?

Once again, simple, it allows the user to have access to any of the files in that directory.


Setting Error ****

With a .htaccess file you can also set a link to an error ****. This means that you can create your own error page or just send the user to a different link whenever they receive the error. This is a pretty handy tool that I use on my website since I don't want to have an external error page, but want it to be incorporated with my site's design/content management system. Here are some examples of how to do this:

Code: Select all

**** 404 http://www.domain.com/index.php?page=error&c=404
**** 403 http://www.google.com
Yup, it's just that simple to do. :)


I have an images folder and want the users to be able to access the images, but don't want to show the directory list!!!

Here is another really neat trick that .htaccess files allow you to do. You can do just what was asked for in the bold.

Code: Select all

Options -Indexes
The above will still allow users to access the files in the directory, but they will not be able to see the list of them when going to the link; instead they will receive a 403 error. (And if you setup the error **** then they will be sent to that link.)
And of course there is always an opposite to that:

Code: Select all

Options +Indexes
In this example, the users can access the files AND see the directory list.



How great is this really?

All in all, a .htaccess file should be placed as needed, which is most of the time, and it is very good at keeping out users, but remember it only limits users by ip address and people can easily bypass that so therefore a .htaccess file shouldn't be used as a banning system on a website. Instead you should ban that username and then use the .htaccess file for ip bans and just like on all other websites the ip bans will not always work due to work-arounds on the user's end.

What should my .htaccess file look like now?

Well you beat me to it....I was just going to give an example. Here is an example of a .htaccess file from what was discussed today:

Code: Select all

Order allow, deny
Allow from all
Deny from ****.****.****.****
Deny from ****.****.****.****

**** 404 http://www.mywebsite.com/index.php?page=error&c=404
**** 403 http://www.mywebsite.com/index.php?page=error&c=403

What's coming in the next part?

-How to redirect all http://domain.com traffic to http://www.domain.com.
-Some code to stop the bad bots that eat up bandwidth for no reason.
-Whatever you want! Just give me requests by sending me a personal message containing some information you want clarified, something that you heard about but don't know how to do, or whatever else you want to know about .htaccess files!


SHAdmin
Posts: 2089
Joined: Sat Dec 18, 2004 11:28 am
Contact:

Post by SHAdmin »

That is a very helpful How To.

Your account has been credited with 40 points for sharing it.
Post Reply